Splunk Search

Ask a Question

Discussions

Thread Info

How can I determine how much an index is being searched?

I am trying to determine how many searches are searching on a particular index per day. I know how much data the i...

by Communicator in

What's the best way to only do a Lookup based on the results of the main search?

Hi, What's the best way to only do a Lookup based on the results of the main search? I want to only run this when...

by Explorer in

How to search in Splunk if a specific lookup table is being used in a dashboard?

Hello, I was wondering if it is possible to locate or search in Splunk if a specific lookup table is being used in...

by Engager in

How to search and report based on presence or lack of string?

Have following data in the logfile {xxxx},{"GUID":"5561859B8D624FFC8FF0B87219060DC5"} {xxxx},{"GUID":"55...

by Path Finder in

How to create search for SVC's by index?

I have found a search in the charge back application that might fit for seeing the SVC's by index. Unfortunately tha...

by Path Finder in

How to create a timeline table?

Hi,we are logging api requests in Splunk. I would like to create a sort of health check table where every column r...

by Communicator in

Plot graph for previous 2 weekday average

Hi, I'm trying to plot graph for previous 2 weekday average. Below is the query used index="xyz" sourcetype="ab...

by Explorer in

Finding the number of null cells in a table

Lets say I have a table of two fields. and some of the cells are empty.How do I find the number of empty cells using ...

by New Member in

Get latest events of json and visualize it to table.

Hello friends! I get JSON like this {"key":"27.09.2023","value_sum":35476232.82,"value_cnt":2338} and so on ....

by Path Finder in

Plot graph using lookup file

Hi Team, I have a got a request to plot graph of previous 30 days. But the org has a retention period of 7days set...

by Engager in

How to run a chart command grouped by 2 fields?

HelloIm trying to run a chart command grouped by 2 fields but im getting an error:this is my query : | ch...

by Communicator in

Possible to find different of two amounts from different events but already within a sort by time span?

Hi,Is it somehow possible to find difference between two or more amounts from different events when the events are so...

by Explorer in

Extract field

Log like. message: [22/09/23 10:31:47:935 GMT] [ThreadPoolExecutor-thread-15759] INFO failed.", suspenseAccountNumb...

by Explorer in

search help, token

system_id = AA-1, AA-1-a, AA-1-b, AA-10, AA-10-a, AA-10-b, AA-12, AA-12-a, AA-12-b,,, and so on. Notice all the sy...

by Path Finder in

How to extract OS using Regex?

Hi, i have lookup which list out all red hat linux. for example, in my lookup have red hat 7, red hat 8 and so on.i n...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How can I determine how much an index is being searched?

What's the best way to only do a Lookup based on the results of the main search?

How to search in Splunk if a specific lookup table is being used in a dashboard?

How to search and report based on presence or lack of string?

How to create search for SVC's by index?

How to create a timeline table?

Plot graph for previous 2 weekday average

Finding the number of null cells in a table

Get latest events of json and visualize it to table.

Plot graph using lookup file

How to run a chart command grouped by 2 fields?

Possible to find different of two amounts from different events but already within a sort by time span?

Extract field

search help, token

How to extract OS using Regex?

Observability | How to Think About Instrumentation Overhead (White Paper)

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

The Great Resilience Quest: 10th Leaderboard Update

Help with report creation please

How to combine rows based on parent-child relation...

Outputlookup to a kvstore does not write results

How do I limit a search to everything except the t...

StatsBuffer::read: Row is too large for StatsBuffe...