Splunk Search

Discussions

Thread Info

How to get total number of hours elapsed from last event raised till now()?

Hey people, I want to find out the total number of hours that elapsed from the last event raised. This is ...

by Path Finder in

How can a regex query be written to extract source IP address?

The position of IP address is getting changed(appearing before or after https) in the logs, in such scenario how rege...

by Explorer in

How to group records and find the max/min per group?

Hello! Can I ask something very basic as it will help me get started quickly? How can I structure a query to: 1...

by New Member in

How to get only active hosts?

I have an application that have some instances/hosts. Because of change of throughput or instability new instances/ho...

by Explorer in

Is there a tools for Splunk to view messages in a cleaner format?

Hello, We have migrated from an app called Mirth to Splunk. With Mirth we used a tool called Interface Explorer fo...

by New Member in

インデックスデータの削除方法について

間違ったデータがインデックスされてしまいましたが、どのようにインデックス内のデータを削除すれば良いでしょうか？

by Contributor in

How to bold specific column headers in a table?

I have a dashboard with a table with 6 headers. I would like to bold the text of the second, fourth, and fifth colum...

by Path Finder in

Realtime search with a sliding window that doesn't snap to the hour?

Hi folks, I have a realtime search that looks at failed windows logins, producing a "single value" timechart visua...

by Explorer in

3rd Token handler doesn't work with 1st and 2nd token handler together?

Hi, Splunkers, I have the following token handler, if input "Gucid_token_with3handlers" is 2 digits number, it w...

by Communicator in

How to add two field values into new field?

I have a field A which has percentage values. Also, I have a field B which has percentage values in it. Both are diff...

by Path Finder in

How to join query with condition and comparison?

Hi, I need to show error messages for one particular service. But the challenge here is that for example , I ne...

by Path Finder in

How to configure pie-chart to display count within the chart?

I were able to append the count of each slice in the pie-chart to the back of each slice info. But I really want to d...

by Contributor in

Why are fields getting trimmed while fetching?

I have some error logs like below: TYPE=ERROR, DATE_TIME=2022-12-31 03:30:27,281, CLASS_NAME=myClass...

by Path Finder in

How can we limit the tstats record?

I am using tstats command from a while, right now we want to make tstats command to limit record as we are using in k...

by Path Finder in

How to get the exact row from a results table to use for other panel searches in the same dashboard?

Hello! I want to make an error monitoring dashboard. I want to have a table with (operation| okOperations/allOper...

by New Member in

How to get fields value which are not matched with other field value?

Hi, I have 2 searches. 1st query: (100 results including duplicate number) index="abc" message...

by Contributor in

How to create a dynamic dropdown based on token value?

Hey people, Here is what I am trying to do: - I have two dashboards, dashboardA & dashboardB - I am sending ...

by Path Finder in

How to search in active directory for servers connected in the last 14 days?

Hello and happy new year to all, As the title says I would like to have the list of servers that have connected ov...

by Path Finder in

How to delete or disable the orphaned searches?

i have few orphaned searches, which i need to reassign or disable or delete it. i am not able to do any of these.1. T...

by Path Finder in

How to top sbimb and top sbomb for each src_ip?

I have a report index IN (proxy) src_ip=* |eventstats sum(sbimb) as Totalsbimb, sum(sbomb) as Totalsbomb by src_ip...

by Explorer in

How to use MLTK to tune DNS Query Length Outliers query?

Hi All, I am trying to tune up a notable called DNS Query Length Outliers Using the MLTK App to set up the data, ...

by Engager in

Using Regex to split a field?

Hi Team, I have sample set of events coming from the same logs and here "x" denotes a digit mostly IP address in t...

by Contributor in

How to show eventstats over time?

i currently have a query that returns what I need for a single day. ( index=microsoftcloud sourcetype="ms...

by Explorer in

How to get latest events by specific field?

Hey folks, I have a query as such .. | ID="*" AND STATUS="*" | table _time ID STATUS ...

by Path Finder in

Can I resolve this Relative Time from Event Field error?

I am trying to extract a field containing the date an event actually happened rather than the _time field because the...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to get total number of hours elapsed from last event raised till now()?

How can a regex query be written to extract source IP address?

How to group records and find the max/min per group?

How to get only active hosts?

Is there a tools for Splunk to view messages in a cleaner format?

インデックスデータの削除方法について

How to bold specific column headers in a table?

Realtime search with a sliding window that doesn't snap to the hour?

3rd Token handler doesn't work with 1st and 2nd token handler together?

How to add two field values into new field?

How to join query with condition and comparison?

How to configure pie-chart to display count within the chart?

Why are fields getting trimmed while fetching?

How can we limit the tstats record?

How to get the exact row from a results table to use for other panel searches in the same dashboard?

How to get fields value which are not matched with other field value?

How to create a dynamic dropdown based on token value?

How to search in active directory for servers connected in the last 14 days?

How to delete or disable the orphaned searches?

How to top sbimb and top sbomb for each src_ip?

How to use MLTK to tune DNS Query Length Outliers query?

Using Regex to split a field?

How to show eventstats over time?

How to get latest events by specific field?

Can I resolve this Relative Time from Event Field error?

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

Your summer travels continue with new course releases

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions