Splunk Search

Ask a Question

Discussions

Thread Info

Processes over time

Does anyone know how to get a report of server processes cpu over time?

by Path Finder in

Supress Subsearch Warning

Is there a way to hide the splunk notification message: [subsearch]: Your timerange was substituted based on your se...

by Communicator in

Trouble searching for multiple values using rex

I am having trouble searching mutliple patterns using rex. I have the log files containg the following pattern lines:...

by Communicator in

Is _indextime deprecated?

I'm trying to see if a clock is off on some of my servers and I want to compare the _time field with the time the eve...

by Builder in

Adding Servers monitored by Splunk

We are going through the process of adding more servers to our fleet and monitor them with splunk. 1. Does anyone kn...

by New Member in

[Beginner] timestamp in microseconds since boot

Just downloaded Splunk on my laptop and am trying it out on a log file. I am at: Home » Add data » Files & directorie...

by New Member in

How to show output of script to Splunk without indexing it

Hello Splunkers, I have a script that outputs data in tabular form to console. For exp: machine state A...

by Contributor in

mysqlconnector Required argument name=username cannot be an empty or all white space string

Trying to get the mysqlconnector working. I have the globla permissions set but when I do the explore databases, I ge...

by Explorer in

Modify timespan of a subsearch

Hi I’m trying to compare two days in my search, but not the whole day only e.g. from 00:00 till 13:30. index="summ...

by Path Finder in

Problem with Lookup table

Hello While using lookup table there are multiple entries coming up even when in the lookup table they have distin...

by Motivator in

how does splunk analyse URL？

for example： x.company1.com x.x.company2.com.cn x.x.x.company3.cn x.company4.co.jp how to extract with rex those "com...

by Contributor in

Need help with Stats report

I have hundreds of log files containing the following pattern. Basically, I need to create a report for each PROJECTN...

by Communicator in

calculating average bandwidth

I've got a log that looks like the following after extraction.... RPD_MPLS_PATH_UP: MPLS path up on LSP host1 path...

by Contributor in

Gauge to show current % usage of monthly bandwidth

I am trying to produce a gauge which will display the current percentage used of my fixed monthly bandwidth of 200GB....

by New Member in

Does Splunk support logback as source type?

Splunk supports log4j as source type. But we use logback. Hence are there any ways for mentioning logback as source t...

by New Member in

Specific Page Views by Day

How can I see a specific page's view count by day? For any given day, it will show the count of the number of views. ...

by Communicator in

Wrong sorting

Hi everyone, We met a problem with sorting data in a table. We sort users id-s, let's say there's 350000 of them, ...

by Builder in

Calculate percentage from a join query

I need to calculate the percentage of products that I have searched for that exist in a specific product catalog. ...

by Explorer in

rex extraction of multiple fields from a record (multi-line)

I'm trying to extract some Oracle audit log fields on the fly. I can't seem to get my regex to match. Source: A...

by Communicator in

How do I get all the values.

I have tried this source=/var/log/testlog "EXP" OR "Q up" OR "X listing" | rex "(?<myword>EXP|Q up|X listing)" | ...

by New Member in

Can't replace a healthcheck string in nginx

Hi, I have looked at the docs and tried to remove a line from nginx access log regarding our LB : 192.168.27.16...

by New Member in

Subsearch Realtime - Parent Search Last 5 minutes

Is it possible to have a subsearch looking for a log entry in realtime, then take that field and look back the past 5...

by Builder in

Using rex to extract one or two character digit from string

Hello I am trying to extract some digits from a string and I can't seem to get the regex to work. Here is an example ...

by Path Finder in

I just need to see a simple example of using click.value where my summary chart can be used to drill down to raw events.

I've got a dashboard that renders using summarized data. When a user clicks on the chart, I want Splunk to return the...

by Champion in

Search for unique count of users

Hi, I have a Splunk query which lets me view the frequency of visits to pages in my app. sourcetype="iis" sourc...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Processes over time

Supress Subsearch Warning

Trouble searching for multiple values using rex

Is _indextime deprecated?

Adding Servers monitored by Splunk

[Beginner] timestamp in microseconds since boot

How to show output of script to Splunk without indexing it

mysqlconnector Required argument name=username cannot be an empty or all white space string

Modify timespan of a subsearch

Problem with Lookup table

how does splunk analyse URL？

Need help with Stats report

calculating average bandwidth

Gauge to show current % usage of monthly bandwidth

Does Splunk support logback as source type?

Specific Page Views by Day

Wrong sorting

Calculate percentage from a join query

rex extraction of multiple fields from a record (multi-line)

How do I get all the values.

Can't replace a healthcheck string in nginx

Subsearch Realtime - Parent Search Last 5 minutes

Using rex to extract one or two character digit from string

I just need to see a simple example of using click.value where my summary chart can be used to drill down to raw events.

Search for unique count of users

.conf25 Registration is OPEN!

Detecting Cross-Channel Fraud with Splunk

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

MLTK - What algorithm should I use?

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions