Splunk Search

Discussions

Thread Info

Why is "stats" not working for the default "component" field on the internal except for in verbose mode?

Hi. We are trying to do some stats on the "component" field in the internal splunkd logs, but have encountered a stra...

by Builder in

How to debug "Server error"

Hello, the server only says "Server error" in search&reporting without showing "inspect job", how can I debug i...

by Explorer in

How to determine if a compliance check passed for all hosts

I have created the search below which: Filters out by only hostnames that I wantThen extracts the STIG ID from tho...

by Path Finder in

Benchmarking broken in Splunk search?

Hi, the times splunk shows in "inspect job" are totally unrelated to reality: This search has complet...

by Explorer in

Showing daily data for specific month

Hi all, I am trying to present data for a specific month and breaking it down by the day. Using my splunk s...

by Path Finder in

Extract second instance of IP address

Hi All, I'm currently in trying to extract the second IP address in each log as an field, but I'm simply not able ...

by Explorer in

Issue while using log mode in column chart

I have created a metrics dashboard in which I have configured column chart. By default scale used is "Linear", this h...

by Communicator in

Optimize my search

Hi team! How can I optimize the following search? I want to find ...

by Explorer in

Question for extracting a string out of longer string

Hello, I am looking to create a new field based on a section from a longer string/web address. I didn't see what i wa...

by Path Finder in

Diff the counts in correlated queries

I am very new to Splunk.I have two log files, the first one, let's call it accessLog, contains the access log for th...

by Explorer in

Count one column, sum another, display average on a third then display group by columns

Hello; I'm a bit stuck and looking for assistance. Base query returns the following values: Brand SystemId Resp...

by Explorer in

unable to find filename property for lookup splunk

Hello , I see lot of warning internal logs for one of the csv which says unable to find filename property for looku...

by Builder in

Clean up ip_intel kvstore

Hi guys, I can see how this question comes across as dumb but I would like to remove duplicated entries from my ip_...

by Explorer in

How to troubleshoot why startup.handoff in the Search Job Inspector always seems to take a long time?

Hi everyone, I am running Splunk 6.2.2 on a distributed setup with 3 search heads in a search head cluster and 4 n...

by Path Finder in

Is it possible to use IP white listing to restrict user access to Splunk Cloud from only within a corporate network?

I would prefer that the search heads not be visible to everyone on the internet. Is it possible to restrict the abili...

by Explorer in

Dynamic time period for sub-search based on date on each row from the main search?

Hi, I have a main search that generates counts of events table by date, UID and host something like for example: ...

by Loves-to-Learn in

REMOVE AN EXTRA FIELD

i have regular expression that i use to extract the below words, but i dont want to show the Results fiels or column,...

by Contributor in

Combine historical and realtime data from different data types

Hello community, I used the search to find a possible solution for my problem but without success. My problem looks...

by Explorer in

search-time versus index-time field extractions

Hi, I've recently noticed the recommendations the move to search-time versus index-time field extractions. I'm try...

by Path Finder in

why few values in a field moved to null automatically when it has actual values

Hi, Facing a strange issue in splunk .First of all we are ingesting data into splunk from sql server as a view .The...

by Path Finder in

stats for json data

Hello Experts, search.. |search "json attribute" |stats sum(latest("_attributes.xxx.total")) by servername ...

by Explorer in

troubleshooting props.conf

If there's an error in a props.conf stanza for a particular sourcetype, where would it show up in the logs? E.g. a ke...

by Contributor in

Using date ranges from lookup file as "spans" for charting results

I'm looking to create a chart that shows the pass/fail rate of an export process by code release dates rather than di...

by Explorer in

What is the biggest difference between perc<>() and using predict?

I have used predict before and now am seeing perc, which I haven't used as much. What is the largest difference betwe...

by Contributor in

search-time vs index-time field extraction

When would I ever consider extracting a field at index time?

by Splunk Employee in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why is "stats" not working for the default "component" field on the internal except for in verbose mode?

How to debug "Server error"

How to determine if a compliance check passed for all hosts

Benchmarking broken in Splunk search?

Showing daily data for specific month

Extract second instance of IP address

Issue while using log mode in column chart

Optimize my search

Question for extracting a string out of longer string

Diff the counts in correlated queries

Count one column, sum another, display average on a third then display group by columns

unable to find filename property for lookup splunk

Clean up ip_intel kvstore

How to troubleshoot why startup.handoff in the Search Job Inspector always seems to take a long time?

Is it possible to use IP white listing to restrict user access to Splunk Cloud from only within a corporate network?

Dynamic time period for sub-search based on date on each row from the main search?

REMOVE AN EXTRA FIELD

Combine historical and realtime data from different data types

search-time versus index-time field extractions

why few values in a field moved to null automatically when it has actual values

stats for json data

troubleshooting props.conf

Using date ranges from lookup file as "spans" for charting results

What is the biggest difference between perc<>() and using predict?

search-time vs index-time field extraction

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Stay Connected: Your Guide to October Tech Talks, Office Hours, and Webinars!

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions