Splunk Search

Discussions

Thread Info

How to group multiple methods responsetime into intervals and obtain count?

Hi All, I have a requirement where I need to group count of methods responsetime into different time intervals. B...

by Path Finder in

Working with the NOT command

So I am trying to search through some results and I am trying to display the results that ExitStatus=0 which means it...

by Path Finder in

How to make timeline drilldown time parameters?

I'm trying to do a drilldown of a timechart where the Y-axis field is Domain and the value is a count, X-axis is time...

by Communicator in

How to create strcat field names with spaces?

I'm working with two similar, but not quite the same datasets and I want to create a table which displays data from e...

by Engager in

How to write events within 2 minutes of the first event for the same host?

I am working on a query to report on events generated within 2 minutes of the first event for the same host. In th...

by Explorer in

How do we separate the multiple columns of fields?

Hi all, I'm looking for the search how we can seperate the multiple columns in to single column Ex: Host ...

by Builder in

How to use streamstats and identify consecutive events?

Hi, We have applications Availability data in splunk.With below SPL, I got this data. Base_SPL..| streamstats r...

by Explorer in

How to list out the field in tabular format?

Hi All, How do we list out the fields in tabular format..Eg: hostname action windows allowed ...

by Builder in

How to get higher up value for the columns in my chart when ceil isn't working?

In the below chart if u can see i have used round and avg to first_response and closure time. But my values are no...

by Explorer in

How to append results to dropdown?

I have a dashboard that has a dropdown which takes in the values from a csv file. Is there a way I can add on to the ...

by Path Finder in

Add a number of hours to a search field?

I have a field returned with some search data that contains a date and time in UTC. I would like to be able to add 1...

by Contributor in

How to transfer decimal value into ASCII code in text string?

Hi all, I have a field named as item_description which is an array of decimal value, which represents the descrip...

by Path Finder in

How do I escape single quote within DBXquery SQL like command?

how do I escape single quote within DBXquery SQL like commandFor example: content = '. . . . . . src_port': 20, 'd...

by Motivator in

How to use a lookup in a subsearch to search raw data values to include in the main search?

I would like to import a lookup table in a subsearch for a raw value search: index=i1 sourcetype=st1 [inputlookup ...

by Motivator in

How can I convert Key value into field value data?

The data is in key value format instead of field value due to limitation of fields to be used. There are 10+ key v...

by Path Finder in

How to view the currently running search of Splunk and display the amount of memory consumed during search command?

How to view the currently running search of Splunk and display the amount of memory consumed during the execution of ...

by Explorer in

Can we pass a parameter to a report?

Is there a way to pass a parameter to a report when calling it via - curl -u user:password -k https://<a...

by Motivator in

Is it possible to load a Sysmon log into Splunk as a lookup table, but how do I view it after that?

I can load a Sysmon log into Splunk as a lookup table, but how do I view it after that? What code do I use to view t...

by Observer in

How to extract fields like table below?

Distcp job application_1681357021637_0984 MAPREDUCE Wed May 3 04:32:32 MST 2023 Wed May 3 04:32:40 MST 2023 SUCCEEDED...

by Loves-to-Learn Everything in

Search results help in getting hourly results?

Hi I am using the below query and i need the results in hourly basis for the time i selected ? "My Base searc...

by Communicator in

How to combine 2 fields into 1 in Splunk in an alternate approach?

I have a Splunk search outputs result as follows. DetailslinkProduct Details :Product 1:- ABC123Product 2:- DEF456...

by Builder in

Mutliple Values

I try to show all the value in Spluk dashoard . I have this kind of data { returnCode= 2, itemCount=35, cdt=...

by New Member in

Issue using the field extractor?

Hello, I'm using the following search string to monitor SQL Server DB Tables that are being audited by SQL Server ...

by Path Finder in

What is the correct strptime argument?

Hi all, I am confident with strptime/strftime but i'm really struggling with the correct strptime argument for the...

by Explorer in

How to combine 2 fields into 1 in Splunk in an alternate approach?

I have a Splunk search outputs result as follows. DetailslinkProduct Details :Product 1:- ABC123Product 2:- DEF456...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to group multiple methods responsetime into intervals and obtain count?

Working with the NOT command

How to make timeline drilldown time parameters?

How to create strcat field names with spaces?

How to write events within 2 minutes of the first event for the same host?

How do we separate the multiple columns of fields?

How to use streamstats and identify consecutive events?

How to list out the field in tabular format?

How to get higher up value for the columns in my chart when ceil isn't working?

How to append results to dropdown?

Add a number of hours to a search field?

How to transfer decimal value into ASCII code in text string?

How do I escape single quote within DBXquery SQL like command?

How to use a lookup in a subsearch to search raw data values to include in the main search?

How can I convert Key value into field value data?

How to view the currently running search of Splunk and display the amount of memory consumed during search command?

Can we pass a parameter to a report?

Is it possible to load a Sysmon log into Splunk as a lookup table, but how do I view it after that?

How to extract fields like table below?

Search results help in getting hourly results?

How to combine 2 fields into 1 in Splunk in an alternate approach?

Mutliple Values

Issue using the field extractor?

What is the correct strptime argument?

How to combine 2 fields into 1 in Splunk in an alternate approach?

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions