Splunk Search

Discussions

Thread Info

Search Results into a table

Hi guys, I am new to splunk and would like to create a report based off the number of times a particular windows e...

by Engager in

Three Join Splunk query

Hello; I understand joins are expensive in Splunk. When I have a query that has two joins, which query executes first...

by Explorer in

How does splunk extract search time fields in "interesting fields"?

which props.conf setting does splunk use to extract interesting fields from _raw field. I am trying to use collect ...

by Explorer in

Transform a field into table view

Hi, I have a field called sequence_anomalies which consists of a lot of individual elements. Once I made it into a ...

by Path Finder in

Combine dynamic fields into a multivalued field in a search

Hi All, I'm working on a search, where I currently have the following: ..base search.. | table static_name, sta...

by Builder in

SPL search query to combine two tables

Hi, I have database table and anomaly table. Both tables have a field database_id. Now I am interested in the statu...

by Path Finder in

Makemv function does not work inside join

Do we know the reason why Splunk search has below behaviour: Search-1: | makeresults | eval group_by_...

by SplunkTrust in

Finding difficulty in getting the result as count

Hello all, I am facing an issue below while trying to get the result to add in the dashboard. Here I am tryi...

by Path Finder in

Running rex within an eval/if

Hello, I Googled and searched the Answers forum, but with no luck. Below, in psuedo code, is what I want to accomplis...

by Builder in

How to convert epoch time with milliseconds into splunk at indexing time

I have a file that I am monitoring has time in epoch format milliseconds .What setting should be placed in the props....

by Builder in

EventID - account name from 2 different events in one search

Hi all, I'm a Splunk beginner and I'm having a hard time getting this particular search down. My objective is to ge...

by Loves-to-Learn Everything in

What is an interesting field?

sourcetype=access_combined | fields clientip host action status All Fields Selected Fields aaction 5 ahost 3 Inte...

by Engager in

How to think about wildcard/bulk renaming in AS clause when piping to eval?

We have three cases of wildcard renaming preceding an eval command that result in errors (searches below): In Case ...

by Explorer in

inputlookup help

Hello, It is the first time that I am going to use this command and the truth is I am a bit confused even though I ...

by Builder in

How to add a new row, and copy some values from other rows, while changing others.

Hello all, I currently have the following data set, and a table will look like this: TestIterationResultsTest114...

by Engager in

How would I return the value of a correlating field by giving the value of another field...

I am working with a stats table with 7 fields.| tstats count as "f" where a=* b=* c=* d=* e=* by a b c d e| stats ...

by Communicator in

NOT Statement based on lookup not working

I am trying to remove logs based on a lookup. This is what I am using: index=myindex "string_to_search_for" NOT...

by Loves-to-Learn Lots in

Stats Command and timestamp

Hi , I am using a stats command with a "by" time field, but i am not getting the result. If i remove the time fie...

by Path Finder in

How to get Field values as column names/headers in the table output

Hi Team, I have a simple requirement but unable to get it. I am using a query index=tms sourcetype=kafka type=ssh...

by Observer in

Sort column headers in timechart - customize

Hi, I would like to ask you, of there is some possibility order column based on requirement. Case: <sea...

by Engager in

Service now data calculated percentage of P1,P2,P3 but when ever there is no P1 or P2 or P3 tickets need to show as NA

Hi All, I need help with the below requirement. I am getting data from the service now. I calculated the percentage d...

by Loves-to-Learn in

How to efficiently show the difference between two fields from different sources

Hey All, Here is my searchindex=main event_simpleName=NeighborListIP4 OR event_simpleName=SensorHeartbeat| rex fiel...

by Loves-to-Learn Lots in

Appendpipe alters field values when not null

Hi, I'm inserting an appendpipe into my SPL so that in the event there are no results, a stats table will still be ...

by Communicator in

How to give Line break in eval and display the same in single value chart

Hello, I am trying to display some data in field "result" for me in a single value chart using below query, and col...

by Explorer in

Set Schedule for UF

Would it be possible to configure SPLUNK UF to scan (/pick) files/data from the server at particular time of a day/we...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Search Results into a table

Three Join Splunk query

How does splunk extract search time fields in "interesting fields"?

Transform a field into table view

Combine dynamic fields into a multivalued field in a search

SPL search query to combine two tables

Makemv function does not work inside join

Finding difficulty in getting the result as count

Running rex within an eval/if

How to convert epoch time with milliseconds into splunk at indexing time

EventID - account name from 2 different events in one search

What is an interesting field?

How to think about wildcard/bulk renaming in AS clause when piping to eval?

inputlookup help

How to add a new row, and copy some values from other rows, while changing others.

How would I return the value of a correlating field by giving the value of another field...

NOT Statement based on lookup not working

Stats Command and timestamp

How to get Field values as column names/headers in the table output

Sort column headers in timechart - customize

Service now data calculated percentage of P1,P2,P3 but when ever there is no P1 or P2 or P3 tickets need to show as NA

How to efficiently show the difference between two fields from different sources

Appendpipe alters field values when not null

How to give Line break in eval and display the same in single value chart

Set Schedule for UF

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions