Splunk Search

Ask a Question

Discussions

Thread Info

Splunk integration with grafana

Splunk newbie here! My usecase is to 1. monitor AWS EC2 webserver metrics (how do I push cpu, iostat, other stats...

by New Member in

How do I select first and second match as separate fields using Rex?

Hello, I have 1 field in Splunk which contains 2 short email headers in plain-text, for example: **From**: Me ...

by Path Finder in

Why does the map search break my base search?

So I have this search looking to send emails to people logging into a legacy SH, but the map command breaks my result...

by Path Finder in

How to change Splunk Health Status - Red?

Currently, Splunk cloud health is in RED. We are unable to search any query. Please help me to overcome from this ...

by Contributor in

How do I filter-out the 'resultToToss' based on the fact there's only 1 'SecondaryField' result for it?

I am trying to create a Splunk Alert which -- well, the details will take too long to explain  The issue is t...

by Path Finder in

Why is only the first word of the value is getting extracted?

Hello! I'm trying to pull in full product names into a table, but only the first word is getting pulled in. The ...

by Path Finder in

Help on chart from subsearch- How to display a bar chart with the site field in x axis

hello I need to display a bar chart with the site field in x axis For each site, I need to display 2 bar The...

by Motivator in

How to Calculate time difference with _metrics events?

We recently started working with metrics data. The application is sending metrics events with the dimensions: comp...

by Path Finder in

How to Move the table values to the top with query?

Hii,I have a data in the Splunk table like the below image. Arista ConsoleRule Host ...

by Communicator in

How to search a list of servers from a text file?

Hello, I have been given a list of 40 servers in a text file, all servers are separated by commas for example: ser...

by Path Finder in

Why does Splunk query not return Count?

Hi, I am running below query and expecting count of failureCount, warningCount in table as total count (1 row only), ...

by Path Finder in

What can be the query so that i can display the field " API.V1.WEBS_ENTITLED_PRODUCTS" and not its value?

I have the logs in this way : measures: { API.V1.WEBS_ENTITLED_PRODUCTS: 296 success: 300 } what ...

by Observer in

How to convert seconds into hours, minutes and seconds?

Hi all I'm not sure if somebody already asked a question like mine.How can I convert a field containing a duartion...

by Contributor in

How to achieve average number of events per unit of time in different days of the week?

Hi. How I can compare load during the same time every day for business days? I.e. time 11:oo AM - 7:00 PM on Mo...

by Path Finder in

How do I check, how long it took for one of the event to appear in splunk?

Hello All, How do I check, how long it took for one of the event to appear in splunk? By th...

by Path Finder in

Help with timechart drilldown without by clause

hello I timechart events without a by clause | timechart count(crash) as "crash" count(hang) as "...

by Motivator in

How to Add missing date by each id and fill 0 or null?

Hi everyone, I have a list of id and event by day. But some days are missing for some id, now I want to fill 0 or ...

by Communicator in

How to select only specific values into search?

Hi all, I have a table and I need to highlight the values that are greater than lets say 5 in a line graph. how to se...

by Path Finder in

How to write a Search to detect AD DSRM persistence?

Hi All,Has anybody implemented a search to detect the following use case ?https://adsecurity.org/?p=1785 Any suggesti...

by Builder in

How to create a timechart with a time field?

I'm trying to make a time chart where it uses the time value specified in my table. Rather than the default _time va...

by Path Finder in

How to create regex to capture a whole string?

I have a big event and I want to capture the string between "Message=" and "UpDocCaseRepository" in other words i ...

by Engager in

Can someone explain what a SearchResultWorkUnit is and why it would timeout?

I am using the SDK to create my first custom search command. I'm using the Splunk Free version to test it out. It ...

by Contributor in

How to create an alert for when the VPN goes down but only when the drop lasts more than 1 minute?

Hi I need to create an alert for when the VPN goes down but only when the drop lasts more than 1 minute. I woul...

by Builder in

Fill null delta for multiple object

Hello all, I have a set of data as below. In the column is value of each id according to the time _timeid = 12345...

by Communicator in

How to use fieldcolors

Hi, In one of my graphs I try to fixate the areacolors to red and green. However, I can't figure out how.Tried ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Splunk integration with grafana

How do I select first and second match as separate fields using Rex?

Why does the map search break my base search?

How to change Splunk Health Status - Red?

How do I filter-out the 'resultToToss' based on the fact there's only 1 'SecondaryField' result for it?

Why is only the first word of the value is getting extracted?

Help on chart from subsearch- How to display a bar chart with the site field in x axis

How to Calculate time difference with _metrics events?

How to Move the table values to the top with query?

How to search a list of servers from a text file?

Why does Splunk query not return Count?

What can be the query so that i can display the field " API.V1.WEBS_ENTITLED_PRODUCTS" and not its value?

How to convert seconds into hours, minutes and seconds?

How to achieve average number of events per unit of time in different days of the week?

How do I check, how long it took for one of the event to appear in splunk?

Help with timechart drilldown without by clause

How to Add missing date by each id and fill 0 or null?

How to select only specific values into search?

How to write a Search to detect AD DSRM persistence?

How to create a timechart with a time field?

How to create regex to capture a whole string?

Can someone explain what a SearchResultWorkUnit is and why it would timeout?

How to create an alert for when the VPN goes down but only when the drop lasts more than 1 minute?

Fill null delta for multiple object

How to use fieldcolors

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!