Splunk Search

Ask a Question

Discussions

Thread Info

how to use one token with different evaluation for 2 panels query under different conditions.

Hi, Splunkers， I have a dashboard with 2 panels. there is one input token, Gucid_token, what I need is when Gu...

by Communicator in

Automatic extraction bug?

Hi, I am facing the next problem. When having the next _raw: process="\"C:\\Windows\\regedit.exe\" /s \"C...

by New Member in

How can I identify which heavy forwarder or universal forwarder are sending logs?

Hi, I have a problem in my infrastructure the logs are being duplicated, I am trying to identify from which origin...

by Engager in

Identifying inactive Hosts that crashed

I'm trying to identify inactive hosts that crashed (through an alert). Inactive hosts - hosts that haven't logged i...

by Engager in

How to calculate the percentage of certain field occurence in the events ?

In my events, there is a field called "is_interactive" which has value of either 0 or 1.Now the thing is, not all of...

by Contributor in

How to build a table from different fields from a single event

Hello I'm having this situation where I have a query returning a single event and I need to build a compound table ...

by Explorer in

Field subtraction

Can anyone assist me with the SPL to subtract EBVS% and PFAVS% fields to allow the successful plays field to improve?...

by Path Finder in

How to make the dashboard to display latest result by default

I have made my search query for all time because I have created dropdown for month date and year. But I want the sear...

by Path Finder in

time chart only computing the first part of the calculation

Hello,I am working with the timechart command on my following query and I am running into some problems.I am trying t...

by Loves-to-Learn Lots in

Eval with stats on multiple fields

I am looking for help on stats with eval Input Events (each json is a event): { "app_name": "app1","logE...

by Path Finder in

Splunk - How to not perform search for greater than 30 days in Time Picker.

I have a Panel in a Dashboard which shows results of a Query and picks the time range from a TimePicker. Goal: If ...

by Path Finder in

Search performance issues after Splunk Upgrade 8.0.7 to 8.2.3 with mostly metrics based indexes

After we upgraded from 8.0.7 to 8.2.3, we are having lots of problems with search performance. We noticed that the a...

by Path Finder in

multiple searches for stats

I have two searches where I need to run an stats count on to do some calculations. First search is index=xxx wf_id...

by Explorer in

Time doesnot show millisecond

With Splunk (splunk-library-javalogging) library update to version 1.11.4 , _time doesnot show millisecond . Having...

by New Member in

How to overcome append 10k limit without modifying conf file

is it possible to append more than 10k records between 2 index?How to overcome this withou modifying conf file and ad...

by Builder in

Regex Field Extraction in Data Model

Hi all. I'm fairly new to Splunk and regex. I've got many event logs and I'm making use of data models beforing gener...

by Engager in

Need help with combining two searches

Hello Team, How can I combine given below two searches and get the AWS instance name . aws-description-resource( ...

by Observer in

More than 10 accounts disabled within five minutes.

Hi guys, I'm working on a search that shows more that 10 accounts disabled within a five minute time frame. I feel ...

by Explorer in

JOIN on some of the columns

I have a table (that is a spitted URL) in the following format: field1field2field3field4field5field6aaaaa11111q...

by Path Finder in

stats count by field and show total

Hello, I want to calculate the count of total events, count of errors and show the total percent of the failures fr...

by Communicator in

Getting the Date for the max() value

Howdy I have a search like this: Everything is great! Would it be possible to add a column that contai...

by Loves-to-Learn in

rex extract number

Hi 2022-01-04 23:10:43,224 INFO [APP] sessionDestroyed, Session Count: 02022-01-04 23:12:34,238 INFO [APP] sessionC...

by Motivator in

Searching a 2nd index with a field extraction using rex

I have a index=weblogs where I filter results and then REX extract an IP address to a new field called RemoteIP. I ...

by Explorer in

Using "earliest" and other time modifiers in ad hoc queries

Is it possible to put time modifiers like "earliest" into a search and essentially disregard the time range drop-down...

by Path Finder in

Using stats command to return 0 value

Hi There: I'm trying to return the list of access_users with 0 web hits from the web_hits table. How can i adjus...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

how to use one token with different evaluation for 2 panels query under different conditions.

Automatic extraction bug?

How can I identify which heavy forwarder or universal forwarder are sending logs?

Identifying inactive Hosts that crashed

How to calculate the percentage of certain field occurence in the events ?

How to build a table from different fields from a single event

Field subtraction

How to make the dashboard to display latest result by default

time chart only computing the first part of the calculation

Eval with stats on multiple fields

Splunk - How to not perform search for greater than 30 days in Time Picker.

Search performance issues after Splunk Upgrade 8.0.7 to 8.2.3 with mostly metrics based indexes

multiple searches for stats

Time doesnot show millisecond

How to overcome append 10k limit without modifying conf file

Regex Field Extraction in Data Model

Need help with combining two searches

More than 10 accounts disabled within five minutes.

JOIN on some of the columns

stats count by field and show total

Getting the Date for the max() value

rex extract number

Searching a 2nd index with a field extraction using rex

Using "earliest" and other time modifiers in ad hoc queries

Using stats command to return 0 value

The All New Performance Insights for Splunk

Good Sourcetype Naming

See your relevant APM services, dashboards, and alerts in one place with the updated ...

Splunk Answers Content Calendar May 2025!

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions