Splunk Search

Discussions

Thread Info

Merging results from two different searches in one fill chart

My company is currently trying to archive a large amount of older files; however, new files are coming in daily. We w...

by Path Finder in

Create a field from a string

Hi users, I have a big string in one field from which I want to extract specific values such as user and IP addres...

by Communicator in

Skipping Index after transformation

I have certain logs in which I had to change the format of the logs.For this a custom sourcetype containing the trans...

by New Member in

how to run a python file in splunk?

Hi, I have created a python file "newapp.py", which does the normal search operation. I run it on console and get ...

by Builder in

The alarm time statistics

Now that there is such a demand, I set up an alarm, when I CPU use rate of more than 90% began to alarm, when the CPU...

by Path Finder in

Evaluate json boolean value with if statement

Hi all, I am trying to run this simple search: SourceType=FooMonitoring |eval isSuccess=if(Test.TestIsSuccessful==...

by New Member in

List of properties aggregated by event

Hi there, I am new to Splunk. I have data with the following structure, where each entry has an event name and a vari...

by New Member in

The lookup table '...' does not exist

After installing the Windows App 5.0.2 on our splunk 5.0.3 i get these errors when doing a search: The lookup tabl...

by Engager in

twice as many counts as matching events?

I need help figuring out this one This is the search: host="myhost" | spath | top agent.browser I get 311 ...

by Engager in

| pivot and eval

Hi there, is there any way to combine table creation using an eval expression in combination with the accelerated ...

by Path Finder in

copy sourcetype and regex from one index to other index

how i can copy sourcetype and regex from one index to other index?

by Contributor in

Append showing result in new row

If I understood correctly append returns the result in the same row as the previous query. Anyone knows why I get 2 s...

by Path Finder in

Percentage change in event counts

I need to calculate the percentage increase/decrease in the number of events in the last 5 minutes compared to the pr...

by Path Finder in

Count Command

Hi, I'm experiencing some difficulties when using count, the below search query works by listing sip (source ip) a...

by Explorer in

Can timestamp be conditional according to data content

My csv data contains a number of timestamps. I want the timestamp field to be conditional on the result of another fi...

by SplunkTrust in

Filtering with dedup depending on number of results

I got a search that monitores my Netbackup jobs in real time. search = index=Infra_NB sourcetype="NbJobs" site=$si...

by Communicator in

Filter fields per role access?

Hi! I would like to ask question whether its possible to filter certain fields per role. For example, If I h...

by Communicator in

Webknight Field Extractions and Header Exclusions

If anybody uses WebKnight ISAPA filter in your environment you will probably have spotted that the log file formal ca...

by Explorer in

Search is truncating results to a smaller result set after completion

Hello, I'm running a fairly complex search using transactions in order to identify an error occurring in a distinc...

by Explorer in

Indexing internals

Hi, I'm planning the event sources for Splunk and I'd like to know (if someone could give an answer) how does spl...

by Engager in

dbx query timeout

Is there a flag in the dbx app that times out a query if it exceeds a certain time? We have an SLA that our queries c...

by Splunk Employee in

Duration with just days (2)

source="J:\\B6 Files\\Web Logs\\Vegas\\access_logs\\star.log" INFO star | rex field=_raw "INFO (?<report>star) - (?...

by Explorer in

How to create multiple radial gauges from a singel query?

I have a query that produces 4 field values. I am looking for a way to use thae gauge command to create multiple gaug...

by New Member in

Creating Chart Overlays in Splunk 6

All, I'm trying to implement overlays for the dashboard panel I am working on. I want the exactly the same chart ...

by Contributor in

Time of Day on Y Axis

I'm trying to create a chart that has the time of day on the y axis. I have a results table that looks like this: ...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Merging results from two different searches in one fill chart

Create a field from a string

Skipping Index after transformation

how to run a python file in splunk?

The alarm time statistics

Evaluate json boolean value with if statement

List of properties aggregated by event

The lookup table '...' does not exist

twice as many counts as matching events?

| pivot and eval

copy sourcetype and regex from one index to other index

Append showing result in new row

Percentage change in event counts

Count Command

Can timestamp be conditional according to data content

Filtering with dedup depending on number of results

Filter fields per role access?

Webknight Field Extractions and Header Exclusions

Search is truncating results to a smaller result set after completion

Indexing internals

dbx query timeout

Duration with just days (2)

How to create multiple radial gauges from a singel query?

Creating Chart Overlays in Splunk 6

Time of Day on Y Axis

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

MLTK - What algorithm should I use?

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions