Splunk Search

Discussions

Thread Info

Need Regex help

Hi All, I will be getting a list of MD5 hash values in my logs. Need a regex expression for the below. Therefore...

by Path Finder in

Find the average of the first 99% range of data

My search currently gives me some statistics regarding response times including total count, average, min, max and 99...

by Path Finder in

Issues with props and transforms

Hi All, I have just copied across working props and transforms stanza from one HF to another for sqs logs. howev...

by Explorer in

How to get the last hour of events but also over the past 6 weeks?

I wanted to establish an alert that will look at the past hour for the past 6 weeks and make some comparisons. So for...

by Contributor in

99% Percentile time_taken in IIS

Hi I am trying to find the min, max and AVG for Percentile 99,90 and 75 with the bellow: index="main" source="C...

by Communicator in

Search query to remove results from another source.

I have the following sourcers: "inserted" and "deleted" In the "inserted" i have these fields:Id, Timestamp1, 2021-...

by Explorer in

Transforming commands works only in verbose mode

Suddenly transforming commands stopped working unless I search in verbose mode. What could cause this issue? This onl...

by Engager in

How do I generate a random number between a specific range?

Hi, How can I generate a random number between 1 to 20. I random() function doesn't allow to specify a range. please ...

by Path Finder in

I want no. of triggered alerts in a day from total alerts to be generated

I want a report when total events less than 9500000 in a day from sourcetype. Also I tried below query, but its giv...

by Engager in

Alert throttle not working with renamed fields

I have multiple alerts with searches similar to the one below where fields are renamed to a numeric ordering. The sea...

by Observer in

Sum the values in a field

Hi Team, Current table ApplicationFailureSuccessA26B47C58 Expected ApplicationFailureSuccessD1121 H...

by Engager in

Why doesn't the the eval- subtraction generates results from two extracted values?

Hey Splunk- community, theres another problem which must solved again. The following query.... index=machinedata_...

by Explorer in

How to use eval with mstats

Hi, I want to run something similar to the below on metrics data stored in metrics index, can you please ass...

by Explorer in

How to match wildcard in a join left?

Consider I received the following logs: cn=srv1.example.com;issuer=C=US, O=Amazon, OU=Server CA 1A, CN=Amazon c...

by Path Finder in

can we decode the splunk logs which is already onboarded into splunk

Hi Team, Is there any way to decode the logs which is already onboarded into splunk. Do we have any app to decode.?...

by Path Finder in

Filling in missing '_time' rows (without using timechart)

I want to know how I can incrementally go through and add missing times (hours) per user across a number of users. ...

by Explorer in

JSON Fields Extraction using REX

Hello, I have a requirement where i need to extract part of JSON code from splunk log and assign that field to ...

by Path Finder in

Having a search trigger another search

Is there a way to trigger another search from a search? What I have is a syslog search for traffic on a router. The o...

by Communicator in

How do I export large amounts of data?

I am having issues with finding a way to export two reports. I have two reports, which I'll call search1 and search...

by Path Finder in

Compare inputlookup and index search

Hi,I have a lookupfile that contains a list of hosts, (one column named hosts), this list maybe subject to change.I w...

by Engager in

display 2 single tag side by side in one panel

<panel><single></single><single></single></panel> in display value of single tag is in vertical order. so h...

by Loves-to-Learn Everything in

convert the row value to column

Hi All, we have a query as below (index=abc OR index=def) category= * OR NOT blocked =0 AND NOT blocked =2|rex f...

by Engager in

How to access the last log item in array

I have this log { [-] duration: 3005 finishTime: 2021-08-25T15:47:26.838196 logger: splunk startTime: 2021-...

by Explorer in

Evaluate percentiles based on multiple rows

I have the data in the following format score_countscore_value2350465215389054 with more than a 1 million score_v...

by Loves-to-Learn Lots in

Splunk cloud - extracting JSON data

Hi All, I have an JSON file that is ingested into Splunk, I need to create a dashboard with the different API's...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Need Regex help

Find the average of the first 99% range of data

Issues with props and transforms

How to get the last hour of events but also over the past 6 weeks?

99% Percentile time_taken in IIS

Search query to remove results from another source.

Transforming commands works only in verbose mode

How do I generate a random number between a specific range?

I want no. of triggered alerts in a day from total alerts to be generated

Alert throttle not working with renamed fields

Sum the values in a field

Why doesn't the the eval- subtraction generates results from two extracted values?

How to use eval with mstats

How to match wildcard in a join left?

can we decode the splunk logs which is already onboarded into splunk

Filling in missing '_time' rows (without using timechart)

JSON Fields Extraction using REX

Having a search trigger another search

How do I export large amounts of data?

Compare inputlookup and index search

display 2 single tag side by side in one panel

convert the row value to column

How to access the last log item in array

Evaluate percentiles based on multiple rows

Splunk cloud - extracting JSON data

CX Day is Coming!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions