Splunk Search

Ask a Question

Discussions

Thread Info

eval round

Hi all, During evaluating round I got the error: | stats avg(duration) AS "booking average time" by hours | eval "...

by Path Finder in

help with if-else statement

Hello, I have this query : index="prod" eventtype="csm-messages-dhcpd-lpf-eth0-sending" OR eventtype="csm-messa...

by Communicator in

Search syntax help

I import csv files structure like following A Last Login Region Disable abc@abc.com 3/23 18:00 HK No tbc@tbc.com ...

by Engager in

visualization

in a line chart after reaching a threshold it needs to show in different color how is it ??

by Explorer in

Joint two table with subrow

I' struggle with joining two following table: Table1 Table 2 The row company of table 1 contains two ...

by Engager in

Results no show for users

Hi I create report and share with users (join to ldap server). they can see report but when click on numbers that sho...

by Motivator in

Relative and Exact Time

Hello, I am using these two commands at the end of my search, and it works. | timewrap d | where _time >= relative...

by Builder in

transpose xyseries not helping

Need to transform like this. Please help. Before: Col1----Col2 Name1---- a ------------b --------c ...

by New Member in

extract fields from multiple events.

Below are my events. Event1:contains Messages Id and Status Event2: contains Messages Id and Origin Event3: contains ...

by New Member in

report on disk usage spikes?

Need a report that: Lists volumes with significant disk usage spikes over a given timeframe.Plots those disk usage...

by Contributor in

Use field values in a query for loop

Hi, I want to use field values for a search query and then export the results for each field value to a CSV For examp...

by New Member in

Extracting Field from 2 different events

Dear All, I want to extract fields from the below events. The problem I'm facing is that the fields are not in har...

by Explorer in

Bell curve from stats

I haven't seen much on creating a bell curve in Splunk. I've created a query that returns 30,000 events for 40+ assoc...

by Explorer in

can we make a field to _time and pass values through earliest / latest in splunk

can we make a field to _time and pass values through earliest / latest or through Time range button ?

by New Member in

Is it possible to use base search in append sub search?

I want to use base search for query2 as well Thanks!

by Path Finder in

How do I use a field gathered from one search in a completely independent search (without a join)

I need to do one search with value A in the logs to get value B, then search on value B in another, independent searc...

by Loves-to-Learn in

Is the search job inspector option the best way to determine the performance of a search query?

Hi, I am pretty new to Splunk and wanted to know how to determine the performance of a query? Is it through the "I...

by Explorer in

Search Bar - large queries fail to execute and cause "Disconnected from Server" error?

When I attempt to enter very large queries into the search bar I get errors in chrome and eventually a "disconnected"...

by Path Finder in

Can you specify timezone in a REST API search?

I'm using the REST API with a one-shot search to pull back some previously summarized information. The summary indexi...

by Builder in

Create new fields based on value of another fields.

Hi All, In my log, I have one field called ServerName. Below are some values of that field. DAAPP2aBANG2 DFAPP20bL...

by Engager in

I want to omptimize the regex? ErrorMessage : 'rex' command: has exceeded configured match_limit, consider raising the value in limits.conf.

| rex field=_raw max_match=0 "BodyOftheMail_Script\s=\s\[\sBEGIN\s{0,}(?<BodyOftheMail>.((.|\n)*?)(?=\s{1,}END\s\]))"...

by Path Finder in

How to merge two events with same field into one

I have two rows having follwing values: Name Text Count A ABC 1 A EFG 1 I want that my result should be displayed ...

by Explorer in

timechart linechart to display in and out per device

Hi, I have a query which gives me in_usage and out_usage for a device per metric bla bla ...| table Device metr...

by Communicator in

Not able to get number of days between now() and a date

Hi Experts, I am trying to get number of days between current date and another date being generated by my query an...

by Path Finder in

Combine Data model data with another search for a match

Hi all, I have CTI data that somes into splunk and id like to correlate for matches in indexes against the CTI dat...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

eval round

help with if-else statement

Search syntax help

visualization

Joint two table with subrow

Results no show for users

Relative and Exact Time

transpose xyseries not helping

extract fields from multiple events.

report on disk usage spikes?

Use field values in a query for loop

Extracting Field from 2 different events

Bell curve from stats

can we make a field to _time and pass values through earliest / latest in splunk

Is it possible to use base search in append sub search?

How do I use a field gathered from one search in a completely independent search (without a join)

Is the search job inspector option the best way to determine the performance of a search query?

Search Bar - large queries fail to execute and cause "Disconnected from Server" error?

Can you specify timezone in a REST API search?

Create new fields based on value of another fields.

I want to omptimize the regex? ErrorMessage : 'rex' command: has exceeded configured match_limit, consider raising the value in limits.conf.

How to merge two events with same field into one

timechart linechart to display in and out per device

Not able to get number of days between now() and a date

Combine Data model data with another search for a match

Celebrating Fast Lane: 2025 Authorized Learning Partner of the Year

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions