Splunk Search

Discussions

Thread Info

Another Noobie question: how to search for terms / keywords that are "close" to each other?

strong textHi, I've been searching around the forum and have been unable to find any guidance on this question. I ...

by Engager in

How to get a daily count of distinct users over a large time range without re-running from beginning of time

I have a simple "| stats dc()" command to get a cumulative sum of distinct users; however, I don't want to have to ru...

by Explorer in

Props and field extraction not working

I was using IFX and regex to extarct fields from my log but I keep getting this error in the Splunkd Log 03-13-201...

by Path Finder in

"Unknown search command" with subsearch

I'm stumbing over subsearches. In our system, app server logs contain an SID (session ID). It's trivial to find al...

by New Member in

Query time modifier

I have a saved search and I would like to limit the output to a specific timeframe- but unfortunately I am getting co...

by Path Finder in

Field calculations in groups of events

Basically, I need to group my events by 3 fields (LOGIN, field 1, field 2) and make custom calculations in each group...

by Contributor in

How do I get ratio of counts from one search to counts from another?

I'm using splunk to track events that happen with users in different treatments of a split test. For example, how oft...

by Explorer in

Search result value as an argument to perl script

Hi, I am invoking perl script with script command in search, which needs to take search result field as an argument t...

by Contributor in

Image on a single value panel

This must be really simple but I can't figure out a simple way to include a png file along with the result of a searc...

by Path Finder in

Map and Transaction - long running query

Hi all, I'm running a query and the results are taking too long to appear, so I was wondering if you can help me out....

by Path Finder in

Extract string from VERTICA-MIB::vertHostName = STRING: "vertica-1"

This is the string : VERTICA-MIB::vertHostName = STRING: "vertica-1" i'm trying to extract the hostname so added t...

by New Member in

index event count

How can I get the total number of events occurred in a particular day for all my indexes?

by Path Finder in

count(failure) is returning 0 always

Hi, I am trying to find the count of total failure to calculate the failure percentage. | stats count...

by Explorer in

XML Field Extraction -- Multiple Lines

I am new to Splunk and have been messing with this for about a week so I am looking to the community to help. I prett...

by New Member in

Upgraded to 5.x, now my _internal search doesn't work - what changed?

On 4.3.2 I used to able to run this search to check input modules loaded.. index=_internal source=*splunkd.log spl...

by Communicator in

Monitoring OS parameters using Splunk

I am monitoring, couple of servers using Splunk Universal Forwarder. Hence, I would like to have CPU,MEM,Disk & Netwo...

by Explorer in

Include all Values in search results. Eliminate OTHER

Smaller values from a search get thrown into a bucket called 'Other'. I need all the values, even the small ones. ...

by New Member in

Does wildeward search in source attribute work?

I assume that searching with source=* should work? What could be the reason that this query works: index=prd_stats...

by Path Finder in

dedup on values of a field that match certain regular expressions

I have a few different values for a Status field that match a certain regular expression that I would like to dedup o...

by Contributor in

how to identify unique user entry

Log 11:34:23 http://www.rohm.com , customername="Hamilton",uuid="245209820udwdef34", customer id 5 Log 11:37:39 h...

by Explorer in

Calculating fields by groups of events

Hello, I need to group events by 3 filelds ip,login and city (one group with same login,same ip and same city), somet...

by Contributor in

How much of the time is...

I'm collecting lots of data about a large amount of machines with the linux and unix ta (but that's a bit irrelevant ...

by Engager in

Hot Spot Data

Just started using a mobile hot spot from a phone carrier, will I be able to monitor my data usage on the hot spot by...

by New Member in

Calculate a percentage from three events

Hi, I'm hoping you can help me I currently have a graph that have 3 events lets call them event1, event2 and event...

by New Member in

transaction group by two IDs

I have data that has two IDs for each transaction. Of course most logs have one or the other and only one has both. I...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Another Noobie question: how to search for terms / keywords that are "close" to each other?

How to get a daily count of distinct users over a large time range without re-running from beginning of time

Props and field extraction not working

"Unknown search command" with subsearch

Query time modifier

Field calculations in groups of events

How do I get ratio of counts from one search to counts from another?

Search result value as an argument to perl script

Image on a single value panel

Map and Transaction - long running query

Extract string from VERTICA-MIB::vertHostName = STRING: "vertica-1"

index event count

count(failure) is returning 0 always

XML Field Extraction -- Multiple Lines

Upgraded to 5.x, now my _internal search doesn't work - what changed?

Monitoring OS parameters using Splunk

Include all Values in search results. Eliminate OTHER

Does wildeward search in source attribute work?

dedup on values of a field that match certain regular expressions

how to identify unique user entry

Calculating fields by groups of events

How much of the time is...

Hot Spot Data

Calculate a percentage from three events

transaction group by two IDs

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions