Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Why does the use of timechart give me different results than chart ... by _time?

I have done 2 (what I thought were) identical searches. One ended with: | timechart first(valueA) as A first(valu...

by Path Finder in

Unathorized Linux folder deletion

Hi All, I am new to Splunk and need to complete the below use case Files in a linux directory are regularly arc...

by New Member in

how to loop endlessly

Hi, How to loop like this Event fields field1 [value1a, value1b, value1c, value1d,...] field2 [value2a, valu...

by New Member in

Running a query using wildcards for a value returns different counts than if I choose one of the wildcard fields.

I have a script that runs againts Qualys vulnerability information and does a count of vulnerabilities by OS (a field...

by Explorer in

How To move the okta index

I am trying to move the index for the okta app to a different location than what it installed as. When i do this splu...

by New Member in

returns only results that have a repeated field

I need a query that returns only results that have a repeated field. My search: index=abc AND component=yyy AND ke...

by New Member in

Obtaining XML from URL

Search Head: V6.2 Goal: Obtain XML data from URL, which is dynamically created with IDs set in search string. Sear...

by Path Finder in

hello MuS, How to search these events that meet "3 same contents and their positions is sequent in 2 seconds"

How to search these events that meet the condition of "3 same contents(except time message) in 2 seconds", give me a ...

by Explorer in

Subsearch results getting truncated while using join

Hi, We are currently using join for creating summary index in our application. The search runs on a daily basis fo...

by Communicator in

Undefined Fields are in Splunk

Hi All, Am getting undefined fields in splunk, since all my conf files are configured correctly. If am searching t...

by Path Finder in

Date comparison

Hello, I would like to compare two dates: log_time 08/Dec/2014:15:36:34 +1100 _time 2014-12-08 15:36:34 It i...

by Path Finder in

is it possible to have multiple levels at x-axis for chart

I am able to create a timechart graph successfully of what I need. The timechart displays the data for each day. Now ...

by New Member in

How do I include fields from a lookup table to charted data?

I'm using this search to retrieve indexing data by month; index="_internal" source="*metrics.log" group="per_host_...

by Path Finder in

How to edit my search to get a tabular report?

When I try the following with last 30 days in the search I run into problems: SourceName="sname" Message="**" | bu...

by Explorer in

75th percentile caluclation

I need to calculate 75th percentile by minutes Time: 11:12 magnitude 3.4 Time: 11:12 magnitude 4.4 Time: 11:12 mag...

by New Member in

Add an incremental number field in search output

HI, I just want to ask if it's possible to have an incremental number in my output table in splunk search? Example...

by Communicator in

How to find average power consumption from two sourcetype?

Hai friends, I have logged two SIMILAR files in splunk, which contains details of different meters like voltage,cu...

by Explorer in

searchpeers folder filling up /opt/splunk..what could be the cause??

/opt/splunk/var/run/searchpeer is filling up the SPLUNK home

by Engager in

Splunk DB Connect: Is it possible to restrict users from running dbquery command, but still access the dashboard/report populated by dbquery?

I am looking for a way to restrict users to run "dbquery" command but still be able to access the dashboard/report th...

by Explorer in

Inline Variable Definitions and Expansions With Eval

Hiya, I swear I knew how to do this without macros, which seem like overkill, but I've lost it. Here's a simple ex...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why does the use of timechart give me different results than chart ... by _time?

Unathorized Linux folder deletion

how to loop endlessly

Running a query using wildcards for a value returns different counts than if I choose one of the wildcard fields.

How To move the okta index

returns only results that have a repeated field

Obtaining XML from URL

hello MuS, How to search these events that meet "3 same contents and their positions is sequent in 2 seconds"

Subsearch results getting truncated while using join

Undefined Fields are in Splunk

Date comparison

is it possible to have multiple levels at x-axis for chart

How do I include fields from a lookup table to charted data?

How to edit my search to get a tabular report?

75th percentile caluclation

Add an incremental number field in search output

How to find average power consumption from two sourcetype?

searchpeers folder filling up /opt/splunk..what could be the cause??

Splunk DB Connect: Is it possible to restrict users from running dbquery command, but still access the dashboard/report populated by dbquery?

Inline Variable Definitions and Expansions With Eval

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...