Splunk Search

Ask a Question

Discussions

Thread Info

Streamstats time_window current=f error

Hello all, I am using steamstats with time_window=60m to calculate the moving average over the past hour. However,...

by New Member in

Missing data in tstats output

Hi All, using below query but not getting complete output.If there is no data present for Response time for particul...

by Path Finder in

How to count the number of times each name is repeated?

I have the following csv file: id,name,age,male 1,lily,10,girl 2,bob,12,boy 3,lucy,12,girl 4,duby,10,bo...

by Explorer in

Some cloudwatch log collection errors

I take a log using Python's print statement in lambda and save it in the cloud-watch log group.The log group is being...

by New Member in

multifield key between indexes

index=db OR index=app | eval join=if(index="db",processId,pid) | stats sum(rows) sum(cputime) by join Above is ...

by Path Finder in

center align the x axis labels in timechart

Hi Is it possible to center align the x axis labels in timechart, instead of them being in the left side of the ba...

by Contributor in

Drill down with transpose not working as expected to fetch the row and colomn values

Drill down with transpose not working as expected to fetch the row and colomn values, as its not giving me the accura...

by Explorer in

Display a custom text when results=0

How do I run a search against a sourcetype (which is very low volume), and display a custom text when there are 0 eve...

by Path Finder in

Can't Preview Source Type When Uploading Data

I am trying to create a props.conf to pass a custom timestamp. To do so I wanted to upload data and use the set sourc...

by Explorer in

indexer has stopped working

Hello Splunk community, One of my indexes doesn't seem to have indexed any data for the last two weeks or so. This...

by Loves-to-Learn Everything in

Combining multiple field values for stats/charting

I have a field in my data named severity that can be one of five values: 1, 2, 3, 4, and 5. I want to chart on the ...

by Path Finder in

... | append [ | makeresults ] makes the search time explode

I have a dashboard with multiple line charts showing values over time. I want all charts to have the same fixed time ...

by Path Finder in

Remove results based on subsearch

I'm looking to get all failed event log based on a field , and then trying to find the success event log for the same...

by Explorer in

Query to show specified time per day in timechart

Hi, I would like to create a time chart for a specified time suppose 8AM to 2PM everyday for last 30 days. I am able ...

by Engager in

Tracking user logon (standard and admin account) Windows AD

Hello, I am looking to create a report of a search. I have a requirement of tracking user logon to window machines (A...

by Engager in

Possibly to alert based on previous sample comparison

Hi Put simply, I am trying to wrap my head around how I can configure an alert to trigger is a metric is X% higher ...

by Path Finder in

Grouping and counting based on different values

HI Team, i am caught in a maze of how to use stats function to get the data in expected format i want. Sample data. ...

by Builder in

Display specific field in log by count

I want to write the query which will number of count the event occurred and time taken for that. This is the log ...

by Loves-to-Learn in

Splunk Ingestion Metrics

I am trying to get the ingestion per day in Terabytes for each index. I am using the below search which works, howeve...

by Path Finder in

I need to display priority data for 7 days with the percentage, however am unable to display it in 7 days.

I need to display priority data for 7 days with the percentage, however am unable to display it in 7 days. My below q...

by Explorer in

Setup an alerts with events from Timestamp format

Dear All, I want to setup an alert in an event. The event contains three timestamps, New Event time, Last update, a...

by Explorer in

SOURCE_Key Extraction

I Have used the below two events to test the SOURCE_KEY = <132>1 2023-12-24T09:48:05+00:00 DCSECIDKOASV02 ike...

by Path Finder in

How to convert CSV lookup to DBXlookup?

How to convert CSV lookup to DBXlookup?The lookup using CSV worked just fine.The CSV was moved to the database and wh...

by Motivator in

streamstats | reset_after condition not applied within the scope of each user (field)

Hi Team, What I'm trying to achieve: Find the consecutive failure events followed by a success event. | m...

by Explorer in

Modification of query for detecting Successful Logins following Password Spray Attacks in Auth0 Logs

Hello, I need some help with adjusting an alert for detecting a password spray attack using Auth0 logs in Splunk. W...

by Loves-to-Learn in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Streamstats time_window current=f error

Missing data in tstats output

How to count the number of times each name is repeated?

Some cloudwatch log collection errors

multifield key between indexes

center align the x axis labels in timechart

Drill down with transpose not working as expected to fetch the row and colomn values

Display a custom text when results=0

Can't Preview Source Type When Uploading Data

indexer has stopped working

Combining multiple field values for stats/charting

... | append [ | makeresults ] makes the search time explode

Remove results based on subsearch

Query to show specified time per day in timechart

Tracking user logon (standard and admin account) Windows AD

Possibly to alert based on previous sample comparison

Grouping and counting based on different values

Display specific field in log by count

Splunk Ingestion Metrics

I need to display priority data for 7 days with the percentage, however am unable to display it in 7 days.

Setup an alerts with events from Timestamp format

SOURCE_Key Extraction

How to convert CSV lookup to DBXlookup?

streamstats | reset_after condition not applied within the scope of each user (field)

Modification of query for detecting Successful Logins following Password Spray Attacks in Auth0 Logs

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions