Splunk Search

Discussions

Thread Info

Subsearch produced 50000 results, truncating to 50000 - Need help!

Hi, I am dealing with a situation here. Trying to join 2 queries to find out the peak hour volume in last 90 days on ...

by Explorer in

Calculate total continuous duration when value is equal or above static threshold with resetting calculation when it goes below

I have a log that contains numerical value which is logged irregularly: I would like to calculate (and show o...

by New Member in

How to get a percentage calculation ?

I am writing a query which is going to a scheduled report. I have 3 servers/hosts (serv1, serv2, serv3) whose average...

by Contributor in

average for a field value per n number of events

How would i find the average value of a certain field per a certain amount of events Example: i have 1000 events a...

by Explorer in

インデックス別データ取り込み量確認方法

Splunk7.3.3を利用しています。複数のインデックスを持っています。インデックス毎の1日あたりのデータ取込み量を確認する方法をご教授いただきたいです。

by New Member in

How to rex field to a field

I have a rex as such: | rex field=host "(?<sydney>10-92-3[2-4])" | rex field=host "(?<melbourne>10-92-11[0-2])" ...

by New Member in

how to loop through json array based on expression and create counter

i'm hardcoding some data like names, where i will pass in a token in the future, to create a simple example of what i...

by Engager in

timechart limit: pick top 10 series with the highest peaks (of all time), not total sums

I'm looking to investigate IP addresses with highest peak loads on our service. Here's my current query: applicati...

by Explorer in

How can I change the field values to another value ?

Hello Guys! I need to change the values that are present in the field "Item Codigo" . For example: 0405...

by Explorer in

New index does not show

I have created a second index called "nagios" exclusivly to collect data from my nagios install. Nagios has populated...

by Explorer in

Timechart and Order of Operations

I am struggling with the order of operations in my timechart query. I need to show the number of Users who accessed a...

by Communicator in

can some one help me with SPL

index= xxxxxx sourcetype=xxxxxx | eval import_time=strftime(_time, "%Y-%m-%d:%H") | eval import_timeday=strftime(_tim...

by Explorer in

I want to create an app which should show all the other apps in splunk ?

Hello, I want to create an app which should show all the app as home page for admins. I have like 15 apps which sh...

by Explorer in

Timechart peaks - replace sum with max

Hi all, I'm looking to create a timechart from a very large dataset. I just want to count the occurrence of a cust...

by Explorer in

How to display the exact date from time modifiers?

I would like to know how to display the exact date of the time modifiers which are specified in the earliest and late...

by Communicator in

Slow child dataset

Hello, Currently, we are using multiple datamodels for same data (post filters are different). Now we are trying t...

by Builder in

extract a field from event source filename

How can I configure Splunk to extract some fields from the source filename. I already specify a host_regex and th...

by Explorer in

Can Base Searches be nested?

I tried to do the following in a dashboard: First declare two base searches, the second one using the first one: ...

by Explorer in

Timechart visualization does not match statistics

I have a csv with just 2 columns Time & memory. the events look like this, so this is basically a csv extract of a se...

by Champion in

-45m@d what it means

Hi @gcusello hope you are doing good, As far as I understand, m@d means, beginning of the day, and -45m@d means, 45 m...

by Communicator in

I have a order data, I need to trend the order for last 15 days, plotting three values high, low and current in a same graph

I have a order data, I need to trend the order for last 15 days, plotting three values high, low and current in a sam...

by New Member in

Choose either of the available field from multiple queries

I am trying to search on two indices. Both of them have a field which represents time. But in one index, that field i...

by New Member in

Search to convert GMT to EST

I have events with GMT time .I want to convert to EST. Wed, 25 Mar 2020 21:43:31 GMT title="Webex Meetings: Users ...

by Builder in

How to use the value of a variable as a text for a timechart field

Hi, As part of my search, I'm building some strings with eval and assigning variable to it. I want to use these bu...

by Engager in

Adding the most recent _indextime/_time to results table

We are attempting to write a report querying multiple indexes, which creates a table using data from each. Our challe...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Subsearch produced 50000 results, truncating to 50000 - Need help!

Calculate total continuous duration when value is equal or above static threshold with resetting calculation when it goes below

How to get a percentage calculation ?

average for a field value per n number of events

インデックス別データ取り込み量確認方法

How to rex field to a field

how to loop through json array based on expression and create counter

timechart limit: pick top 10 series with the highest peaks (of all time), not total sums

How can I change the field values to another value ?

New index does not show

Timechart and Order of Operations

can some one help me with SPL

I want to create an app which should show all the other apps in splunk ?

Timechart peaks - replace sum with max

How to display the exact date from time modifiers?

Slow child dataset

extract a field from event source filename

Can Base Searches be nested?

Timechart visualization does not match statistics

-45m@d what it means

I have a order data, I need to trend the order for last 15 days, plotting three values high, low and current in a same graph

Choose either of the available field from multiple queries

Search to convert GMT to EST

How to use the value of a variable as a text for a timechart field

Adding the most recent _indextime/_time to results table

Splunk App for Anomaly Detection End of Life Announcment

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Answers Content Calendar May 2025!

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions