Splunk Search

Ask a Question

Discussions

Thread Info

How to search dynamic field in Splunk?

Hi, I have a lookup table where column names are with weekdays (like monday, tuesday, wednesday,...) and have poss...

by Path Finder in

How to reduce number of joins?

Hello Splunkers!! As per the below search you can see we have used join commands to get the results from same inde...

by Motivator in

How to write a search based on Unique Ids considering multi-line to a single line?

Hi Splunk Experts, I've logs where users activites are tracked based on a unique identifiers, I want to display th...

by Contributor in

Is it possible to do an in-line conditional field extraction?

Hello, Is it possible to do conditional In Line field extraction in SPLUNK for the following sample data: Sampl...

by Motivator in

How to accelerate the time is takes request to generate result?

Hi! My request take much time to generate the result, how can i accelerate it | mpreview index=ciusss_vitals_li...

by Explorer in

How to "Bucket" Certain Field Values into a new Field?

I have a lookup of vulnerability scan data that includes fields such as hostname, IP, OS, CVEs, etc. I would like to ...

by Path Finder in

How to compare two most recent events?

Hello, a search is retrieving following results order by event date Date valu...

by Loves-to-Learn in

Help with creating table

Hello All - I'm fairly new to Splunk and I've been racking my head for the past 8 hours trying to create a table fo...

by Explorer in

How to compare/graph two searches?

Hello All - I need to be able to compare/graph regression test results from two different models. The search comm...

by Explorer in

How to get the peak total memory usage splitt by day

Hi, How can I make this search to display the peak by day index=* sourcetype=Perfmon:Memory host=* |timecha...

by Path Finder in

Enhanced timeline highlight certain events- Is there anything I can do in the search?

I created an enhanced timeline that works the way I want but I'm wondering if there is a way to highlight or change t...

by Communicator in

Comparing results from 2 days?

Hello, I'm struggling with a task and would like to ask for your opinion about it. Goal is to set up an alert, which ...

by Explorer in

How can I reduce the storage size of an index, what are the different methods/options?

Hi, How can I reduce the storage size of an index, what are the different methods/options? Also, will remo...

by New Member in

How to use Regex inside a Case statement?

Hi,How can i write this statement| eval protocolUsed = case( regex consumerkey="[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[...

by Explorer in

Same search returns different results each time it is run?

I have this weird issue where the same exact search, run for a same exact period returns different number of events e...

by Explorer in

Search to Consolidate similar messages into one?

Query:index=xxx application_code=mobile NOT feature |stats count by code message|sort -count|eval message-substr(...

by Path Finder in

Why is Regex not displaying results?

HiI have a key namedick=2c27194g-af5e-4f7d-9847-07cd5c4c70af Want to search all the ick using regex I tried regex ick...

by Explorer in

CSV _time differences depending on API call?

When I manually run a Splunk search via the API as follows: curl "https://host:8089/services/search/v2/jobs" -d se...

by Loves-to-Learn in

How to add column values based on subsearch?

Hi everyone I got the following sample search that yields the table below. index=server| stats avg(response_tim...

by Path Finder in

How to extract job Id values from raw text in events and add the job id into a separate field?

Hi User, Thanks for the reply. Below is the raw text that has been received on splunk user interface. {"...

by Loves-to-Learn Everything in

Add automatic lookup for kvstore?

I have kvstore which generate the data by API. when I use | lookup mylookup id output data - its working I wa...

by Explorer in

Combining results in metric index?

I have a metric index with a hierarchical structure (maybe all metric indexes are like this). SuperCategory.Category...

by Path Finder in

How to convert a timestamp from one format to a different one?

convert 2023-03-15T17:25:18.832-0400 to YYYY-MM-DD HH:MM:SS.Millisec . 2023-03-15T17:25:18.832-0400 --------------...

by Explorer in

Average of current time window over last week?

Still working on this. I want to create a single pane dashboard panel with trend indicator. This value is going to d...

by Path Finder in

Chart average event occurrence per hour of the day for the last 30 day

I'm trying to get the chart that shows per hour of the day, the average amount of a specific event that occurs per ho...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to search dynamic field in Splunk?

How to reduce number of joins?

How to write a search based on Unique Ids considering multi-line to a single line?

Is it possible to do an in-line conditional field extraction?

How to accelerate the time is takes request to generate result?

How to "Bucket" Certain Field Values into a new Field?

How to compare two most recent events?

Help with creating table

How to compare/graph two searches?

How to get the peak total memory usage splitt by day

Enhanced timeline highlight certain events- Is there anything I can do in the search?

Comparing results from 2 days?

How can I reduce the storage size of an index, what are the different methods/options?

How to use Regex inside a Case statement?

Same search returns different results each time it is run?

Search to Consolidate similar messages into one?

Why is Regex not displaying results?

CSV _time differences depending on API call?

How to add column values based on subsearch?

How to extract job Id values from raw text in events and add the job id into a separate field?

Add automatic lookup for kvstore?

Combining results in metric index?

How to convert a timestamp from one format to a different one?

Average of current time window over last week?

Chart average event occurrence per hour of the day for the last 30 day

Expert Tips from Splunk Professional Services, Ensuring Compliance, and More New ...

Observability Release Update: AI Assistant, AppD + Observability Cloud Integrations & ...

Stay Connected: Your Guide to February Tech Talks, Office Hours, and Webinars!

tstats with | search()

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

StateSpaceForecast holdback and forecast_k for eva...

ITSI thresholds: adaptive vs static