Splunk Search

Ask a Question

Discussions

Thread Info

Append color values to field value

I have a query result . i want to append the three colors based on values and the table is dynamic based on the tim...

by Path Finder in

Join two events and publish the fields

Hi Everyone, I have two events like below on the same index though. I captured all fields through rex command but ...

by Explorer in

Consolidating data from different indexes into one table

I have 4 applications integrated with each other - their names let's say A, B, C, D respectively. All these applicat...

by Explorer in

Statistics data in GB, MB values

Hi Ninjas, I'm trying to make a table that should list date, domains, action_types, action_type_usage_in_MB, Domain_u...

by Engager in

Difference between outputs of same query as search and subsearch

Noob here. Can anyone tell me why the following search: search sourcetype=srt | table serialNumber will give me ...

by Engager in

Creating a correlation search between two different indexes (DHCP and Firewall Data)

Hi all- we want to get a bit more elegant with correlation searching between two different indexes. There seems to b...

by Path Finder in

Subtracting from multiple columns

Hi all, I have a table like this _timefile1.txtfile2.txtfile3.txt*.txt1472160022147216002214721600001472160099...14...

by Explorer in

Read a lookup and for each field send a email.

Hello everyone, I have a situation, I would like to read a lookup and for each field that match with a search crit...

by Path Finder in

how to track if a transaction is taking more time with non real time alert

Hi Splunkers, we have a transaction which runs for every 4hours and usually take 5mins to complete.Im trying to set...

by Path Finder in

Populating a new field with data based on existing field value

I have a field with similar values:myFieldJCH CornJCH CarrotJCH AppleME/OrangeI would like to populate a new field de...

by Communicator in

scheduled searches

Hi all, I have two scheduled searches, is there the possibility to launch the second one at the end of the first? ...

by Path Finder in

Display search result as a label text or non editable text on the dashboard

I am trying to retrieve and display the user name of the logged in user as a label or a non-editable text on the dash...

by Communicator in

Transactions with conditional Endswidth or different ordering of events.

I have a series of events that always start with EventTypeName = "Node Down" but there are three scenarios I'm trying...

by Explorer in

Splunk Alert

I am trying to create a Splunk alert where the log line is delimited with comma,I need to get the field 4 and check i...

by New Member in

Syslog Filteration

We are receiving around 300gigs of syslog data everyday and we want to filter all the logs and index only what the ne...

by Loves-to-Learn in

appendcols with proper info

Hi, Following search query produces output in table below: index=_pods pod=* project=project_name state="Runnin...

by Path Finder in

Create custom table

Is it possible to have particular result in custom column which will fetch values from existing search and will show ...

by Loves-to-Learn in

Is there a way to only search * (asterisk)?

Dear Experts , Please suggest an answer on a silly question If my log contains *(star) as a word/character . ...

by New Member in

Color results of pie chart based on a token

Hi, My search returns a pie chart that is a sum of a variable (memory_usage_GB) and ploted by another variable (use...

by Loves-to-Learn Lots in

Timechart stats

I have simple search: index=xyz logLevel IN (ERROR, INFO)How do I plot two different color in a timespan chart?See...

by Explorer in

To generate two sets of values from one field

Hi all, I am new to Splunk and I would like to seek help from the Splunk Community to generate the net power consum...

by Engager in

ipinfo

I am executing a query in splunk which is below : | makeresults | eval ip="$ip$" | makemv delim="," ip | mvexpa...

by Explorer in

Dashboard panel statistic using extracted field not working

Hi I have a dashboard panel that displays (for a given server) 4 statistic values. Backups started, running, succes...

by Explorer in

collect command generates multiple rows in summary index for single event

I am using the collect statement to collect a single event to a summary index. When run as a search, it will generate...

by SplunkTrust in

_time and the timestamp in the row data are having slight variation

I could see there is a slight difference ( in seconds - from 1 to 10) between the _time and the timestamp field in th...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Append color values to field value

Join two events and publish the fields

Consolidating data from different indexes into one table

Statistics data in GB, MB values

Difference between outputs of same query as search and subsearch

Creating a correlation search between two different indexes (DHCP and Firewall Data)

Subtracting from multiple columns

Read a lookup and for each field send a email.

how to track if a transaction is taking more time with non real time alert

Populating a new field with data based on existing field value

scheduled searches

Display search result as a label text or non editable text on the dashboard

Transactions with conditional Endswidth or different ordering of events.

Splunk Alert

Syslog Filteration

appendcols with proper info

Create custom table

Is there a way to only search * (asterisk)?

Color results of pie chart based on a token

Timechart stats

To generate two sets of values from one field

ipinfo

Dashboard panel statistic using extracted field not working

collect command generates multiple rows in summary index for single event

_time and the timestamp in the row data are having slight variation

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!