Splunk Search

Ask a Question

Discussions

Thread Info

Total time taken to execute a log

I am writing a query which will give total time taken by a log/event for execution in milliseconds : index=xyz clus...

by Loves-to-Learn in

instr in Splunk ?

Below is one of my fields. Quite complex, I know It could be divided to more atomic values .. but it is not [Au...

by Path Finder in

Need help in listing the time gaps in a multi-value field

Hi, I need help in extracting the time gaps in a multi-value field represented as Date. My data output looks like t...

by Path Finder in

Removing FQDN from field values

Removing FQDN from field values Hi all, can anyone help me with framing the SPL query for the below requirement. ...

by Explorer in

Query to check all apps in lookup that haven't had an event in the last 90 days.

I have a lookup that has saved all apps installed on our deployment server. I need a query that checks all apps in th...

by Engager in

How to use aggregates to filter data and join the result to another search?

Hello, I have an index with events, where events belong to a transaction (transaction_id). I am interested in trans...

by Loves-to-Learn in

Ignore time zone in searches

Hi, is there a way of ignoring the time zone in the searches? Currently, Splunk will reinterpret the difference in ti...

by Builder in

Find an error in 1st system and then find errors close in time in a 2nd system

"Find event in one search, get related events by time in another search"Found some related questions but could not fo...

by Explorer in

Anomalydetection

Hello Splunk team, I was troubleshooting one query with anomalydetection command (https://docs.splunk.com/Documentati...

by New Member in

Extract Field values and plot on time series graph

I would like to extract the Message, Timestamp, and serial fields Then I would like to plot the target: Temp(315600...

by Path Finder in

How to validate the data before and after the migration?

Let's say I have a database that is pulled from an application on a daily basis into Splunk and accessed via DBXquery...

by Motivator in

Understand which HF send data to whic index

Hi Splunkers, currently we are managing an Enterprise Splunk environment previously managed by another company. As sa...

by Contributor in

Eval random function.

How do I format a returned int into a phone number with the hyphen using the eval random function. What I have...

by Path Finder in

Joining indexes once again

Still it find me difficult to understand logic of joining two indexes. Below the query which is almost suits my needs...

by Path Finder in

Only show fields that has the word Read in them

Hello!I have the following search: | mstats avg(*) as * WHERE index=indexhere host=hosthere span=1 by host |ti...

by Engager in

Add Secondary search variable in primary search

index="ss-stg-dkp" cluster_name="*" AND namespace=dcx AND (label_app="composite-*" ) sourcetype="kube:container:main"...

by New Member in

Calculate VPN duration per user

Dears, I am trying to calculate how the total duration each user spends connected through VPN, their total onli...

by Loves-to-Learn Lots in

Multiple Field extraction using regex

Hi team, I need to extract the highlighted field in the below messege using regex... I have tried Splunk inbuilt fi...

by Path Finder in

Export modal popup panel to pdf?

I have a dashboard X consisting of multiple panels (A, B, C) each populated with dynamic tokens. Panel A consists of ...

by Path Finder in

Data can not be inherited ?

Hello everyone, I am a newbie in this field, I am looking forward to your help. I am using Eventgen to create data ...

by Loves-to-Learn Lots in

Need to send email notifications to the users and service-ids who are utilizing CPU.

index=XXX sourcetype=XXX [|inputlookup Edge_Nodes_All.csv where Environment="*" AND host="*" |fields host] |fields cl...

by Loves-to-Learn Everything in

appendcols and streamstats with alltime

Hi all I have a search that works for a range of a few days (eg earliest=-7d@d), but when running for alltime it br...

by Communicator in

regex help, extract time and convert to epoch and show only if epoch time is within 24 hours ago

hi, i currently have this data and i would like to see if i can extract the date and time and see if it can display t...

by Path Finder in

Default Log format for splunk

I see some post about rules for splunk logs. But I don't find a list of rules. My applications logs a lot of lines...

by Explorer in

fetch todays filename and check with last 30 days filename for splunk alert

Hi, I want to create alert based on file received. Everyday at randomly we used to receive files. ex. file name...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Total time taken to execute a log

instr in Splunk ?

Need help in listing the time gaps in a multi-value field

Removing FQDN from field values

Query to check all apps in lookup that haven't had an event in the last 90 days.

How to use aggregates to filter data and join the result to another search?

Ignore time zone in searches

Find an error in 1st system and then find errors close in time in a 2nd system

Anomalydetection

Extract Field values and plot on time series graph

How to validate the data before and after the migration?

Understand which HF send data to whic index

Eval random function.

Joining indexes once again

Only show fields that has the word Read in them

Add Secondary search variable in primary search

Calculate VPN duration per user

Multiple Field extraction using regex

Export modal popup panel to pdf?

Data can not be inherited ?

Need to send email notifications to the users and service-ids who are utilizing CPU.

appendcols and streamstats with alltime

regex help, extract time and convert to epoch and show only if epoch time is within 24 hours ago

Default Log format for splunk

fetch todays filename and check with last 30 days filename for splunk alert

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

October Community Champions: A Shoutout to Our Contributors!

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions