Splunk Search

Discussions

Thread Info

How to group together events based on their relative distance in _time?

Hello All, I'm trying to figure out how to group certain events together if they happen within 1 second of each ot...

by Builder in

How to extract date and time in Splunk?

I am having problems getting splunk to recognize date/time. The txt file I am extracting data from has multiple sourc...

by Path Finder in

Cascaded search with tabular data

Given a normal http log I want to be able to use the tabular data (or list) from one search as criteria in a second s...

by Path Finder in

Regex in inputs.con

Hi. I have this "problem": I get files delivered into the same folder containing the same data, but with different fi...

by Engager in

Take an average of values in a cell from every four rows

Hi, I have a CSV file, which looks as follows: ID time value parameter 1 0000-0015 12 param1 1 0015-0030 3...

by Builder in

DB input configuration setup for oracle database

Hi , I recently installed DB Connect and I am setting up a new DB input to index db space used in Oracle. Please see ...

by New Member in

Adding Outputs of a Search to Timechart

Hi All, I'd like to add duration and last weeks avg duration values in to timechart to help display time better, h...

by Builder in

Splunk PDF export issue with "empty" pdf

Actually the view below shows "No results found." in the browser by opening the view and as soon as I try to generate...

by Communicator in

Consolidate multiple sparklines into a single sparkline

Hello, I would like to consolidate multiple sparklines from different rows into a single sparkline, that shows th...

by Path Finder in

stats/chart Only Summing Cells with Multiple Values

If I have fields that have the potential to contain any number of values, from null to many, how can I get the sum fu...

by New Member in

Timechart WHERE clause not behaving as expected

In the file /var/log/server.log, we have one log line each time a host sends a heartbeat to our service. I've got ...

by Engager in

weird ip address with leading zeros

Hi all, I have a log file which has weird ip addresses as followings. There are leading zeros. 2014.06.10 13:14...

by New Member in

Replace A pattern Splunk

Hello Guys , I have a field Month that have values like this 1-2013 10-2014 9-2014 i would like to get 0X-YY...

by New Member in

Regex in splunk

Hi, I have data like below, Contact_Number---------------Name land="1234" Phone="324"------Kumar land="3254" ph...

by SplunkTrust in

regex expression works sometimes and not at others

Hello, I am working with Omniture Data contained in a csv in a scripted data input. I fetch a file using curl, cho...

by Path Finder in

How to identify an 'Upload' in search?

I'm trying to search for logs relating to an upload of data. For example, a computer uploads a file to dropbox or som...

by Path Finder in

add sum of previous point to next minute value

Hi, I want increment graph, current minute transactions do sum with previous minute transaction and this will cont...

by Communicator in

Easy way to match just the beginning of a field value

Hi Folks, I'm having a hard time working around using a wildcard within an eval, which isn't possible as far as I ...

by Communicator in

Extract string using rex

I have data that looks like: 20140609 19:14:03 [PERF] [CREATE PLAN START] Action=CreatePlan, and would like to extrac...

by Contributor in

How to use regex in field extraction?

I can't seem to get my regex to work as a field extraction. below is an example string and the regex I'm trying to us...

by Path Finder in

Splunk/eval ignores real numbers less than 1.0

Splunk seems to be ignoring numbers less than 1.0 regardless of incoming precision. If my tField value is 1.000 or gr...

by Explorer in

Show only NON distinct values for a given field.

I am looking to compare a list of non unique usernames with unique IP's, and specifically analyze the occurences wher...

by Path Finder in

how to add a string to a table element?

Hello I have two fields field1 and field2 extracted from my search and I would like to present then in a table, wi...

by Communicator in

Asset Discovery

I've noticed on the dashboard that the scan isn't detecting any particular OS - leaving it as unknown for most of the...

by New Member in

How to compute time range spread over multiple files.

Hi Everyone, I want to calculate availability time range of each employee based on the records present in two files (...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to group together events based on their relative distance in _time?

How to extract date and time in Splunk?

Cascaded search with tabular data

Regex in inputs.con

Take an average of values in a cell from every four rows

DB input configuration setup for oracle database

Adding Outputs of a Search to Timechart

Splunk PDF export issue with "empty" pdf

Consolidate multiple sparklines into a single sparkline

stats/chart Only Summing Cells with Multiple Values

Timechart WHERE clause not behaving as expected

weird ip address with leading zeros

Replace A pattern Splunk

Regex in splunk

regex expression works sometimes and not at others

How to identify an 'Upload' in search?

add sum of previous point to next minute value

Easy way to match just the beginning of a field value

Extract string using rex

How to use regex in field extraction?

Splunk/eval ignores real numbers less than 1.0

Show only NON distinct values for a given field.

how to add a string to a table element?

Asset Discovery

How to compute time range spread over multiple files.

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

Splunk Community Badges!

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

Search for triggered save searches and their actio...

Splunk Search

Are you a member of the Splunk Community?

Discussions