Splunk Search

Discussions

Thread Info

statistics by month

Hi Try to build a table for the below requirement First Column: url 2nd Column: jun2021 3rd Column: May2021 ...

by New Member in

Remove Line from stats based on value of line

So I am writing a query and It all gets piped into stats at the end. There is a value that I want to use to remove li...

by Engager in

Case with multiple potential wildcard matches

I have a field with error messages that I need a case statement to cleanup for reporting. In this case some of the me...

by Contributor in

Detecting and changing date format.

I have a field "Date" as below. However, there are some inconsistency in the date format. How can I get the "30/1/20...

by Path Finder in

How to feed a query?

I am trying to run a simple query, but with a catch. I want to run something like this: index=weblogs somedomain.c...

by Loves-to-Learn in

Time range not substituted by search

We have a SHC at version 8.1.3. When we try to use "earliest" and "latest" in search we get results based on the ear...

by Communicator in

Field value comparison

Hi, want to achieve daily,weekly ,monthly, yearly report empDirectory.csv contains Employee ID,Employee Name, M...

by Explorer in

Is it possible to control which file gets indexed first?

For example, I would like certain rows "ABC" to have less indextime than "DEF". In normal search, "DEF" would have th...

by Path Finder in

dbxquery inside a search

How do I take the results of a search pass a field into a dbxquery and then display results from both the search and ...

by Contributor in

How to detect outliers if there are also periods with no events

I use timechart to count the events per month by department | timechart span=1mon count AS Aantal by departmentafte...

by Contributor in

eval and timechart

How can I get STP as a bar chart ? im getting error when i try to do it like this i want to display ...

by Contributor in

JSON Search Time Extractions Truncated

I've been troubleshooting an issue with a search time field extractions of a JSON field being truncated at 4096 chara...

by Explorer in

variable passed into subsequent search

Is it possible to use the value derived from one search and pass it to another search? For example, I have a searc...

by Path Finder in

conditionally using random()

Based on my dataset, I have 10 items in total and I wanna generate a new field randomly for each different item. E...

by Splunk Employee in

Eval function explanation

Can someone help me break down this portion of a search? Is it saying, look for anything older than 30 minutes? ...

by Path Finder in

building search query

Hi Guys, I am just wondering if anyone can put me in the right direction - I have a question about search queries i...

by Explorer in

How to check macro using sourcetype

I'm searching for list of indexes using |tstats count where index=* sourcetype=log4j by index sourcetype I got r...

by Path Finder in

create event for every hour in a search window

I need to create a field "search_hours" with values for every hour in (%H:00) format within the search window, whethe...

by Explorer in

timechart sum

index="acoe_np_spa_metrics" | search Project="*" AND Volume="*" | timechart span=1mon count(eval(D_Status="F"...

by Contributor in

How to search a list of sourcetypes by index and save it as a dashboard panel?

I need to get the list of Sourcetypes by Index in a Dashboard. I got this search from Splunk forums which gives th...

by Communicator in

Subtracting two epoch times after within stats table

Hello - we are trying to calculate the possible_duration between the first event and last event in the following base...

by Communicator in

fill the table

Hi All Below is my query to tabulate a few fields together and count them on basis of its value .I need help with a...

by Engager in

Splunk is not searching results

Index=A sourcetype=B and I can see under fields category filed "C" with count of 10k+ values .. But if I search wit...

by Path Finder in

Count New IPs Accessed Over Time

We have a daily report that generates an event each time an IP is accessed each day. In order to determine the numbe...

by Engager in

Is there a function that reveals how long a search job took in Splunk Python's SDK?

I am able to print the results of the query with the Splunk Python SDK, is there also a function within it that tells...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

statistics by month

Remove Line from stats based on value of line

Case with multiple potential wildcard matches

Detecting and changing date format.

How to feed a query?

Time range not substituted by search

Field value comparison

Is it possible to control which file gets indexed first?

dbxquery inside a search

How to detect outliers if there are also periods with no events

eval and timechart

JSON Search Time Extractions Truncated

variable passed into subsequent search

conditionally using random()

Eval function explanation

building search query

How to check macro using sourcetype

create event for every hour in a search window

timechart sum

How to search a list of sourcetypes by index and save it as a dashboard panel?

Subtracting two epoch times after within stats table

fill the table

Splunk is not searching results

Count New IPs Accessed Over Time

Is there a function that reveals how long a search job took in Splunk Python's SDK?

.conf25 Global Broadcast: Don’t Miss a Moment

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions