Splunk Search

Discussions

Thread Info

How to include multiple fields of the same type?

I would like to add all instances of a field within the same variable, named SynchronousExecution. Is there a better ...

by Engager in

How to achieve average of first 7 vs last 7 records?

Hi team,I have 14 records in the table, I want to find out average of first 7 and average of last 7 recordsHow can I...

by Engager in

How to separate OS name and OS version values from a field having combined value?

I have a column that holds OS Name along with it's version details. os_full_nameCentOS Linux release 7.1.1503 (Co...

by Communicator in

How to write a rex expression to pull out a specific bit of data?

Hello! So I'm trying to write a rex expression to pull out a specific bit of data from this:<plugin_output>Operating ...

by Path Finder in

Scheduled training using StateSpaceForecast/Smart Forecasting MLTK

Hi all, I trained a model using the Smart Forecasting tool (StateSpaceForecasting) algorithm using the Machine Lear...

by Engager in

Splunk Installation.

Hi, I'm new to Splunk, trying to understand for Splunk we have 1 installation we need to customize it to work as Fo...

by Explorer in

How to hide an entire field value?

Hello, I've an index where all my data is stored and I want to create 2 savedsearch : - one with all the data ...

by Explorer in

Is there any way we can control logs generation time?

Hi, Can you advise on my Query. Splunk Universal Forwarder installed on client machine, the are generating log fil...

by Explorer in

How to compare fields between db and lookup file and to pick a column value from lookup as resultant field?

I have two data sources - 1. Discovered data. Can be either a lookup file or a db table. Let's assume db table. I'm p...

by Communicator in

How to execute a dbxquery in Splunk by adjusting only the time tokens?

Hi Y'all, I am trying to execute a dbxquery in Splunk by adjusting only the time tokens. ...

by Contributor in

How to show result of if a field not contains another field?

Hi all, I have two fields. I want a splunk query that not a field contains another field. F...

by Observer in

How to compare last value with the 7th last value?

How to compare last value with the second last value? ...

by Observer in

Are there way to optimize this query?

Hello, following query is slow and processing a lot of data environment=tesxt earliest=-0d@d (index=iis_...

by Explorer in

How to Sum(column1, column2, column3) as column4?

I need to know how to Sum(CreatedSD?,CreatedBD,CreatedLOD) as CreatedTotal Login, Document and Loan Counts High Le...

by Engager in

How to capture all "Names" from a single event?

Hi, Hypothetically speaking, if I have the following event: q[pworei[qpweori[pqwoeirp[qowier[powierw"NAME"...

by Engager in

How to create a table that indicates a column with the sourcetype?

Hi everyone,I am currently trying to create a table that shows the count of activity by user as well as the occurrenc...

by Engager in

Help with tstats SPL query

Hi Team, In below query I am trying to pull all the host from various index and match those host in a list lookup ...

by Path Finder in

How to create Splunk search based on textbox field?

I have a splunk search query which shows the details but the problem here is it only shows the results if the hostnam...

by Path Finder in

Why are there different results for the same search however when rerun same results are returned?

I have done a search as below to create a table in Dashboard to list the top 20 users that upload files the most to c...

by Communicator in

How to pass token from search result?

Hi All, I had a panel "OS", that gives the value os in single value visualization, based on the value of ...

by Contributor in

How to create this graph in splunk

I want to create this graph in splunk can some one please help me . Required graph The one that i am gett...

by Engager in

How to change the order of stacked area chart where the small area is on top?

I am very new to Splunk I need to create a stacked bar/area chart where I have two separate searches. I'd like to ...

by Explorer in

How to extract field in json format?

Hi All, I have a log which is in Json format. I used spath and extracted the fields. But there is no field v...

by Path Finder in

How to use events from last 30 minutes find duplicates from last 4 hours?

Could someone help me with such a query? I am running a scheduled search every 30 minutes which aims to find duplicat...

by Explorer in

How to get dc and then sum of field?

<search>| eval vm_unit=case(vmSize="Standard_F16s_v2",2,vmSize="Standard_F8s_v2",1,vmSize="Standard_F4s",0.5,vmSize="...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to include multiple fields of the same type?

How to achieve average of first 7 vs last 7 records?

How to separate OS name and OS version values from a field having combined value?

How to write a rex expression to pull out a specific bit of data?

Scheduled training using StateSpaceForecast/Smart Forecasting MLTK

Splunk Installation.

How to hide an entire field value?

Is there any way we can control logs generation time?

How to compare fields between db and lookup file and to pick a column value from lookup as resultant field?

How to execute a dbxquery in Splunk by adjusting only the time tokens?

How to show result of if a field not contains another field?

How to compare last value with the 7th last value?

Are there way to optimize this query?

How to Sum(column1, column2, column3) as column4?

How to capture all "Names" from a single event?

How to create a table that indicates a column with the sourcetype?

Help with tstats SPL query

How to create Splunk search based on textbox field?

Why are there different results for the same search however when rerun same results are returned?

How to pass token from search result?

How to create this graph in splunk

How to change the order of stacked area chart where the small area is on top?

How to extract field in json format?

How to use events from last 30 minutes find duplicates from last 4 hours?

How to get dc and then sum of field?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!