Splunk Search

Discussions

Thread Info

Count occurrences of sourceA fieldA against sourceB fieldB

OK my first question, i'm a relative SPLUNK newbie- I thought I was good at SQL syntax but I'm lost here ;-( I hav...

by Engager in

Dashboard Permissions

I have created several dashboards and searches as administrator but my end users are unable to view the panels as the...

by Splunk Employee in

Total event count of specific field

My Query: index=blah sourcetype="blah-2" | dedup User_IP This works by extracting the unique IP's defined by t...

by Contributor in

Field Extraction and Search Not Syncing Properly

I am having a problem where I can extract a field, but when using that field in the search it will not return results...

by New Member in

requests that starts with certain ips

Hi, i wanted to get times only for clietips that starts with certain ips. So i have this query below. This is not ...

by Contributor in

Adding lookup from external csv to search

I would like to do this permanently but let us try it on the command line first. command: source="C:\\..." | re...

by Path Finder in

Sorting using date_XX fields with stats

I have been unable to find a solution that works for me, and I have a very simple and popular query. I want to simply...

by Builder in

Chart of multiple sourcetypes

Hi, I would like to get a line chart in which I can see a line for each trace level (verbose, info, warning, error...

by Explorer in

Bottom 10 Results?

Trying to run a query for the bottom 10 results. I dont see a | bottom option. anyone have a creative way to do t...

by Path Finder in

How do I subscribe to new questions related to apps I've written?

I want to be emailed when someone asks a question about this app. How do I do that? I see that you can subscribe t...

by Super Champion in

Looking for a way to display sub items, kind of like pivot table in Excel.

Hi, I am looking to display results a certain way and want to know if this is possible in Splunk. We have proxy logs ...

by Explorer in

Search App no results displayed

Hello, My SearchHead(s) Search App’s Summary Dashboard does not display any information in the All indexed data, Sour...

by Champion in

Mutiple timepicker for same search

I'm having a query that has a sub-search. I want to pass one time-period to outer query and another to sub-search. ...

by Contributor in

Plan searches by editing configuration files

Hello everybody, is there a way to plan searches by editing a configuration file? Usually I plan searches through ...

by Explorer in

Apps固有のローカライズについて

Apps固有のローカライズをしようとしたが変換されませんでした。ローカライズの設定は以下の方法で実施しました。 splunk extract i18n -app でsampleAppのストリングを抽出しmessages.pot...

by Champion in

Remove Host Splunk NIX

I have deleted all entries for a remote host with a splunkforwarder (linux). After restarting Splunk the host still s...

by New Member in

Splunk translation not applied correctly

Hi, I am working to translate Splunk in French using poedit. Some messages are translated in the messages.po and m...

by Engager in

How to graph only a certain column of timechart?

I'm still a noob to writing splunk searches so please bear with me.  I have a search that's currently generat...

by Explorer in

Search Strategies for Complex Data Sets

Hello All, I've searched Answers here and I have not really found an answer to my problem, my apologies if I misse...

by Explorer in

timecharting max of sum

I generate a log file with one line per server with the time of the run as the splunk date.. something like 2013-0...

by Path Finder in

Creating an Automatic Lookup that applies to all hosts/sources/sourcetypes.

I have a lookup table that I generate as a CSV dump of one of our databases. The database contains a list of all our ...

by Communicator in

Regex to start with specific characters

Hi, i would like to get all the requests that start with / and there will be few alpha numeric characters and then en...

by Contributor in

Create folders in "Searches & Reports" drop down menu

Does any one know how to create folders in "Searches & Reports" drop down menu to organize the searches?

by Explorer in

are postprocess searches counted against the search quota for a given role?

seems that the quota for searches includes postprocess searches, can someone confirm this? If, so can I get a link to...

by Path Finder in

Filter search results based on return value of subsearch

Hello Splunk Community, I am attempting to restrict search results based on the return value of a subsearch. My en...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Count occurrences of sourceA fieldA against sourceB fieldB

Dashboard Permissions

Total event count of specific field

Field Extraction and Search Not Syncing Properly

requests that starts with certain ips

Adding lookup from external csv to search

Sorting using date_XX fields with stats

Chart of multiple sourcetypes

Bottom 10 Results?

How do I subscribe to new questions related to apps I've written?

Looking for a way to display sub items, kind of like pivot table in Excel.

Search App no results displayed

Mutiple timepicker for same search

Plan searches by editing configuration files

Apps固有のローカライズについて

Remove Host Splunk NIX

Splunk translation not applied correctly

How to graph only a certain column of timechart?

Search Strategies for Complex Data Sets

timecharting max of sum

Creating an Automatic Lookup that applies to all hosts/sources/sourcetypes.

Regex to start with specific characters

Create folders in "Searches & Reports" drop down menu

are postprocess searches counted against the search quota for a given role?

Filter search results based on return value of subsearch

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!