Splunk Search

Ask a Question

Discussions

Thread Info

How to calculate time elapsed for (concurrent) transactions across multiple servers?

I've been looking around the forums, but nothing seems to quite cover what I need. We are currently logging stats ...

by New Member in

Can we have line and column in a single chart

Hi, I have 2 data points and i would like to show one as line and other one as column chart. is it possible? any s...

by Contributor in

Windows text editor with syntax highlighting for Splunk conf file?

Hello can anyone recommend a Windows editor that has syntax highlighting for Splunk .conf files? Also if possible one...

by Champion in

Get count of rows from a value which is a part of the message in the log file

Our requirement is to get the count and location of a build that has been downloaded multiple times from one source f...

by New Member in

How to write a search query to list top 3 cpu consuming windows processes per host?

Hi, I have around 100 windows hosts monitored by splunk server(6.0.1). I'm struggling to find a query which would ...

by Explorer in

Can I append results from 2 different sourcetypes?

Hi, I am trying to append results from 2 different sources and i am not seeing results populated especially for th...

by Contributor in

How to combine same Field1 values and sum corresponding Field2 numeric values?

Hello, This is difficult to explain, however, what I am trying to do is take the following: (field 1=Name, Field 2...

by New Member in

How to extract and create new sourcetypes at index time from logs in syslog format?

Can you please help us, how to extract the sourcetype (like access_log format with all fields) from the below pattern...

by Builder in

Why line and area chart are not available trying to create a pivot?

Hi there, I prepared data model for a pivot - it based on sql query. Data model contain with Root search and some...

by Explorer in

'stats' command: limit for values of field 'par_ID' reached. Some values may have been truncated or ignored.

Hi, I have a csv file where I list certain column field using the following search query: sourcetype=csv| ...

by Builder in

Combining searches

Hello, I want to combine some search results. I have one base search from there I need to do several searches, but...

by Path Finder in

How to combine data in a table from two or more sourcetypes?

Hi I have data in 3 sourcetypes where all fields named differently. I need to combine it to show in one table. Can yo...

by Path Finder in

colour format in chart based on the list

Hi, I have a table DATE AMOUNT 07/22/2014 1000 07/23/2014 2000 08/01/2014 500 and so on. I have to get a bar...

by Explorer in

How to use Stats and Eval to count how many times "Microsoft" is included in the OS?

I am reading nessus discovery scan logs and the way nessus formats their data is by separating fields by events. They...

by Explorer in

How to change string from csv file to date format for proper sorting in search?

I have data that was imported from a .csv file. One of the field in the .csv file is called "date". However, when Spl...

by New Member in

How to add the values of a multi-value field with a count value?

Hello!!! I was looking for ways to add the values of a multi-value field (c_user) with the value of count, which ge...

by Contributor in

How to exclude counts (stats count by) with a flat table format?

Weird one. I have a query that requires a flat format output with table; index=foo | table name product publisher ...

by Communicator in

How to subtract times for different events

Hi, i have multiple events for each order and i want to subtract start and end events for each order. So i have cr...

by Contributor in

How to track maximum overlapping transactions?

I maintain a set of charts that keep track of REST APIs which create and delete resources (documents). In this partic...

by New Member in

4.3 multiple flashtimeline panels

I have a dashboard that worked fine on 4.2 but no longer renders properly on 4.3. It has multiple flashtimeline panel...

by Engager in

How to remove text from host name in search results?

Hey Splunkers, I have a search that is successfully returning search results as needed, however, I'd like to clean up...

by Contributor in

How to extract fields with empty values at index time?

In our logs, we have the below two lines where we need to extract both empty & values for Dms_Code. Currently we are ...

by New Member in

How to create a report only showing values for 4 fields?

Greetings, I'm trying to create a report that only shows 3 things in a search. I need to be able to not show everythi...

by New Member in

How to remove user info events from Splunk?

Can you please tell us, how to scrub remove events from Splunk indexed data (index="idx" and source="error_log"). We ...

by Builder in

REX with a variable rather than a string

Hi I have a large chunk of raw data from one of my servers and am trying to filter the data down using a multiple ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to calculate time elapsed for (concurrent) transactions across multiple servers?

Can we have line and column in a single chart

Windows text editor with syntax highlighting for Splunk conf file?

Get count of rows from a value which is a part of the message in the log file

How to write a search query to list top 3 cpu consuming windows processes per host?

Can I append results from 2 different sourcetypes?

How to combine same Field1 values and sum corresponding Field2 numeric values?

How to extract and create new sourcetypes at index time from logs in syslog format?

Why line and area chart are not available trying to create a pivot?

'stats' command: limit for values of field 'par_ID' reached. Some values may have been truncated or ignored.

Combining searches

How to combine data in a table from two or more sourcetypes?

colour format in chart based on the list

How to use Stats and Eval to count how many times "Microsoft" is included in the OS?

How to change string from csv file to date format for proper sorting in search?

How to add the values of a multi-value field with a count value?

How to exclude counts (stats count by) with a flat table format?

How to subtract times for different events

How to track maximum overlapping transactions?

4.3 multiple flashtimeline panels

How to remove text from host name in search results?

How to extract fields with empty values at index time?

How to create a report only showing values for 4 fields?

How to remove user info events from Splunk?

REX with a variable rather than a string

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions