Splunk Search

Discussions

Thread Info

Is it possible ot get a unique user listing with sourcetype="who"?

I am trying to get a list of people who have logged in to our system in the last 24 hours. The unix app runs a script...

by New Member in

Grouping results by count

I have a search that returns values in a table like this: USERTIMEIPLocationuser1time1ip1loc1user1time2ip1loc1user...

by Engager in

Splunk search used to run fast now its taking forever

One of our Splunk searches that just searches for all events in an index for the last 24hrs used to be blazingly fast...

by Splunk Employee in

delta for multiple fields not calculating correctly

Hello, We have a search that is looking through a script that calculates the size of directories throughout the da...

by Splunk Employee in

Web intelligence no data in reports

I locally index data from apache server. I can see events for search sourcetype="access_*" and field extraction works...

by Contributor in

categorization based on frequent text

Hi. I have an excel dump of incident tickets generated from the ticketing tool. Sample incidents' description from t...

by New Member in

eval - inconsistent math result

How is it possible that an eval expression which its components total weight is 100, breach that expected value? For ...

by Builder in

Eventstats, eval and "category" assignment

Hi all  I need you help because I can't figure out how to solve this problem. Suppose we have a table, made of tw...

by Engager in

Field extractor is unusually slow (max single event time=, probes=warning max=)

I have a regular expression that extract everything that exist between brackets Extraction: (?i) .*? (?P<METHOD...

by Builder in

Eval math expression over null values

How can I get a result out of an eval expression (without falsely decreasing the result computing its components as 0...

by Builder in

Can i show and hide columns on a table based on values?

Hello, I have a table with 4 Header: A B C D I need to show A C D column if B is null and B C D column if A is n...

by Builder in

Splunk search to remove entries where one value exists in another value

Hi, I have a working search right now that returns user and host. I am wondering how to remove results where the v...

by New Member in

Find time between first and second events grouped - efficiently

Hi, I am getting events in the form of: __time, app_name, action,udid "2013-04-11 23:26:32","nxTomo HK V0.9"...

by Explorer in

DB Connect Timestamp Search Time results

I have a search time query | dbquery OEM "SELECT regexp_replace(d.target_name, '\..*', '') AS output, d.collectio...

by Path Finder in

Reached end-of-stream error troubleshooting

I sometimes receive the following error message in my shp environment (4.3.5) when executing a search: ERROR: Reac...

by Builder in

Can Splunk Do This? Index -> backfill -> /opt/splunk/var/run/splunk/dispatch

I need to back fill an index from a scheduled search but the result set of the scheduled search is quite large. There...

by Motivator in

Chart sum as well as the source numbers

I would like to return a chart that has LOGIN SUCCESS LOGIN FAILURE and TOTAL LOGIN ATTEMPTS. In my logs I retur...

by Explorer in

Multiple raw text fields returned and charted

There have been many answers close to my solution but I have not been able to replicate based on those. I am look...

by Explorer in

absolutes and percentage of total

If I have something like page views by platform: search ... | stats sum(page_views) by platform which correctly...

by Engager in

String validation not working in splunk like String validation with Arthimetic operator & where is not working

If I am trying to match string in where like ..| where server=server108 is not generating result. Tried, server==serv...

by Communicator in

Lookup by file name

Hi group... I have systems that are categorized into security groups. I have one spreadsheet for each group wit...

by Motivator in

Search Query issues involving transaction & sum

Hello there, So I built this query and as the case often is it worked fine with a smaller set of test data but doe...

by Path Finder in

Use lookup to find out if a user is NOT in an Active Directory group

We're trying to construct a search that tells us if any group changes have been made to a user by someone in a group ...

by Path Finder in

Field extraction taking whole event as field

Hello Everyone I am working with three different files.Each file has different start time and end time.that all fi...

by Path Finder in

timechart without spaning

I would like to show the message_types from each event on a timeline. I think timechart would be the right element...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Is it possible ot get a unique user listing with sourcetype="who"?

Grouping results by count

Splunk search used to run fast now its taking forever

delta for multiple fields not calculating correctly

Web intelligence no data in reports

categorization based on frequent text

eval - inconsistent math result

Eventstats, eval and "category" assignment

Field extractor is unusually slow (max single event time=, probes=warning max=)

Eval math expression over null values

Can i show and hide columns on a table based on values?

Splunk search to remove entries where one value exists in another value

Find time between first and second events grouped - efficiently

DB Connect Timestamp Search Time results

Reached end-of-stream error troubleshooting

Can Splunk Do This? Index -> backfill -> /opt/splunk/var/run/splunk/dispatch

Chart sum as well as the source numbers

Multiple raw text fields returned and charted

absolutes and percentage of total

String validation not working in splunk like String validation with Arthimetic operator & where is not working

Lookup by file name

Search Query issues involving transaction & sum

Use lookup to find out if a user is NOT in an Active Directory group

Field extraction taking whole event as field

timechart without spaning

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

October Community Champions: A Shoutout to Our Contributors!

Automatic Discovery Part 2: Setup and Best Practices

Visually correlate two searches by field and count

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions