Splunk Search

Discussions

Thread Info

How can I get the latest event by a specific field?

Hello, I have the following event data: City,Date,Temp,Sky New York,2016-11-10,20,Clear New York,2016-11-10-19,...

by Motivator in

How to build a search that shows the uptime of Splunk and the host reporting to Splunk?

I am required to build a search which will show the uptime of all my Splunk components over a period of one month. Al...

by Explorer in

Is there any way to do stats count over multiple time frames?

Is there any way to do stats count over multiple time frames? I am trying to replace something written in perl and...

by Path Finder in

How to extract multiple sets of fields from one sourcetype

I'm currently forwarding data from a pfSense Firewall in our Splunk Light instance. This works pretty well and I defi...

by Engager in

How to trim off the last 7 characters from a field?

Hi, I have a field with fields as below: name -------- abcd - xyz cdef - xyz adfeq - xyz I want to trim "- ...

by Communicator in

How to retrieve information behind java.lang using rex?

Hi, I am trying to retrieve the information behind the value "at java.lang. ..." I tried the following command ...

by Engager in

How to limit the number of result lines from stats

Hi! I have some data from which I would like a summary report with only the most active clients in the list. The s...

by Communicator in

How many custom shapes does choropleth map support?

http://blogs.splunk.com/2015/10/01/use-custom-polygons-in-your-choropleth-maps/ Use Custom Polygons in Choropleth Map...

by Contributor in

Analysis on splunk users

Analysis on splunk users, for this i need to display _time host user total_run_time searchQueryUsed Url Please ...

by Communicator in

How to edit my search to calculate values inside JsonArray

Hi *, I have some trouble with Splunk stats functions :). I have a JSONArray event like this and I need to sum all...

by Engager in

How can I optimize my search?

This search is taking too much time to execute, around 20 mins. Is it because of the lookup? index="access_log_ind...

by Explorer in

Search Job inspector - dispatch.fetch slow - why?

I'm working on tracking down some slowness in searches of all types that I am doing. Looking at the search inspector ...

by Path Finder in

Calculate Difference between two time fields in single event

Hi All, Am trying to calculate difference between starttime and endtime for tasksession, both start and end time a...

by Path Finder in

How can i display dates between two dates?

I have a log that has Start date=23/nov/2016 enddate=23/dec/2016.now i need to display the dates between the dates .

by Path Finder in

distinct count using stats and eval

I am slowly going insane trying to figure out how to remove duplicates from an eval statement. where acc="Inc" AND...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How can I get the latest event by a specific field?

How to build a search that shows the uptime of Splunk and the host reporting to Splunk?

Is there any way to do stats count over multiple time frames?

How to extract multiple sets of fields from one sourcetype

How to trim off the last 7 characters from a field?

How to retrieve information behind java.lang using rex?

How to limit the number of result lines from stats

How many custom shapes does choropleth map support?

Analysis on splunk users

How to edit my search to calculate values inside JsonArray

How can I optimize my search?

Search Job inspector - dispatch.fetch slow - why?

Calculate Difference between two time fields in single event

How can i display dates between two dates?

distinct count using stats and eval

Observability Unveiled: Navigating OpenTelemetry's Framework and Deployment Options

Observability | How to Think About Instrumentation Overhead (White Paper)

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

How to find events between time ranges for a servi...

How to combine rows based on parent-child relation...

Outputlookup to a kvstore does not write results

How do I limit a search to everything except the t...

StatsBuffer::read: Row is too large for StatsBuffe...