Splunk Search

Discussions

Thread Info

Scatterplot elapsed time by date with both earliest and latest query matches

I'm trying to track the elapsed time it takes a user to complete a web application based on the earliest and latest o...

by Explorer in

How to attract a specific word from string using rex?

Hello Splunk Experts! I have a string like below rex " - - (?<text>foo|bar) " | ..... I want to take the text w...

by Path Finder in

Distribution function using bin

I am trying to create a PDF and CDF with limited amount of buckets: ... | bucket bins=10 fs as fsBinned| stats coun...

by New Member in

Extracting Key Value Pairs from a JSON object and convert them to fields

Hello Splunk Community, We have two types of logs being forwarded to splunk a simple .log file and json logs that a...

by Loves-to-Learn Lots in

How to find the no of days different between indexed date time and the field exists date in my search?

Hi, i am new to splunk, i need to find the number of days different between indexed time date and the field exists da...

by Explorer in

InfoSec App Datamodel Searches

I'm trying to use the CIM to look at some firewall data in the InfoSec app. I've setup the event tagging and field al...

by Path Finder in

how to find differnce between epoch

When i try to find the difference between two epoc1)find the days range i get blank values2) and i need to filter onl...

by Explorer in

Repeat index and host time in tablerow

Hi, i need index time and host time to repeat for each data for host, printedA_epoch & printedb_epoch, how can i achi...

by Explorer in

eval status=if ("inputlookup line x<70% and x+1>50%) Boolean While Loop?

Hello, I am looking for some help on status evaluation. What I am trying to do is create a eval column where you ei...

by Engager in

How to sum one field values based on other fields values

i'm trying to sum one of the fields values based on the other field values. For example Source Remediated ...

by Communicator in

inputlookup in search macro generates error message

My search consists solely of a call to a search macro. It looks like this: `blabla1(host="blabla2", mon-host="blabl...

by Explorer in

Use of predict command for alerting

Well , I want to create an alert which alert me whenever there is spike in Errors. Currently we are comparing say pas...

by Path Finder in

Using multivalue field as field-list for transaction

When multivalue field is given as field-list for transaction, transaction does not attempt to combine the events desp...

by Engager in

How to fetch mathed fileds values from index with lookup table ?

Hi Team, I tried all possibilities to extract the data from index which are matched field values with lookup table ...

by Engager in

How to optimize a search which contains a join of 2 queries having different time picker each ?

Hi, I have a performance issue with a query using a "join" command. The problem is that the first search using a ti...

by Builder in

I'd like to get an idea for data grouping.

I have numeric data.I'd like to group the data.It is easy to use 'Kmeans' command, but it cannot be necessarily k=3.I...

by Explorer in

Joining search in Splunk using Ticket Number Field

Greetings, I am new to Splunk and I have an assignment where I needed to extract data based on ticket number and time...

by Explorer in

Regex assistance - Blacklist host.

Team, I would like assistance with creating regex,specifically to blacklist 1 host name - happens to be the spunk s...

by Observer in

Lookup with hundreds values for one field

Still new to Splunk, seeking for some help. I have a index=account_Information, with account_number, cell_number, ...

by Observer in

Script for idle logger

Please i need a script that can give result when there is an idle logger, or when the fowarder isnt feed any informat...

by Path Finder in

change how outputlookup assigns permissions and ownership to new files

Years back the outputlookup command would create a csv lookup file in the user's app folder making it Private and own...

by Path Finder in

Need help to encircle the table row based on the selected date in drilldown instead of cell highlight

Hi, I am looking for solution to encircle the entire row with a red line instead of highlighting the table row. I h...

by Path Finder in

Comparing values between two columns

Hi, I have a table like below where multiple entries of same ticket numbers are displaying as these are taken from th...

by Explorer in

Search - count by 2 fields

Hello, I have a live database feed through DB Connect. This feed is having incidents data for different teams and _...

by Contributor in

Extract Json Fields

We want to extract Json key&Value pairs, but source is prefixing the text before Json data.Please let us know the sea...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Scatterplot elapsed time by date with both earliest and latest query matches

How to attract a specific word from string using rex?

Distribution function using bin

Extracting Key Value Pairs from a JSON object and convert them to fields

How to find the no of days different between indexed date time and the field exists date in my search?

InfoSec App Datamodel Searches

how to find differnce between epoch

Repeat index and host time in tablerow

eval status=if ("inputlookup line x<70% and x+1>50%) Boolean While Loop?

How to sum one field values based on other fields values

inputlookup in search macro generates error message

Use of predict command for alerting

Using multivalue field as field-list for transaction

How to fetch mathed fileds values from index with lookup table ?

How to optimize a search which contains a join of 2 queries having different time picker each ?

I'd like to get an idea for data grouping.

Joining search in Splunk using Ticket Number Field

Regex assistance - Blacklist host.

Lookup with hundreds values for one field

Script for idle logger

change how outputlookup assigns permissions and ownership to new files

Need help to encircle the table row based on the selected date in drilldown instead of cell highlight

Comparing values between two columns

Search - count by 2 fields

Extract Json Fields

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions