Splunk Search

Ask a Question

Discussions

Thread Info

peak day count for the day of the month and avg for the month

Hi, I get the exactly same count for avg and peak, any issue with my query? index=a sourcetype=ab earliest=...

by Explorer in

table command without changing sort order

Hello all, I would like to use the table command without changing the order of events. To give an example: When s...

by Motivator in

User login

Hi , A newbie to Splunk here. I have found the query for login info for users on a host: index=os source=var/l...

by Explorer in

search language

Hi, how do I get subtotal count for each Host and Total for all count, in additional count for all different status. ...

by Explorer in

nested if loop

I would like to write in splunk a nested if loop: What I want to achieve: if buyer_from_France: ...

by Observer in

tstats unable to get any results when specifying dataset in FROM clause

Hi, We are in the process of migrating all Apps/Config's from an older standalone instance(7.2.4.2) to a newer SHC(...

by Builder in

How do I join a search on a field that is not unique to compare time values?

Hello all, I am struggling to find a solution for this. I have two different searches. One shows log entries wher...

by Path Finder in

Need Regex help

Hi All, I will be getting a list of MD5 hash values in my logs. Need a regex expression for the below. Therefore...

by Path Finder in

Find the average of the first 99% range of data

My search currently gives me some statistics regarding response times including total count, average, min, max and 99...

by Path Finder in

Issues with props and transforms

Hi All, I have just copied across working props and transforms stanza from one HF to another for sqs logs. howev...

by Explorer in

How to get the last hour of events but also over the past 6 weeks?

I wanted to establish an alert that will look at the past hour for the past 6 weeks and make some comparisons. So for...

by Contributor in

99% Percentile time_taken in IIS

Hi I am trying to find the min, max and AVG for Percentile 99,90 and 75 with the bellow: index="main" source="C...

by Communicator in

Search query to remove results from another source.

I have the following sourcers: "inserted" and "deleted" In the "inserted" i have these fields:Id, Timestamp1, 2021-...

by Explorer in

Transforming commands works only in verbose mode

Suddenly transforming commands stopped working unless I search in verbose mode. What could cause this issue? This onl...

by Engager in

How do I generate a random number between a specific range?

Hi, How can I generate a random number between 1 to 20. I random() function doesn't allow to specify a range. please ...

by Path Finder in

I want no. of triggered alerts in a day from total alerts to be generated

I want a report when total events less than 9500000 in a day from sourcetype. Also I tried below query, but its giv...

by Engager in

Alert throttle not working with renamed fields

I have multiple alerts with searches similar to the one below where fields are renamed to a numeric ordering. The sea...

by Observer in

Sum the values in a field

Hi Team, Current table ApplicationFailureSuccessA26B47C58 Expected ApplicationFailureSuccessD1121 H...

by Engager in

Why doesn't the the eval- subtraction generates results from two extracted values?

Hey Splunk- community, theres another problem which must solved again. The following query.... index=machinedata_...

by Explorer in

How to use eval with mstats

Hi, I want to run something similar to the below on metrics data stored in metrics index, can you please ass...

by Explorer in

How to match wildcard in a join left?

Consider I received the following logs: cn=srv1.example.com;issuer=C=US, O=Amazon, OU=Server CA 1A, CN=Amazon c...

by Path Finder in

can we decode the splunk logs which is already onboarded into splunk

Hi Team, Is there any way to decode the logs which is already onboarded into splunk. Do we have any app to decode.?...

by Path Finder in

Filling in missing '_time' rows (without using timechart)

I want to know how I can incrementally go through and add missing times (hours) per user across a number of users. ...

by Explorer in

JSON Fields Extraction using REX

Hello, I have a requirement where i need to extract part of JSON code from splunk log and assign that field to ...

by Path Finder in

Having a search trigger another search

Is there a way to trigger another search from a search? What I have is a syslog search for traffic on a router. The o...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

peak day count for the day of the month and avg for the month

table command without changing sort order

User login

search language

nested if loop

tstats unable to get any results when specifying dataset in FROM clause

How do I join a search on a field that is not unique to compare time values?

Need Regex help

Find the average of the first 99% range of data

Issues with props and transforms

How to get the last hour of events but also over the past 6 weeks?

99% Percentile time_taken in IIS

Search query to remove results from another source.

Transforming commands works only in verbose mode

How do I generate a random number between a specific range?

I want no. of triggered alerts in a day from total alerts to be generated

Alert throttle not working with renamed fields

Sum the values in a field

Why doesn't the the eval- subtraction generates results from two extracted values?

How to use eval with mstats

How to match wildcard in a join left?

can we decode the splunk logs which is already onboarded into splunk

Filling in missing '_time' rows (without using timechart)

JSON Fields Extraction using REX

Having a search trigger another search

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions