Splunk Search

Ask a Question

Discussions

Thread Info

Sum max(count) from multiple hosts

Hi I have 4 hosts. Each host collects error logs. Each log consists of a Counter, like so: 2013-12-02 11:23:26,...

by Path Finder in

How to increment counter field with a by clause

Given events Group MultiValue A 7,2,9 B 8,1 I'm using makemv to pivot the results to below, but I also want a new ...

by Explorer in

Joining two data sets using time windows

I have two data sets that I want to join: Set A: _time, field1, field2, field3... via search: eventtype=mystats...

by Explorer in

Matching specific fields in main search with the results from subsearch

I am monitoring a directory with multiple CSV files and indexing these to say an index "ABC". The goal is to extract ...

by New Member in

Splunk doesn't recognize searchbnf.conf

Hi all, I trying to implement online help for my custom search commands. There is a searchbnf.conf located in the ...

by Explorer in

Strange error with subsearch

I have a query with a subquery that I am using to identify a set of transactions that contain a string - from those t...

by Path Finder in

Field extraction based on the element position in a csv

Hello, I have csv files but Splunk can`t auto extact the fields based on headers beacause we've assigned our own s...

by Explorer in

Chart X -AXIS Splunk 6

Hi Everyone! Is it possible in Splunk 6 to rotate the X-axis label of chart to vertical? Thanks in Advanced! Xi...

by Communicator in

how to get the field names based on the case statement conditions?

This is my query sourcetype="pivotsource" OR sourcetype="vodplayerrors_animation" | stats count AS tnow | eval tno...

by Explorer in

Process User input before search

Hello, I'd like to know if there's any possibility to process the user input before executing a search but without...

by Explorer in

Splunk Search and Iterate over a log

Can I do the following in Splunk: Search for a line using a query. Iterate from that line onwards in the log. ...

by Explorer in

how to display more entries from history

hi, how can I display the last 20 or so of my previous searches in the web gui? Thanks,

by Path Finder in

Spaces are being replaced by tabs

I've noticed that in a few logs places where I have four spaces in a row are being substituted with a space and a tab...

by Explorer in

Bitfield lookup

I have a field in the logs, that is a Bit-field. Is there a way, a function to translate those field in a human reada...

by Builder in

rex fields from *nix netstat output

Hello, I am trying to graph the "packet receive error" value over time for one of our servers. This is a value ret...

by New Member in

charts and drilldown

Hello, I am trying to figure out what kind of values can be retrieved from clicking a bar chart for drilldown purp...

by Path Finder in

where a the eval functions stored ?

I'd like to take some eval function as example for building custom skripts, but I can't find them ?

by Builder in

Join DBConnect SQL query with other datasets

Hello DB pros, I'm using DBConnect to query a specific table in an Oracle DB (let's call it "oracle"), which has t...

by Explorer in

Which commands.conf should I add my custom search command to?

Hi, Last week I defined a custom search command, and after reading the documentation I decided that I should refer...

by Path Finder in

Timechart with data 1 week earlier and average of data 1,2,3,4 weeks earlier

I've created the following query for a range of -12h...+12h with data 1,2,3,4 weeks ago and the data of the last 12h ...

by Path Finder in

Splunk Simple XML Form Cheat Sheet

Team, This isn't so much a question as a question AND answer: Q: I love to make forms in Splunk but if I had a ...

by Path Finder in

Add "Price" field with different values for specific timeranges

Hi, I'm adding a "Price" field to each product in the events. Therefore I'm using a lookup which includes the prod...

by Motivator in

How to set up a limit to max no of events to be searched

Is there anyway to restrict the max no of events to be searched in an index irrespective of the time chosen the time ...

by Path Finder in

How to avoid subsearch auto-finalize in query performing outer join against lookup table

I've got an inventory list, which greatly simplified looks like below and made it available to splunk as a lookup tab...

by Path Finder in

Splunk 6, user data model attributes/fields in regular search

Hi, I have just started working with Splunk 6. I have created a Data Model for my data source and have added some ...

by Revered Legend in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Sum max(count) from multiple hosts

How to increment counter field with a by clause

Joining two data sets using time windows

Matching specific fields in main search with the results from subsearch

Splunk doesn't recognize searchbnf.conf

Strange error with subsearch

Field extraction based on the element position in a csv

Chart X -AXIS Splunk 6

how to get the field names based on the case statement conditions?

Process User input before search

Splunk Search and Iterate over a log

how to display more entries from history

Spaces are being replaced by tabs

Bitfield lookup

rex fields from *nix netstat output

charts and drilldown

where a the eval functions stored ?

Join DBConnect SQL query with other datasets

Which commands.conf should I add my custom search command to?

Timechart with data 1 week earlier and average of data 1,2,3,4 weeks earlier

Splunk Simple XML Form Cheat Sheet

Add "Price" field with different values for specific timeranges

How to set up a limit to max no of events to be searched

How to avoid subsearch auto-finalize in query performing outer join against lookup table

Splunk 6, user data model attributes/fields in regular search

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!