Splunk Search

Ask a Question

Discussions

Thread Info

How to search stats count of 60,000 Session_ID's by Status without typing each Session_ID value?

Good Afternoon, I have a simple search. Normally this would be: sourcetype=j_s_i Session_ID=000002b89784b98e91b...

by Engager in

Trouble figuring out how to do a lookup

I have a bunch of log files which as part of the first 4 lines or so sends a handshake in the form of 2014093009...

by Path Finder in

To what extent we can customize app if application.css is ignored on Splunk 6.0 and above?

Hi Experts, I am aware that we can create and customize a new app and as per below document http://docs.splunk...

by Builder in

How to count XML filenames by prefix, count filenames without a prefix, and add the column totals for a custom time range?

I have a field "filename" which is an xml going through a component. I want to count the number of them with a specif...

by Explorer in

Splunk sorting on Index time of splunk

Hi , I am trying to search a string which I want to be sorted on the basis of Splunk index time , which is very us...

by Explorer in

How To Table The Average Of A Field Created Using Eval?

I have in my index field StartTime and EndTime I used this command to create the duration: index=Main Channel=* St...

by Contributor in

User searching an index they do not have access to via an app or form

I assume the answer is no, but wanted to ask to verify. I do not want to give a user access to an index, because I...

by Communicator in

Why is the Search app time range picker defaulting to 2001, even if I specify another date and time?

Hi, I used to set specific date and time range while doing a search in splunk however it started setting 2001 as t...

by Engager in

Why am I getting "Error fetching event from search peer" when searching for a specific sourcetype?

Hi, searching for a specific sourcetype I get the message ### ERROR FETCHING EVENT FROM SEARCH PEER ### What c...

by Path Finder in

how to skip a fixed number of characters after a conditional keyword

I have a log that looks like that : create message w-OtYwP8QD2WcAkmUgZEgg from DB and add it in the map. create me...

by Explorer in

regex help text and numeric value

Hi, I have a following text coming in splunk abcd, 2000-01-10 10:40:43, P:welcome, welcome_to_all, 0, 2000-01-10 1...

by Explorer in

Calculate duration of downtime if three or more consecutive events are marked down within an hour...

Hi, I am trying to make a service downtime calculation based on the following rules: If the service has the statu...

by Explorer in

Can I do undo for search key words in Splunk 6?

Hi there, I remember I could do undo by pressing command+Z in OSX to go back to the previous search term in Splunk...

by Motivator in

How to write regex to filter out UUID before stats count in a search?

In my logs, I have a variable req that contains a REST request which includes an UUID. How do I remove the UUID so th...

by Path Finder in

Is it possible to use earliest twice in one search?

will it work: (earliest=-1d@d latest=@d sourcetype=a) OR (earliest=-1d@d sourcetype=b) ?

by Communicator in

Hi, I am facing problem with multiple subqueries in timechart. it is not showing the value for _time field.

Query "index=idx1 sourcetype=src1 sender="xyz" | timechart count as res1" showing results properly, and Query "in...

by New Member in

Error "Splunk cannot find "data/ui/nav/default"."

Hi Experts, I have renamed my app. Earlier it was "Search" and I have renamed it to "Prod Search". I just renamed ...

by Builder in

Why am I getting no results using Splunk JAVA SDK to run a search query with the stats command?

I am trying to use the JAVA Splunk SDK to run a query and return the results. I can get the events of the search retu...

by Path Finder in

creating Line chart with two custom fields

Hello, I am quite new using Splunk and I have a question, that might be already be solved before, but I just want to ...

by Explorer in

How do I include fields from a subsearch to the main search results table?

I have a search with one subsearch, that looks like this. sourcetype=sourcetype1 <search string> [search sourcetyp...

by Communicator in

range status

how do i use range to display green tick or red cross for the following index=xx sourcetype="yyy" State!="On" ...

by New Member in

Manipulating data using conditionals, eval, or custom commands?

We have enterprise data which we are querying and running through some 'hypothetical' business situations. So, ideall...

by New Member in

How to calculate the average number of events with errors by field name?

I am trying to calculate the average number of errors by calculating events(with error)/total events. Here is my que...

by Explorer in

How to configure regex for transforms.conf and props.conf to send specified IIS data to nullQueue?

Trying to dump off what seems like a simple thing to do from raw iis logs. just want to not allow this to index: cs_u...

by Path Finder in

How to write regex to extract and index a field enclosed in quotations after a known string?

I have a set of logs which wasn't automatically parsed when indexed into Splunk. I would like to extract a field ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to search stats count of 60,000 Session_ID's by Status without typing each Session_ID value?

Trouble figuring out how to do a lookup

To what extent we can customize app if application.css is ignored on Splunk 6.0 and above?

How to count XML filenames by prefix, count filenames without a prefix, and add the column totals for a custom time range?

Splunk sorting on Index time of splunk

How To Table The Average Of A Field Created Using Eval?

User searching an index they do not have access to via an app or form

Why is the Search app time range picker defaulting to 2001, even if I specify another date and time?

Why am I getting "Error fetching event from search peer" when searching for a specific sourcetype?

how to skip a fixed number of characters after a conditional keyword

regex help text and numeric value

Calculate duration of downtime if three or more consecutive events are marked down within an hour...

Can I do undo for search key words in Splunk 6?

How to write regex to filter out UUID before stats count in a search?

Is it possible to use earliest twice in one search?

Hi, I am facing problem with multiple subqueries in timechart. it is not showing the value for _time field.

Error "Splunk cannot find "data/ui/nav/default"."

Why am I getting no results using Splunk JAVA SDK to run a search query with the stats command?

creating Line chart with two custom fields

How do I include fields from a subsearch to the main search results table?

range status

Manipulating data using conditionals, eval, or custom commands?

How to calculate the average number of events with errors by field name?

How to configure regex for transforms.conf and props.conf to send specified IIS data to nullQueue?

How to write regex to extract and index a field enclosed in quotations after a known string?

.conf25 Community Recap

Splunk App Developers | .conf25 Recap & What’s Next

Congratulations to the 2025-2026 SplunkTrust!

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions