Splunk Search

Discussions

Thread Info

How to calculate daily volume of logs ingested by index?

HI all, I am trying to figure out the best method for determining the volume of logs ingested into my various indexes...

by Path Finder in

How to get next 10th minute for the field time in Splunk?

I am getting the output time but i want to round the time value for next 10th minute.the excepted output is the roun...

by Path Finder in

How to calculate Top limit=10 OR head 10 not working by Count?

Hi Team I have a query where I am doing the TimeChart & % (not using the timechart and calculate the % in tim...

by Path Finder in

Why do search lookup returns no results found?

Hello!We are enriching some data and want to be able to then search the results matched from the lookup table. It wo...

by Communicator in

How to use distinct count of multiple fields?

I have data that looks like the following: Week Employee Project# 6/3/2022 A ...

by Explorer in

How to create a 14 day search for specific time range (02:00 - 06:00) only?

by Path Finder in

How to extract a Multi-Valued Field?

I've imported a .csv that has many fields, but the only one I care about has multiple values in it. pluginText: <...

by Path Finder in

How to match field values with multivalue field?

I have a data with two fields: User and Account Account is a field with multiple values. I am looking for a search...

by Explorer in

How to pivot convert in Splunk?

Hi, I habe a table after using stats: | stats values(durationSum) as duration by Fauf Station. How can I conve...

by Path Finder in

TimeChart Percent Query - How to Sort on specific field count

Hello Experts, I am stuck with a timechart % query and I want to sort basis a field count and not the default sort...

by Path Finder in

Error in 'similarity' command: External search command exited unexpectedly with non-zero error code 9

index="main" source="all_digikala1.csv" | table title price | map search="search index=main source=all_si...

by Engager in

How to covert Duration in String to seconds?

Hi Team, I have time in below two formats and I want to convert them to minutes. How can I do this Format 1 ...

by Path Finder in

Can you use a wild character in a Multiselect?

Hi In a MultiSelect is there any way to us a wild character? My Data XYC_123 EOD_1234 EOD_23232 EOD_343434 a...

by Influencer in

How to extract JSON array contents to lookup table?

I've got a JSON array I ingest that I want to extract certain fields from to save into a lookup table. Here's an e...

by Explorer in

How to add currency symbol to pie chart hover text?

Is there a way to show currency symbol after the value? Like $393.26

by Loves-to-Learn in

How to achieve top 10 src_ip's along with top 10 urls for each src_ip?

I'm trying to run a query to figure out the top 10 src_ip's along with their top 10 urls visited. When I try the belo...

by Engager in

How to clean up query for top 10 urls of top users?

I'm currently building a query that reports the top 10 urls of the top 10 users. Although my current query works, I w...

by Explorer in

Suggestions for Tenable .csv field extraction

Within the tenable:sc:vuln sourcetype there is a particular field "PluginText" that has a value for hardware serial n...

by Path Finder in

How do I modify x-axis values to display date only for each column?

Hi, how can I modify x-axis in order to display date only for each column. query | eval finish_...

by Path Finder in

How to add field from a lookup in an index search and displaying the result

Hello, I have a lookup on which we have two columns, one with the computer name and the other with the OS version....

by Explorer in

Host field missing in events coming from a particular machine- How do I find host field information?

I am not able to find the host field information for the events coming from a particular machine. This is related to...

by Explorer in

How to concatenate Dynamic multivalue fields to single value fields?

Hi all, I have events coming in that have multivalue fields, but not always the same fields are multivalue. I want...

by Explorer in

How to convert at InfluxDB SQL query to a Splunk SPL search?

We have a FIG (fluentD/InfluxDB/Grafana) setup in which we want to change the IG part to Splunk. We have several dash...

by New Member in

Is there any way to use all returned values under a certain field in a search?

Let's say I have a multivalue fieldA and a fieldB. I know you can do something like "| where field=value" in a search...

by Engager in

Why are Tokens not getting recalculated on changing the form value?

Hi team, As per my requirement, on changing a particular form element [Token 1] , a set of other tokens [Token2,To...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to calculate daily volume of logs ingested by index?

How to get next 10th minute for the field time in Splunk?

How to calculate Top limit=10 OR head 10 not working by Count?

Why do search lookup returns no results found?

How to use distinct count of multiple fields?

How to create a 14 day search for specific time range (02:00 - 06:00) only?

How to extract a Multi-Valued Field?

How to match field values with multivalue field?

How to pivot convert in Splunk?

TimeChart Percent Query - How to Sort on specific field count

Error in 'similarity' command: External search command exited unexpectedly with non-zero error code 9

How to covert Duration in String to seconds?

Can you use a wild character in a Multiselect?

How to extract JSON array contents to lookup table?

How to add currency symbol to pie chart hover text?

How to achieve top 10 src_ip's along with top 10 urls for each src_ip?

How to clean up query for top 10 urls of top users?

Suggestions for Tenable .csv field extraction

How do I modify x-axis values to display date only for each column?

How to add field from a lookup in an index search and displaying the result

Host field missing in events coming from a particular machine- How do I find host field information?

How to concatenate Dynamic multivalue fields to single value fields?

How to convert at InfluxDB SQL query to a Splunk SPL search?

Is there any way to use all returned values under a certain field in a search?

Why are Tokens not getting recalculated on changing the form value?

.conf25 Global Broadcast: Don’t Miss a Moment

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions