Splunk Search

Discussions

Thread Info

How to have Splunk search to include only events outside regular business hours?

Hi Splunkers,I want to create a search that send results to an "On call" system only for out of hours during monday t...

by Explorer in

How to get a total count for today and weekly average index time in one search?

Hello!I've been trying to solve this problem for a couple days now but can't seem to figure it out.So basically I wan...

by Loves-to-Learn Everything in

How do I search for IP address hitting a host?

by Path Finder in

How to extract IP hostname SplunkAgent and Machine architecture from splunkd_access log?

10.179.130.56 - - [14/Apr/2023:01:59:28.233 +0800] "POST /services/broker/phonehome/connection_10.179.130.56_8089_10....

by Explorer in

How to run a search from rest search?

I am doing some analysis on our existing searches. What I would like to do is run the saved search when I get the res...

by Contributor in

How to get results of two separate queries to calculate the percentage of the first result values present in the second?

Hi, I have 2 queries , let's call them query_a & query_b. query_a - gives me a table containing all the userAgent...

by Observer in

How to get sum of durations in milliseconds?

1. How to get total sum of call_Duration of time for all call_Name mentioned below in splunk from ms to seconds with ...

by Explorer in

How to compare my search table to lookup table and output the not match result to my search table?

I have lookup table like Date ID Name 02/04 12547 xxx02/04 12458 xxx02/04 ...

by Communicator in

What is the difference between a lookup search and index searches?

Hi, I need your help in order to get the difference between two searches. I have a task running once a day on all ...

by Explorer in

Why is the scroll is not working on a table viz?

I am using Dashboard Studio, and When I create a table viz the scroll is not working, and neither is the next button....

by Loves-to-Learn in

How to display the bar with both values even when there are no results for failed?

I have a bar graph that shows the status (Success and failed). I want to display the bar with both values even when t...

by Path Finder in

How to generate an accumulating total bucketed by day per user?

Hello,Im trying to accumulate and analyze a persons risk score every day, once per day, and only fire when the total ...

by Contributor in

Why is subsearch not working with regex?

I'm attempting to find file downloads within a 2 minute timespan following a browser being spawned from outlook (my s...

by New Member in

How to create a line chart with received time on Y axis and date on X axis?

I'm looking to create a line chart like the attached picture. The data points would be the time a file is received, t...

by Engager in

How to modify my search to data model search by adding a lookup table?

Hi, My task involves creating a search in datamodel i.e network_traffic, below is the base search how we could con...

by Path Finder in

How to correlate a field from a query to a field from a lookup file?

Hello. I've been watching a few lookup videos but they mostly concentrate on extracting data from a lookup file. None...

by Communicator in

How to plot differences of values over time?

hi all I have a data set like this: _time, duration, category XXX, 0.145,A XXY, 0.177,B XXZ, 0.178, A ...

by New Member in

How to left join ext data to event and perform rowwise eval?

I have a lookup table with an event name with min max thresholds I need to join this (left on the lookup) with the...

by Explorer in

How to perform Lookup Using Event Field that is a List?

I have an event field that is a list of "permissions" , and I want to perform a lookup for each permission in the li...

by Splunk Employee in

Splunk Cloud: How do we extract multiple values for one field for one entry?

for splunk cloud how do we extract multiple values for one field for one entry

by New Member in

Help with latest and earliest

Hi, I would like to know if someone can help me with this issue. I am trying to add a time constraint to an SPL...

by Explorer in

Why is it incorrectly showing some values as NULL?

Here is the raw log { "markers": { "requestId": "RAWWyBVRjlX1wCr3JPINpZz6TLfa6FAM_09c958c6", "msgId...

by New Member in

How to choose color based on text value?

Hi there! I need to choose the color in the dashboard based on the text results in dashboard, where the ...

by Contributor in

How to create new field based on table values?

Dear Experts..Looking for help with a Splunk Query...I was working on a Splunk Query to identify the Frames connectio...

by Explorer in

How can I compute value based on group by values in timechart?

| eval vm_unit=case(vmSize="Standard_F16s_v2",2,vmSize="Standard_F8s_v2",1,vmSize="Standard_F4s",0.5,vmSize="Standard...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to have Splunk search to include only events outside regular business hours?

How to get a total count for today and weekly average index time in one search?

How do I search for IP address hitting a host?

How to extract IP hostname SplunkAgent and Machine architecture from splunkd_access log?

How to run a search from rest search?

How to get results of two separate queries to calculate the percentage of the first result values present in the second?

How to get sum of durations in milliseconds?

How to compare my search table to lookup table and output the not match result to my search table?

What is the difference between a lookup search and index searches?

Why is the scroll is not working on a table viz?

How to display the bar with both values even when there are no results for failed?

How to generate an accumulating total bucketed by day per user?

Why is subsearch not working with regex?

How to create a line chart with received time on Y axis and date on X axis?

How to modify my search to data model search by adding a lookup table?

How to correlate a field from a query to a field from a lookup file?

How to plot differences of values over time?

How to left join ext data to event and perform rowwise eval?

How to perform Lookup Using Event Field that is a List?

Splunk Cloud: How do we extract multiple values for one field for one entry?

Help with latest and earliest

Why is it incorrectly showing some values as NULL?

How to choose color based on text value?

How to create new field based on table values?

How can I compute value based on group by values in timechart?

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions