Splunk Search

Ask a Question

Discussions

Thread Info

To generate two sets of values from one field

Hi all, I am new to Splunk and I would like to seek help from the Splunk Community to generate the net power consum...

by Engager in

ipinfo

I am executing a query in splunk which is below : | makeresults | eval ip="$ip$" | makemv delim="," ip | mvexpa...

by Explorer in

Dashboard panel statistic using extracted field not working

Hi I have a dashboard panel that displays (for a given server) 4 statistic values. Backups started, running, succes...

by Explorer in

collect command generates multiple rows in summary index for single event

I am using the collect statement to collect a single event to a summary index. When run as a search, it will generate...

by SplunkTrust in

_time and the timestamp in the row data are having slight variation

I could see there is a slight difference ( in seconds - from 1 to 10) between the _time and the timestamp field in th...

by Path Finder in

SPL data input to SQL search?

Hello All, I have a situation in which I need to use local lookup file as input in another search, however, the sec...

by Path Finder in

FieldSelector - p-values higher than >.05 in selected fields

I've recently begun exploring the FieldSelector command to better understand what fields are the best predictor for a...

by Path Finder in

How to make _time field to get the exact value of timestamp ?

I have diffeence between _time and timestamp in terms of second . ( 5 to 50) . How to make the _time to get the exac...

by Path Finder in

How to view the contents of .kmz lookup files

I do | inputlookup geo_ocean.kmz for example but get an error. Please advise

by Builder in

Average alarms per reader

So I'm having trouble figuring this one out. Basically for example we have 1000 alarms per day and 100 readers in our...

by Path Finder in

The "Where" command

How do I search multiple field values with the "where" command. I am trying to search multiple field values that are...

by New Member in

How do i get a count of each value of a field, and then extract the values whose count matches a certain number

Hi, I have the below SPL which gets the count of each value of the field named "subject". I want to be able to sele...

by Path Finder in

REgex to extract fields

AZImaging/Projects/IMG2012002/WSI/D419BC00001/E7004004/SM/96b819b9-fc86-b81b-a999-55a72df0e05a.svs Hi , Above is ...

by Loves-to-Learn Lots in

New field with conditional value

I have a dashboard panel with a table that show 3 fields, each of which contain numeric values. A) "Backups started...

by Explorer in

Adding increments of time to an event

Hi Splunkers, I have gotten help on this type of problem and it has been very useful. However, I still stuck, but a...

by Communicator in

How to calculate duration for repeated event by unique string

Hi, I am new to Splunk, just started for few days. Below is the events that I have searched and sorted, I would li...

by Loves-to-Learn in

Can I use data from other rows and set them to a different row who have the same key?

Hi everyone, I would like to ask if it's possible to use data from another row, to be set as the value of a different...

by Explorer in

Isolate date by adding greater than or equal to

Hi, So my search window is from Feb 19 - Feb 23. I would like to have isolate Feb 19 - to have my events start on t...

by Explorer in

Where is Indexer specific props.Conf files saved?

Is there individual indexer specific conf files present specially for Props.conf file ? In Linux , how can we identi...

by Path Finder in

Setting up earliest and latest time with relative date and fixed time

I am trying to define a query where I have to use the earliest time as 2 days ago at 22:20:45 and latest time 1 day a...

by Explorer in

Are the App Data Input fields extractable?

I have an app that configures data inputs with columns for "Name" and "Destination". Once there is data in the sourc...

by Path Finder in

Issues with the schedule PDF generation

While doing the schedule and export option of PDF generation , the graph format is getting truncated . However , the ...

by Path Finder in

Need to change the value of field using sed

I want to replace the values of alertnateId and displayName to "****", I tried with below sed command but its not cha...

by Path Finder in

If there are multiple results in field2, for one value of field2 within a time interval

So what I'm attempting to do, is I have a list of user, IP, city, state, country, time. I want to alert if I see ...

by Observer in

Calculate active Sprint

Hi, How to create a query to show Active Sprint(JIRA) with Start and end date in my splunk dashboard.I dont have fi...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

To generate two sets of values from one field

ipinfo

Dashboard panel statistic using extracted field not working

collect command generates multiple rows in summary index for single event

_time and the timestamp in the row data are having slight variation

SPL data input to SQL search?

FieldSelector - p-values higher than >.05 in selected fields

How to make _time field to get the exact value of timestamp ?

How to view the contents of .kmz lookup files

Average alarms per reader

The "Where" command

How do i get a count of each value of a field, and then extract the values whose count matches a certain number

REgex to extract fields

New field with conditional value

Adding increments of time to an event

How to calculate duration for repeated event by unique string

Can I use data from other rows and set them to a different row who have the same key?

Isolate date by adding greater than or equal to

Where is Indexer specific props.Conf files saved?

Setting up earliest and latest time with relative date and fixed time

Are the App Data Input fields extractable?

Issues with the schedule PDF generation

Need to change the value of field using sed

If there are multiple results in field2, for one value of field2 within a time interval

Calculate active Sprint

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions