Splunk Search

Ask a Question

Discussions

Thread Info

Creating a chart based on time values, not epoch time

Is it possible to create a chart using time values "4:53:43" vs. converting them to epoch time "1505930393"? I'd ...

by Path Finder in

What is the max search limit for a macro

Hello, I have a macro that calls other macros in order to have a simple view of the code search.The thing is that ...

by Explorer in

Extract InProgress Transaction

I want to filter out transactions(where status ="InProgress ") that started in the previous slot and those completed ...

by New Member in

How to compare events using two values of a multi-value field.

Hello all, I have been struggling for a while now to create a query for comparing the events using two different v...

by Explorer in

Calculate time difference with extracted fields and offset time zones

I've got logs that contain a timestamp in 24 hour YYYY-MM-DD HH:MM:ss:SSS format (example: 2021-04-29 18:43:07.557). ...

by Explorer in

Search with a Variable

Hi Team How are u? I have a little question I have a index with same informations, index="epo" sou...

by Explorer in

Why are empty emails being sent using map & sendemail commands in my search and how do I prevent this?

Hi. I tried to send an email for each event when triggered. I used map and sendemail commands, but there is an em...

by Communicator in

Splunk 8.0 sendemail/subsearch issues after upgrading

Recently upgraded from 7.2.3 to 8.0 and a previously configured scheduled alert is not longer sending emails correctl...

by Engager in

How to Use Earliest Starting Field in Transaction

Hello, I have events that look like this (for a user with id 123): 2021-04-29 14:30:45 Notification Received [Use...

by Path Finder in

Splunk Case-Sensitive Search

Hi, Can someone help me with the regex command for below? | search ="UPN=*T@mail.cloud" Thanks in advance!

by Contributor in

How to pass event time from an inner subsearch to the outer search results table?

Hi, Here are my searches index=foo <search criteria> | table user _timeindex=bar <search criteria> | table user ...

by Builder in

Large scale join between two sourcetypes

Hello Everyone, I have been working on a problem for the last few weeks and haven't had huge amounts of success...

by Loves-to-Learn Lots in

Splunk File Download

Hi all, I have used an app to generate a document that according to this log went succesfull. Is there a way to allow...

by Path Finder in

Splunk query to eliminate specific events

Hi All, Below is my Splunk query. I want to only eliminate the result if "UPN" & "Event_title" both are the same ...

by Contributor in

How to combine multiple rows (from sub search results) into different columns on single row (main search)

I have a query that returns the following result. ...

by Path Finder in

Searching/Listing down all Installed App Usage, to find how which is the least used app.

Hey all!I am tasked to do some housekeeping and find out which installed apps are being used the least so that I can ...

by Engager in

Splunk DB Connect and Neo4j anyone?

I am trying to connect to Neo4j using their JDBC driver with no luck. Has anybody done better than this?

by Builder in

Get top 20 queries for avarage execution time

Hello there  So, I've extracted from the log, using rex, the time, called OSY_time and each individual slo...

by Path Finder in

table returns duplicates for extracted Fields that are not Selected

table returns duplicates for extracted Fields that are not Selected fields In the following image, host is a Select...

by Engager in

How do you generate CSV File on Schedule basis automatically as an attachment to Email.

Hello,How do we schedule a CSV file as an attachment to the Email. What is the script that needs to be added in the s...

by Engager in

extract multiple values from fields in same event

Hello team , I am having one event in which single field have multiple value like provided below: {"body"...

by Communicator in

regex

Hi all, I have a column containingRequest = REQ_IN ...... { ...... "productId": "test", ...... { ....... "productId...

by Path Finder in

What is the search for creating account on MAC OS?

by Loves-to-Learn Lots in

How to collect events that form part of a common tree

I have a large NodeRED JSON flows.json file that I'm ingesting into Splunk. In that file there are one or more 'flows...

by SplunkTrust in

makemv and mvindex not working as expected

I am working with JSON data type events and am trying to extract the username (user1, user2) from the pathspec data s...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Creating a chart based on time values, not epoch time

What is the max search limit for a macro

Extract InProgress Transaction

How to compare events using two values of a multi-value field.

Calculate time difference with extracted fields and offset time zones

Search with a Variable

Why are empty emails being sent using map & sendemail commands in my search and how do I prevent this?

Splunk 8.0 sendemail/subsearch issues after upgrading

How to Use Earliest Starting Field in Transaction

Splunk Case-Sensitive Search

How to pass event time from an inner subsearch to the outer search results table?

Large scale join between two sourcetypes

Splunk File Download

Splunk query to eliminate specific events

How to combine multiple rows (from sub search results) into different columns on single row (main search)

Searching/Listing down all Installed App Usage, to find how which is the least used app.

Splunk DB Connect and Neo4j anyone?

Get top 20 queries for avarage execution time

table returns duplicates for extracted Fields that are not Selected

How do you generate CSV File on Schedule basis automatically as an attachment to Email.

extract multiple values from fields in same event

regex

What is the search for creating account on MAC OS?

How to collect events that form part of a common tree

makemv and mvindex not working as expected

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Introduction to Splunk AI

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions