Splunk Search

Ask a Question

Discussions

Thread Info

Event correlation: how to find only events _not_ referenced by others?

Consider the following three events: 1: time=xxxx,sent=Item1,recd="Item0" 2: time=xxxx,sent=Item2,recd="Item1,Item...

by Path Finder in

stats count, only show if 2 or more

I am using the following, but I only want to see events if the number dest_ip are 2 or more. |top 10000 src_ip, de...

by Contributor in

Using a rex value in where statement

Hey everyone. In my data's filename there is an indicator which indicates the type of data that it is. It can either ...

by Builder in

addcoltotals need divide

when addcoltotals some need sum ,and another need divide .eg. addcoltotals total per/count . Could you tell me how to...

by Explorer in

Question regarding Search Jobs

What is meant by creating new search job that runs "search error" ?

by Communicator in

problem in query

I am using this query to get the Percentage CPU Utilization. index=os sourcetype="cpu" minutesago=15 | eval human_...

by New Member in

searching for disk and network commands

Does anyone know how do I perform a search on the "top 10 processes by disk" which consists of the names as well as t...

by Explorer in

|dbinspect returns No results

When I try to run dbinspect, it returns no results: | dbinspect index=_internal span=1d I have a single search hea...

by Motivator in

Count number of users who logged in every hour for last 15 days

Hi, My log contains entries as shown below: [2012-03-07 23:57:49:107 GMT+00:00][12321312332432545435435543.http...

by Path Finder in

Top Results After Timechart

I don't really know how to explain this so I will do my best. I have a bunch of data that I want to analyze. Each ...

by New Member in

How to find max value of multiple fields in one record?

I have a record that shows multiple temperature readings of a device in a single record. Each "temp" has it's own uni...

by New Member in

Creating a search job.

To create a search job one has to 1.use the REST endpoint '/services/search/jobs'. 2.Use the POST method and inc...

by Communicator in

Lead\ Lag in splunk?

Hi, when I work with SQL I find the "Lead\ Lag" function very crutial. I'm using it mostly between dates. Does splun...

by Path Finder in

How to search for results using Java splunk api

How do i call the Java splunk api to search using the splunk search language from the Splunk search endpoint?

by Communicator in

find max of averaged field over a month of daily data

I've got a very basic query which computes an average of some daily attempts to do something like this: index=moni...

by Path Finder in

find max of two averaged fields over a month of daily data

I've got a very basic query which computes an average of some daily attempts to do something like this: index=moni...

by Path Finder in

Unable to get viewstate information;formatting may not be correct

From time to time when moving an application from development to production we get the following view start error. "U...

by Path Finder in

Reformat a field

My logs contain mac addresses. Sometimes they have colons and sometimes dots. I want to build a view where the user i...

by Builder in

timechart without a split clause not showing all results

I have a search showing 288 results but the chart is not showing them all I know timechart has a "limit" switch bu...

by Motivator in

Top Values of 2 fields

Hi, I'm trying to create a search that would show the following data Top unique field1 Top field2 E.g. (Usernam...

by Communicator in

Getting "error code 1" messages when trying to do an external lookup 4.3

In 4.3 Getting "error code 1" messages when trying to do an external lookup with a Python Script. Script runs ok stan...

by Splunk Employee in

multiple output rex with a directory sometimes exists

Hi I have a question about a rex with multiple outputs. I use rex to get two fields out of the source-path to fill...

by Engager in

splunk 4.3 - searchPostProcess on chart component not working

After upgrading to 4.3 our custom forms with a chart component started to show up the following error: Search did...

by New Member in

Join or something better?

I'm new to splunk, here's my issue. I have a log file which contains the extracted fields below: task_id task_duratio...

by Explorer in

Dotted Line chart with Multiple Lines

A while back I posted this question: http://splunk-base.splunk.com/answers/29015/dotted-line-chart The answer gave...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Event correlation: how to find only events _not_ referenced by others?

stats count, only show if 2 or more

Using a rex value in where statement

addcoltotals need divide

Question regarding Search Jobs

problem in query

searching for disk and network commands

|dbinspect returns No results

Count number of users who logged in every hour for last 15 days

Top Results After Timechart

How to find max value of multiple fields in one record?

Creating a search job.

Lead\ Lag in splunk?

How to search for results using Java splunk api

find max of averaged field over a month of daily data

find max of two averaged fields over a month of daily data

Unable to get viewstate information;formatting may not be correct

Reformat a field

timechart without a split clause not showing all results

Top Values of 2 fields

Getting "error code 1" messages when trying to do an external lookup 4.3

multiple output rex with a directory sometimes exists

splunk 4.3 - searchPostProcess on chart component not working

Join or something better?

Dotted Line chart with Multiple Lines

Celebrating Fast Lane: 2025 Authorized Learning Partner of the Year

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Error preventing me from saving search with chart

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

Splunk Search

Are you a member of the Splunk Community?

Discussions