Splunk Search

Discussions

Thread Info

How to display index time in table?

I'm having a hard time displaying the event index time in a table. What is the field name for index time?

by Builder in

Add lookup to search head app - syntax question?

Hello, I am working to put together an app which will be deployed to our search head. In the app, there is a lookup c...

by Builder in

Get the specific string from the line

Hi, I wanted to know is it possible to get a string at specific location from a line. for e.g. My line is: STE...

by Builder in

regex in subsearch

Hi all, I am trying to join 2 tables using a subsearch. The searches work as single search but not in the following s...

by Explorer in

Need help with conditions

I Have a db query that returns data as below. Now i want 1. to get a search result where all the rows where rank <11...

by New Member in

No fields to display for this search in GUI

Customer reportsthat thet are running a search via the GUI. After displaying the results, they are seeing problems wi...

by Splunk Employee in

Are you extracting the controller field?

I do not see it in the props.conf

by Engager in

Finding all instances of a field greater than the avg of that field during a 15 minute span

Hi All, I have a field "TotalResponse" which is the total response time for a web request. I'm attempting to deter...

by Engager in

replace found data with "fix" and no data with "NULL"

I'm trying to perform a search where if there is data found in a specific field , then I want the report to replace t...

by Explorer in

eval with mathematical calculations?

I'm trying to do something a little wonky here, so please bear with me. The code below is the logical flow of what I'...

by Explorer in

Convert seconds to MM:SS.ms

Hi I am trying to convert seconds.milliseconds for ex 4.6566, 0.55,1.2 to Minutes:Second.milliseconds format I tried...

by Explorer in

Concatenate subsequent values of a field within a transaction

I have a log with requests with an ordernumber and a response. The response is: 100 - success or 1400,1401,1402 - var...

by New Member in

Use "Data Model" definitions to extract fields in Search

I've already created a lot of field extractions in my Data Model definition to create Pivot views. Is there a way to...

by Contributor in

Search latest indexed file for different sourcetype

Hi, I have 3 sources from which the files are loaded into Splunk, the time of arrival of files and frequency is di...

by Communicator in

Unidimensional histogram (chart without "by" clause)

I have difficulties to create a simple, unidimentional histogram. Suppose you have a log similar to this: host=hos...

by Contributor in

Exception when running a search in Hunk

I see the following exception in search.log when running a Hunk search against my cluster: Exception in thread "ma...

by Splunk Employee in

How to change the text box layout (not panel layout)?

Hi Splunkers, I have a question about text box layout in dashboard or view. In simple XML, we can look at text box...

by Contributor in

Create a table in my search when I enable/disable account but not when I create account.

Hello guys, I have a question about a query search. I have two queries associated with Windows. My first quer...

by Communicator in

Substitute a value in the search result

I have a search result which returns me the following Username,TimeOnVPN user1,185.25 user2,1920.25 ... ... ... us...

by Path Finder in

Count number of Transaction every hour

2013-09-20 16:53:04,723 INFO[Thread-3]EndTime=20/09/2013 16:53:04 TransactionID=A, Event=completed, Result=sent 2013...

by Engager in

Help for timechart display

hi this is mt search index=tm_idx host="server" "finished executing normally" | rex field=_raw "(?i)Process\s\"...

by Communicator in

insert the earliest and latest in the DBquery

Hello I'm breaking my brain for make one thing. I recovery the data from External database, in this point no probl...

by Explorer in

How to limit primary search based on time interval from subsearch -- dynamic time interval ; time delta

In order to query from an external firewall log that contains say "badwebsite.com" and join those results back throug...

by Communicator in

Splunk web not showing login fields JAVAscript enabled

Not able to see login fields when launching splunk web ... Javascript enabled in browser and no iptables issue etc...

by Path Finder in

rex mode=sed syntax

I apolagize for the simplicity of this question. I have scowered all over splunk answers and could find or make sense...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to display index time in table?

Add lookup to search head app - syntax question?

Get the specific string from the line

regex in subsearch

Need help with conditions

No fields to display for this search in GUI

Are you extracting the controller field?

Finding all instances of a field greater than the avg of that field during a 15 minute span

replace found data with "fix" and no data with "NULL"

eval with mathematical calculations?

Convert seconds to MM:SS.ms

Concatenate subsequent values of a field within a transaction

Use "Data Model" definitions to extract fields in Search

Search latest indexed file for different sourcetype

Unidimensional histogram (chart without "by" clause)

Exception when running a search in Hunk

How to change the text box layout (not panel layout)?

Create a table in my search when I enable/disable account but not when I create account.

Substitute a value in the search result

Count number of Transaction every hour

Help for timechart display

insert the earliest and latest in the DBquery

How to limit primary search based on time interval from subsearch -- dynamic time interval ; time delta

Splunk web not showing login fields JAVAscript enabled

rex mode=sed syntax

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions