Splunk Search

Discussions

Thread Info

Bell curve from stats

I haven't seen much on creating a bell curve in Splunk. I've created a query that returns 30,000 events for 40+ assoc...

by Explorer in

can we make a field to _time and pass values through earliest / latest in splunk

can we make a field to _time and pass values through earliest / latest or through Time range button ?

by New Member in

Is it possible to use base search in append sub search?

I want to use base search for query2 as well Thanks!

by Path Finder in

How do I use a field gathered from one search in a completely independent search (without a join)

I need to do one search with value A in the logs to get value B, then search on value B in another, independent searc...

by Loves-to-Learn in

Is the search job inspector option the best way to determine the performance of a search query?

Hi, I am pretty new to Splunk and wanted to know how to determine the performance of a query? Is it through the "I...

by Explorer in

Search Bar - large queries fail to execute and cause "Disconnected from Server" error?

When I attempt to enter very large queries into the search bar I get errors in chrome and eventually a "disconnected"...

by Path Finder in

Can you specify timezone in a REST API search?

I'm using the REST API with a one-shot search to pull back some previously summarized information. The summary indexi...

by Builder in

Create new fields based on value of another fields.

Hi All, In my log, I have one field called ServerName. Below are some values of that field. DAAPP2aBANG2 DFAPP20bL...

by Engager in

I want to omptimize the regex? ErrorMessage : 'rex' command: has exceeded configured match_limit, consider raising the value in limits.conf.

| rex field=_raw max_match=0 "BodyOftheMail_Script\s=\s\[\sBEGIN\s{0,}(?<BodyOftheMail>.((.|\n)*?)(?=\s{1,}END\s\]))"...

by Path Finder in

How to merge two events with same field into one

I have two rows having follwing values: Name Text Count A ABC 1 A EFG 1 I want that my result should be displayed ...

by Explorer in

timechart linechart to display in and out per device

Hi, I have a query which gives me in_usage and out_usage for a device per metric bla bla ...| table Device metr...

by Communicator in

Not able to get number of days between now() and a date

Hi Experts, I am trying to get number of days between current date and another date being generated by my query an...

by Path Finder in

Combine Data model data with another search for a match

Hi all, I have CTI data that somes into splunk and id like to correlate for matches in indexes against the CTI dat...

by Path Finder in

Rename a field Value in a lookup file?

I have a lookup file called template.csv and it has field values, I want to rename a field value with another say man...

by Path Finder in

join multiple searches into field values

I would like to create Cache_Hit, Cache_Miss and Revalidate_Hit based on the below and doisplay them in the pie graph...

by New Member in

How can we deal with a negation of a transaction?

We have a working code that captures transactions from the firewall into the windows servers and all is perfect as th...

by Motivator in

Bundle reload is in progress. Waiting for all peers to return the status.

My splunk environment is: 1 Search Head 1 Deployment Server (Master Node) 2 Indexers (Cluster) I tried to implemen...

by Path Finder in

subtract meterRead from Yesterday’s meterRead

My electric meter sends a number but I want to subtract the current from the number an hour ago, so I can chart the u...

by Explorer in

How do I change the value of a field if a condition occurs?

Hi community! I'm using Splunk Entreprise to create dashboards with my client's ServiceNow incident information. ...

by Engager in

Weekly Average Append Subsearch Optimization

Hello, I have a search where I would like to compare the count of one search result against its running weekly averag...

by Explorer in

Summarized mail with multiples reports as single Pdf

Hello Team, I have requirement that is I need to send the schedule mail with PDF which should contain the multiple re...

by New Member in

How to join and get stats from same index?

Hi Experts, I have data set like below from same index but from different sourcetype, common field on which I can...

by Builder in

Checking latest version of microservice

I have got a query to check container metric for micro-services. There are currently multiple versions of micro-servi...

by Path Finder in

Why does my division of two fields return nothing?

I have the following query that is inteded to divide the "stats.hypervisor_cpu_ppm" field by 10000 and then show that...

by Explorer in

Need every time interval as a row even though the count of records is 0 in that interval

Hi, I am using below query to get the stats o/p of Total, Failure & Failure percent by couple of fields for every 15 ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Bell curve from stats

can we make a field to _time and pass values through earliest / latest in splunk

Is it possible to use base search in append sub search?

How do I use a field gathered from one search in a completely independent search (without a join)

Is the search job inspector option the best way to determine the performance of a search query?

Search Bar - large queries fail to execute and cause "Disconnected from Server" error?

Can you specify timezone in a REST API search?

Create new fields based on value of another fields.

I want to omptimize the regex? ErrorMessage : 'rex' command: has exceeded configured match_limit, consider raising the value in limits.conf.

How to merge two events with same field into one

timechart linechart to display in and out per device

Not able to get number of days between now() and a date

Combine Data model data with another search for a match

Rename a field Value in a lookup file?

join multiple searches into field values

How can we deal with a negation of a transaction?

Bundle reload is in progress. Waiting for all peers to return the status.

subtract meterRead from Yesterday’s meterRead

How do I change the value of a field if a condition occurs?

Weekly Average Append Subsearch Optimization

Summarized mail with multiples reports as single Pdf

How to join and get stats from same index?

Checking latest version of microservice

Why does my division of two fields return nothing?

Need every time interval as a row even though the count of records is 0 in that interval

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

StateSpaceForecast holdback and forecast_k for eva...

ITSI thresholds: adaptive vs static