Splunk Search

Discussions

Thread Info

common among all users

I have been asked to identify a list of all websites that a group of users has visited, but the spin on it is that ea...

by Contributor in

Time between events

We're trying to calculate the time between a users 1st event on our site and their 3rd event on our site. We can use ...

by Path Finder in

how to join two saved search results based on common field

Hi I have two saved searches lookup1 and lookup2 with line_id as common field , low will I join two results based on ...

by Path Finder in

Results desappearing at finalizing time

Hi! I'm using this search to calculate the exit rate of each page visited on a web site, count how many time a pag...

by Communicator in

Search does not work and also stopped indexing data.

Search does not work with this message. Error in 'litsearch' command: Your Splunk license expired or you have exce...

by Explorer in

How to assign each event a fields value extracted from another event

Hi, I need your help to understand which road to test. I have raw events like this 11/02/2013 sessionID1 fiel...

by Communicator in

search and index problem..(Trial license has expired/updated to free license version)

Trial license has expired, so updated to free license version. However, still does not search, and data does not ind...

by Explorer in

_time from host

I have host A and B.Both of this host have different _time values.Can I use _time from Host A only? How can i do this...

by Path Finder in

yet another nullQueue question

Hi, I've been trawling through the questions / wiki / docs etc, I just cannot see what I'm doing wrong: everyth...

by Explorer in

How to chart max per day

OK, probably a dumb question--but I can't get it output the way I want. I have a series of values that rise up throug...

by Splunk Employee in

reducing metadata size

Hi, I recall hearing at Splunk Conf2013 that it's a good idea to keep your metadata size reasonable. I process lot...

by Champion in

where count is > 5

Hi Everyone - I'm trying to reduce noise on some of my reports. Certain messages with "unreadable" are coming in and ...

by Contributor in

Multiple stacked columns in timechart

Hi guys, I have data that reports page views per hour, per type of page (home page, search page, product page). I ...

by New Member in

DBX: Tail from SQL Server missing data

DBX Tail input with bigint or datetime type rising column to SQL Server 2008. The initial loading would get all the d...

by Communicator in

events per minute

I am a regular user with access to a specific index. i dont have access to any internal indexes. how do i see how man...

by Path Finder in

sort fields in a column after grouping

I have stats values(A) by B, C and then I want to sort by values of A within each group. A is a numeric value. How ca...

by Communicator in

Sendemail Command

I was trying to send a search result of mine in splunk to my email at work, but received this message. Please I need ...

by Engager in

Acceleration - Search including lookup

Hi, I would like to use Report Acceleration. My search is using a lookupfile and this lookupfile is updated once a...

by Motivator in

timechart dynamic fields

Took the below example from documentation.... Chart a single day's views and purchases at the Buttercup Games onli...

by Explorer in

run the second search query only after the first search query completes

Hi, I have a dashboard in advance xml, where I am using a search query to run a python script :- <view template="...

by Builder in

Saved Search in Splunk 5 produces a table, but in Splunk 6 a column chart and table. Why?

The search is nothing special. It ends with a stats command showing avg, median, p95 and max values. In Splunk 5, whe...

by Influencer in

Make a graph

Hi, I am using this query sourcetype=TraceDropOff| transaction startswith="Starting Main" endswith="DropOff appli...

by Path Finder in

Static lookup only on results found

I have basic lookups using a static lookup table of network devices, it's looking up host values if they show up as I...

by Contributor in

Can I Rename the Variable on a Chart for Predict Command?

Just as it says.. Can I rename the variable on a chart for predict command? Instead of count and prediction(count)...

by Communicator in

How to tag an ip address as suspect

Hi, What I did understand from tags, is that you can tag a field value. For example, I can tag clientip=1.1.1.1 as...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

common among all users

Time between events

how to join two saved search results based on common field

Results desappearing at finalizing time

Search does not work and also stopped indexing data.

How to assign each event a fields value extracted from another event

search and index problem..(Trial license has expired/updated to free license version)

_time from host

yet another nullQueue question

How to chart max per day

reducing metadata size

where count is > 5

Multiple stacked columns in timechart

DBX: Tail from SQL Server missing data

events per minute

sort fields in a column after grouping

Sendemail Command

Acceleration - Search including lookup

timechart dynamic fields

run the second search query only after the first search query completes

Saved Search in Splunk 5 produces a table, but in Splunk 6 a column chart and table. Why?

Make a graph

Static lookup only on results found

Can I Rename the Variable on a Chart for Predict Command?

How to tag an ip address as suspect

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions