Splunk Search

Ask a Question

Discussions

Thread Info

How to search the count of a single event for a user per day and sum over the period of a week?

Howdy from Dallas Tx, I'm a new Splunk user and I'm fighting with search. I am using a subsearch that returns a subs...

by Explorer in

How to get distinct values of one field by another field

the below search will give me distinct count of one field by another field some search | stats dc(field1) by field...

by Explorer in

How to extract string value and use comparison operators in a search?

Hi I am new to splunk I wanted to extract data from logs that have a particular string with a value and only return ...

by New Member in

How to split results which are combined in a table and export to a csv?

Hello I have few results which look like below in a table command. They are the values which are extracted from th...

by Motivator in

How to calculate what percentage of bytes are Java stacktraces of indexed Java application logs?

We are currently indexing logs from various Java applications. Does anyone know of some way we can calculate how much...

by New Member in

How to make a barchart with start time, duration by resource

Hi. I would like to make a bar chart, where date/time is on the X-axis, and the resource is the Y-axis, the bar sh...

by Contributor in

How to search and sum the total size of files per year?

Hi Guys, i wrote a script that reads the MetaData of Files in an NTFS Filesystem (like Creation Date, Last Access ...

by Contributor in

How to search and extract the correct value from duplicate keys in an event?

Hello, I have a lot of events indexed which contain the following line: |ip="0.0.0.0" foo="bar" ip="174.34.166.10" ti...

by Explorer in

Creating a table that shows the number of times a variable is a given value

Newbie to Splunk and trying to resolve the following issue. Here's my search string: index=ipdirectindex |eval DO...

by Path Finder in

Is it possible to use a token variable in a search to output a lookup table value?

Hey folks, I had an idea, but am not sure if it can be done in Splunk. I want have a dashboard where you can enter...

by Communicator in

Rex not extracting expected value

Utilizing web logs, I am trying to extract via rex, all text after the last / of the URL field and put the text into ...

by Builder in

How to get the count of events in a bucket on a particular indexer?

I'd like to be able to get a count of the number of events in a bucket on a particular indexer. Is there a binary for...

by Explorer in

How to prevent data model search string from being shown after clicking on pivot based pie chart?

I have a dashboard that contains a number of pivot based charts. E.g. | pivot analytics my_events count(my_events...

by Path Finder in

How to change column colors in a chart based on a duration value?

I have a search that compares values in two files and comes up with duration it took to process a job. index=...

by Explorer in

Creating alarms based on differences in stats output

Greetings! Right now we're monitoring connections between internal IPs and external IPs using our proxy log input....

by Explorer in

How to to show milliseconds with table _time in Splunk 6.x?

unable to find millisec in table _time in splunk6, used to be available before splunk 6

by Explorer in

Why stats count does not return results after filtering indexed data with lookup?

I have a lookup (person, manager) that looks like this (lookup flatorg): 1,2 fk,ry op,ry and a sourcetype that loo...

by Explorer in

How to write regex to extract a field's values and pass them to a new field using rex?

How can I use the value from a field named geog in the regular expression passed to the rex command? In the example b...

by Explorer in

Why am I getting inconsistent results when using a different search date range for the same record in Splunk 4.3.2?

Hi While running a search for a specific record in a specific date (tagged as WT_vt_sid) i get one result with value ...

by New Member in

Simple search dashboard element

Hi We have just started using splunk with real data in my organisation, and to a start we're only using it to show...

by New Member in

REST lookup functionality

Is there any functionality (built-in to Splunk, or that someone has created custom) to do lookups to an external REST...

by Builder in

How do I exclude a subnet from a search using CIDR notation?

How do I exclude a subnet from a search using CIDR notation? For example, I have this search: "%ASA-4-733100" OR "...

by New Member in

Need to get splunk server names with host count

Hi All, Need to get the host count with splunk_server names by using the search queries, i have used below but its...

by Path Finder in

How to use join to identify calls to Country A followed by calls to a list of other Countries?

I am trying to identify calls from an originating number where a small number ie 1 or 2 are first made to country A f...

by Path Finder in

いくつかのvalueを一つにまとめたい

nameというフィールドに、同じappAという名前が、「app A」、「app a」、「App A」などのようにいくつかvalueの入力方法が異なってしまい、stats countした際に別のものとして認識されてしまいます。 eval...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to search the count of a single event for a user per day and sum over the period of a week?

How to get distinct values of one field by another field

How to extract string value and use comparison operators in a search?

How to split results which are combined in a table and export to a csv?

How to calculate what percentage of bytes are Java stacktraces of indexed Java application logs?

How to make a barchart with start time, duration by resource

How to search and sum the total size of files per year?

How to search and extract the correct value from duplicate keys in an event?

Creating a table that shows the number of times a variable is a given value

Is it possible to use a token variable in a search to output a lookup table value?

Rex not extracting expected value

How to get the count of events in a bucket on a particular indexer?

How to prevent data model search string from being shown after clicking on pivot based pie chart?

How to change column colors in a chart based on a duration value?

Creating alarms based on differences in stats output

How to to show milliseconds with table _time in Splunk 6.x?

Why stats count does not return results after filtering indexed data with lookup?

How to write regex to extract a field's values and pass them to a new field using rex?

Why am I getting inconsistent results when using a different search date range for the same record in Splunk 4.3.2?

Simple search dashboard element

REST lookup functionality

How do I exclude a subnet from a search using CIDR notation?

Need to get splunk server names with host count

How to use join to identify calls to Country A followed by calls to a list of other Countries?

いくつかのvalueを一つにまとめたい

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions