Splunk Search

Ask a Question

Discussions

Thread Info

It is truncated subsearch. tstats command.

Hi. I have one problem. It is truncated subsearch result. index="test-index01" sourcetype="test_s...

by Explorer in

How to extract and aggregate by extracted fields

Hi I have the data that looks like thisuser, ip, (metrics kv pairs) ---- sample results for search -- user=user1...

by Engager in

How to get searches to run in Smart or Verbose mode when selecting "Open In Search" from a dashboard panel?

All my dashboards panels, written in Simple XML, default to Search Mode "Fast" when the "Open In Search" icon is sele...

by Explorer in

props file not recognizing time field

Hi All, I have a CSV file with the below data, trying to push to splunk. Example - Thu JUN 24 15:27:52 +0...

by Communicator in

How to compute the field value a time interval earlier?

I want to compute the change in temperature for each location in a given interval, say, 15 minutes, or 30 minutes. I ...

by Communicator in

Field Extraction - Multi Line Text Comma Separated

Hello, Hoping someone can help with a Field Extraction question regarding multi line text and capturing a specific ...

by Explorer in

How To Pass Parameters to Saved Search Using Splunklib

Hello, Does anyone know how to pass parameters to a saved search using the splunklib for the Splunk API? I am abl...

by Path Finder in

How do I extract value from stats list

I want to extract count from list (picture 1 ) to table (picture 2) How do I do? |stats count by...

by Explorer in

Bar chart width resize in Simple XML

Hello, I have created a vertical bar chart using Simple XML, My requirement is to fix the width of all the bars. I...

by Engager in

Ignore if a certain string is present in the next X min

Hi, I am working on a search that looks for instances of "string1", but only those that are not followed by instan...

by Loves-to-Learn in

Error in 'IndexScopedSearch': The search failed

We're trying to run a search but are getting these errors while doing so: 3 errors occurred while the search...

by Engager in

inputlookup special fields

Hello,I have recently found there is a strange difference between lookup and inputlookup commands. |makeres...

by Explorer in

Regex help connected string

I would like to extract two groups which are TestName and Model. In the second row, the TestName is connected to Mode...

by Path Finder in

inputlookup convert columns to rows

I have a lookup with file_type name and a threshold per hour as the headers, like below. I would like the hour heade...

by Explorer in

Get the previous day 8-9PM data based on the date selected in the query

HI, While running a query I am giving timings as below 23-06-2021 01:00 to 23-06-2021 04:00 AM The timings can...

by Path Finder in

Exclude the logs with the same time for search results

Hi Guys, I'd like to exclude the logs with same time for the search results _time ...

by Engager in

How to extract, convert and show data

I have following data and : ......2021-06-18 21:05:45.037 +02:00 [Information] ChuteAndStatus=[20202020202020202020...

by Explorer in

How to get multiple lookups to work in a single search?

So I am attempting to perform two lookups in a single query, and i'm receiving an error. if I remove the second looku...

by Motivator in

How to extract, convert and show data

I have following data and : ......2021-06-18 21:05:45.037 +02:00 [Information] Status=[1111111111111111111111111111...

by Explorer in

Regex inside eval is not working

I am trying to do a stats count where 2XX https response means as success and any non 2XX means that it's a failure. ...

by Explorer in

[ Search] Finding the same user connecting to Okta from Separate IPs

Currently trying to work out a search that would allow me to generate a notable event if a user has made successful c...

by Loves-to-Learn Lots in

How to get two different field values In a query

Hi Team I am looking to get two different field values in a single query in Splunk, example, I have two different c...

by Explorer in

Calculate elapsed time from two events

Hi, I'm sure I'm not the first to ask this question, but I can't seem to find an answer that covers what I am tryin...

by Communicator in

How to trigger second search based on first search where condition

I have a dbquery alert which will trigger when first query has more than 250 records then second search will trigger ...

by Communicator in

How to resolve "the max number of concurrent historical searches on this instance has been reached" on Skipped search?

How to resolve "the max number of concurrent historical searches on this instance has been reached" on Skipped search...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

It is truncated subsearch. tstats command.

How to extract and aggregate by extracted fields

How to get searches to run in Smart or Verbose mode when selecting "Open In Search" from a dashboard panel?

props file not recognizing time field

How to compute the field value a time interval earlier?

Field Extraction - Multi Line Text Comma Separated

How To Pass Parameters to Saved Search Using Splunklib

How do I extract value from stats list

Bar chart width resize in Simple XML

Ignore if a certain string is present in the next X min

Error in 'IndexScopedSearch': The search failed

inputlookup special fields

Regex help connected string

inputlookup convert columns to rows

Get the previous day 8-9PM data based on the date selected in the query

Exclude the logs with the same time for search results

How to extract, convert and show data

How to get multiple lookups to work in a single search?

How to extract, convert and show data

Regex inside eval is not working

[ Search] Finding the same user connecting to Okta from Separate IPs

How to get two different field values In a query

Calculate elapsed time from two events

How to trigger second search based on first search where condition

How to resolve "the max number of concurrent historical searches on this instance has been reached" on Skipped search?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!