Splunk Search

Ask a Question

Discussions

Thread Info

How to convert bytes to megabytes for use in my timechart search?

Hi, I am writing a search: timechart span=1h sum(Bytes) AS "MBytes " In the same search, I want it to retu...

by Explorer in

Why does a simple Splunk search such as index=abc take a long time to complete?

Hi, I am working on a distributed splunk environment. I have created an app and a separate indexer for this app to...

by Communicator in

How does this search from Splunk documentation work to calculate the percentage of outliers?

I'd like to understand the mathematical meaning of the below search on documentation. Is this my understanding right ...

by Explorer in

Why is my search returning "Error in 'eval' command: The expression is malformed. Expected XOR"?

Hi everyone, I have this search: index=main sourcetype=WinEventLog:Security | eval Logon_failur = case((Event...

by Communicator in

How to combine two values from separate searches to get an average?

I have 2 searches index=test field1=abc field2=xyc | stats dc(field3) as Devices and index=test field1=abc ...

by Engager in

Transpose Multi Value Fields

So I'm working on a new App, one that generates summary data based on eventtypes and fields. The summary data looks l...

by SplunkTrust in

How can i use a eval expression with a result other then previously defined?

Hi, Im currently building a dashboard and one of my search strings is the one below. I currently see the values GP...

by Explorer in

How to only show stats max(value) where min(value) is greater than 0 in the last 5 minutes?

Hi all, just getting started and trying to get something together quickly to show management so forgive asking what i...

by Engager in

How to display the average of the week as a straight line overlay in a timechart?

I have a timechart with the Duration average (ca. 16ms) per second. timespan is 4s, the timechart itself is over 1 ho...

by Explorer in

How to edit my search to find the percentage of total bytes used for each URI path in the top 10?

Hi everyone, I need your help. My current search is like this: index="ihs_test" uri_path="*.jhtml" OR uri_path...

by Path Finder in

How to edit my XML to initialize tokens for a contextual drilldown to point to different tables?

I have 3 tables. I want 2 things here: a) Click on Source 1, in Table 1, and Table 2 should show up b) Click on Sour...

by Path Finder in

Does accelerated searching cache data so it's faster to load that dashboard later?

I currently have a dashboard with 24 panels on it. I went ahead and set each report/panel to accelerated and also put...

by SplunkTrust in

How to display the output for tomcat logs with starttime and endtime?

Hi, For query (SEVERE OR exception OR CRITICAL OR "[error]")|rex field=_raw "(?^\d\d-\w\w\w-\d\d\d\d\s\d\d:\d\d:\...

by Communicator in

Splunk DB Connect: Can the lookup table for defining extra fields in a datamodel be a dblookup?

It seems that the lookup table for defining extra fields in datamodel can not be a dblookup (database lookup)? Can so...

by Path Finder in

How to extract a field that appears several times, but with different values for every event?

Hello community, Can you give me a hand with the following case: I have the following log and desire to extract...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to convert bytes to megabytes for use in my timechart search?

Why does a simple Splunk search such as index=abc take a long time to complete?

How does this search from Splunk documentation work to calculate the percentage of outliers?

Why is my search returning "Error in 'eval' command: The expression is malformed. Expected XOR"?

How to combine two values from separate searches to get an average?

Transpose Multi Value Fields

How can i use a eval expression with a result other then previously defined?

How to only show stats max(value) where min(value) is greater than 0 in the last 5 minutes?

How to display the average of the week as a straight line overlay in a timechart?

How to edit my search to find the percentage of total bytes used for each URI path in the top 10?

How to edit my XML to initialize tokens for a contextual drilldown to point to different tables?

Does accelerated searching cache data so it's faster to load that dashboard later?

How to display the output for tomcat logs with starttime and endtime?

Splunk DB Connect: Can the lookup table for defining extra fields in a datamodel be a dblookup?

How to extract a field that appears several times, but with different values for every event?

What’s New in Splunk Cloud Platform 9.1.2308?

Index This | Why do they call it hyper text?

State of Splunk Careers 2023: Career Resilience and the Continued Value of Splunk

Parsing host names when a single rex doesn't fit a...

Users with the same roles, in the same app, and sa...

auto_generated_pool_download-trial

Automatic lookup during data ingestiont (Splunk cl...

Working with OpenTelemetry Cumulative Histogram Bu...