Splunk Search

Discussions

Thread Info

Need help with Timechart command

Hey all, so im trying to generate a time chart. If i perform the the stats command to validate the number of state I ...

by Path Finder in

access row in xyseries

Hello, I have a table from a xyseries. Each row consists of different strings of colors. I would like to pick one r...

by Path Finder in

get no results by using tstats in summary index

I have a summary index that I created from existing index by using tstats command. when I try to use tstats on the ...

by Loves-to-Learn in

Can't search modified _time value using earliest/latest requests.

I ran into a timeformatting issue with some of my logs due to the string starting with the following time format resu...

by Path Finder in

Metrics mrollup issue

hello , we have a problem with mrollup procedure for metrics indexes. We have setup e daily rollup for a metrics ...

by Observer in

windows perfmon network utilization

I'm trying to figure out to calculate the network utilization on this server using the eval and stats and I'm having ...

by Engager in

summary Index

Hi, how will summary index actually work in relation to 'time based searches' maybe the summary i...

by Builder in

Extract first 3 lines of raw logs and group

Hi, My current query for splunk dashboard is as: ........| eval ErrorMsg=_raw | stats count by Application, Error...

by Explorer in

Couldn't able to perform any commands in Deployment Server

Hi Team, We have recently upgraded our Deployment Master server from 7.3.1 to 8.1.2 version. The upgrade seems to b...

by Contributor in

props.conf time_format for source

Goal is to parse new events based on this source value into multiline events split each time a new date is encountere...

by Path Finder in

dbxquery bind variable advanced case

| dbxquery connection=Realtime shortnames=t query="select * from table_a awhere a.id = ?and a.create_dt_tm <= tr...

by Path Finder in

Count comma delimited field

I am trying to get counts based on comma delimited values for specified groupings of events. For instance I have th...

by Engager in

Need help with having earliest command and two other stats commands in same query

I currently have two searches that work separately but when I combine them into one search I cant seem to get it to r...

by Path Finder in

Identify which power meter reading has stopped increasing for 5 days

Hi, I am trying to identify which power meter reading has stopped increasing for 5 days. As these power values are...

by Engager in

Compare three column values and evaluate fourth

Hey Splunkers! Please help me with the below query. I have the below table, and i want to create a new column bas...

by Explorer in

How to count cumulative average by month?

Hello all. I am trying to find the average by closed_month, but I want the average duration to include events from p...

by Explorer in

How to separate field

Hi, guys. I have a big trouble here. I'm using rex to get ip-adresses. |rex max_match=0 "(?P<ip0>((?:[0-9]{1,3}\.){3}...

by Path Finder in

Correlating Data from 2 Indexes

I have 2 indexes, one called linux and another called firewall, how can I correlate both indexes to determine if the ...

by Builder in

Stats Percentage

Hi, I have a data source that lists phone calls. Each call record will list a set of values, in defined fields ...

by Explorer in

How Can I Use Streamstats to Retrieve the Last Instance of the Most Recent Field Value?

Hello! I have multiple events that have the same field values, but are not necessarily in the same order. I want to...

by Path Finder in

Predict with split by

Hi, I want to do a predict command in conjunction with my login logs to see if there's any anomalous behaviour user...

by Communicator in

How to convert a json into table with some unstructured data?

So I have two different services where an API call starts from service A and propagates to service B. I want to trace...

by Explorer in

Get the difference between strings

Hello All, My Goal: I need to create a dashboard with multiple panels. Panel 1 would be total number of indexes r...

by Explorer in

Join and appendcols returns results, but not giving the desired results

I have a CSV and a Keystore with data that I would like to join together. I read the documentation:https://docs.splu...

by Communicator in

Create a failed search job

Hi, for a testing purpose, i would like to create a failed search job.. i did search for this, but no luck.. any sugg...

by SplunkTrust in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Need help with Timechart command

access row in xyseries

get no results by using tstats in summary index

Can't search modified _time value using earliest/latest requests.

Metrics mrollup issue

windows perfmon network utilization

summary Index

Extract first 3 lines of raw logs and group

Couldn't able to perform any commands in Deployment Server

props.conf time_format for source

dbxquery bind variable advanced case

Count comma delimited field

Need help with having earliest command and two other stats commands in same query

Identify which power meter reading has stopped increasing for 5 days

Compare three column values and evaluate fourth

How to count cumulative average by month?

How to separate field

Correlating Data from 2 Indexes

Stats Percentage

How Can I Use Streamstats to Retrieve the Last Instance of the Most Recent Field Value?

Predict with split by

How to convert a json into table with some unstructured data?

Get the difference between strings

Join and appendcols returns results, but not giving the desired results

Create a failed search job

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions