Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Search
Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
Options
- Mark all as New
- Mark all as Read
- Float this item to the top
- Subscribe
- Bookmark
- Subscribe to RSS Feed
- Threaded format
- Linear Format
- Sort by Topic Start Date
Community Activity
 | So i have a splunk deployment that i have a saved search that is want to transform the user_id in to a related piece ... by marguin New Member in Splunk Search 06-01-2012 0 1 | 0 | 1 | |
| | I have a custom search command which uses the streaming API to retrieve query results. Here's a snippet: results ... by hulahoop Splunk Employee  in Splunk Search 06-01-2012 0 4 | 0 | 4 | |
| | I would like start setting baselines for devices that are sending logs to splunk. An example: using splunkd metrics g... by EricPartington Communicator in Splunk Search 06-01-2012 0 2 | 0 | 2 | |
| | Splunk support the statistical function "mode(X)". According to the Splunk documentation this function returns the mo... by lpolo Motivator in Splunk Search 06-01-2012 0 3 | 0 | 3 | |
| | In the manual we have: sourcetype=access_* action=purchase [search sourcetype=access_* action=purchase | top limit=... by mseffrin Engager in Splunk Search 06-01-2012 0 1 | 0 | 1 | |
| | http://docs.splunk.com/Documentation/Splunk/4.2.4/User/RealtimeSearch#Real-time_backfill Realtime backfill, how is t... by Dark_Ichigo Builder in Splunk Search 06-01-2012 0 1 | 0 | 1 | |
| | I have the following search which displays amounts of records by month (X-axis). index="billing" suspededrecords |... by mcwomble Path Finder in Splunk Search 05-31-2012 2 4 | 2 | 4 | |
| | So I want use bucket to group my data by weeks that start on Mondays if I change my query to use earliest=-1w@w1 late... by aarcro Explorer in Splunk Search 05-31-2012 0 4 | 0 | 4 | |
| | Once a week when Symantec runs a full scan our quota gets blown out of the water. Is there a way to filter these eve... by andrewsmiley Engager in Splunk Search 05-31-2012 1 2 | 1 | 2 | |
| | Is it possible to chain together two searches? Basically, need to grab the IP address from my webserver logs (if it ... by gehogan3 Explorer in Splunk Search 05-31-2012 0 1 | 0 | 1 | |
 | Hi , I have been using the stats avg(duration) as Avg_Duration in my query.But while displayin the Avg_Duration i am... by rakesh_498115 Motivator in Splunk Search 05-31-2012 0 5 | 0 | 5 | |
| | Is it possible to apply a search-time field extraction to all inputs? Our log files (across multiple hosts, sources ... by Jordan_Brough Path Finder in Splunk Search 05-30-2012 0 3 | 0 | 3 | |
| | I have multiple key value pairs in a line like so: summary=" Policy Rule modified" summary=" Policy Rule number 2 mod... by timbCFCA Path Finder in Splunk Search 05-30-2012 1 3 | 1 | 3 | |
| | I'm fairly new to Splunk search strings so hopefully someone can help. I'm trying to create a three column search: ... by neilsussman Explorer in Splunk Search 05-30-2012 2 3 | 2 | 3 | |
| | Hello, I have an application sending logs to the windows event log with a lognamename of ErrorLogs. The error log l... by dturner83 Path Finder in Splunk Search 05-30-2012 1 4 | 1 | 4 | |
| | I constructed transactions with "startswith" and "endswith" and I am trying to identify those incomplete transactions... by myli12 Path Finder in Splunk Search 05-30-2012 1 3 | 1 | 3 | |
| | I Have Two sourcetypes defined . i need to write a query integrating the two sourcetypes and should get a single resu... by rakesh_498115 Motivator in Splunk Search 05-30-2012 0 1 | 0 | 1 | |
| | Hi all! I have two searches that I want to display in the same search and pipe them out in a time-chart Both search... by Norling Explorer in Splunk Search 05-30-2012 0 2 | 0 | 2 | |
| | I have a lookup table that contains details about Nessus plugins -- the Nessus ID, Plugin Name, Risk Factor, and a fe... by responsys_cm Builder in Splunk Search 05-30-2012 0 1 | 0 | 1 | |
| | Hi there, This should be a pretty simple question. I have looked around for a while. We have a web log we are trying... by zloc Engager in Splunk Search 05-29-2012 0 2 | 0 | 2 | |
| | This may be confusing, so I'll try to explain it as best as I can. I've got a search that looks for servers that get ... by jevenson Path Finder in Splunk Search 05-29-2012 0 1 | 0 | 1 | |
| | I'm unable to get this search to output anything except the _time of the first search: |set diff [ search index="col... by nelsonb Explorer in Splunk Search 05-29-2012 0 5 | 0 | 5 | |
| | I have a chart that I want to drilldown on and display another graph based on the drilldown results in a popup window... by jedatt01 Builder in Splunk Search 05-29-2012 1 3 | 1 | 3 | |
| | Hi, I'm a relative newbie (power noob?) who is having issues with extracting fields from a multi-line event. A sampl... by a212830 Champion in Splunk Search 05-29-2012 0 4 | 0 | 4 | |
| | I am attempting to look for the top 10 offenders of a specific event type, and get their IP address. That I can do no... by tmarlette Motivator in Splunk Search 05-29-2012 0 4 | 0 | 4 |
Get Started
Explore Essential Splunk Resources
Get Expert Help at Community Office Hours
Join the #search-help Slack channel
Get Expert Help at Community Office Hours
Join the #search-help Slack channel
Become An Expert
Claim a $25 Cisco Store Gift Card
Help us improve the Splunk Community and complete our survey today!
Top Labels
-
administration
3 -
alert action
3 -
alert condition
2 -
Analytics Workspace
2 -
authentication
1 -
chart
943 -
Classic dashboard
1 -
configuration
2 -
correlation search
1 -
count
1,002 -
Dashboard Studio
3 -
data
3 -
data model
1 -
development
6 -
distributed search
1 -
drilldown
1 -
email
1 -
eval
2,607 -
field extraction
2,015 -
fields
2,057 -
host
1 -
index
4 -
indexer
2 -
inputs.conf
1 -
intermediate forwarder
1 -
introduction
5 -
join
1,056 -
JSON
2 -
Linux
2 -
login
1 -
lookup
1,559 -
metadata
307 -
monitoring console
2 -
other
140 -
panel
2 -
PDF
1 -
Python
1 -
regex
1,497 -
report acceleration
2 -
rex
1,245 -
SAML
1 -
saved search
5 -
scheduled search
4 -
scripted input
1 -
search
2 -
search head
3 -
search job inspector
680 -
search peer
1 -
simple XML
1 -
source
1 -
sourcetype
4 -
Splunk Web Framework
1 -
splunk-assist
1 -
splunkd
1 -
stats
3,553 -
subsearch
1,718 -
summary indexing
4 -
table
1,747 -
time
1 -
timechart
1,156 -
transaction
451 -
transforms.conf
1 -
troubleshooting
8 -
tstats
565 -
universal forwarder
5 -
using Splunk Cloud
2 -
using Splunk Enterprise
13 -
Windows
3
- « Previous
- Next »
Get Updates on the Splunk Community!
Index This | Why did the turkey cross the road?
November 2025 Edition
Hayyy Splunk Education Enthusiasts and the Eternally Curious!
We’re back with this ...
Enter the Agentic Era with Splunk AI Assistant for SPL 1.4
🚀 Your data just got a serious AI upgrade — are you ready?
Say hello to the Agentic Era with the ...
Feel the Splunk Love: Real Stories from Real Customers
Hello Splunk Community,
What’s the best part of hearing how our customers use Splunk? Easy: the positive ...
