Splunk Search

Discussions

Thread Info

How to combine two different time source fields into _time

Dears; how can I combine Date/Time of two different source as follow; CSV-01(pic-1) and CSV-02(pic-2) input in ...

by New Member in

Lookup slowing performance ways to optimize

Hi , I have the following search query that lookups definition file TeamsLookupDef which has 200 mappings between api...

by Explorer in

for each column return max value and row key value

Hello, I have SPL search that returns output in the following format: Device K1 K2 K3 A x1 y1 z1 B x2 y2 z2 C x...

by New Member in

while using streamstats avg(daycount) the resulting stats are out of order

My current search string looks like this: index=cisco host=cr0* OR host=SC0* | stats count as daycount by date_mon...

by Explorer in

Data Model: TStats time-functions get latest NOT NULL

Hi, I'm having trouble retrieving my fields from an accelerated data model. The main problem is that most of the f...

by Path Finder in

Replace Text result

Hi i try to changue this result of Active directory : 01/14/2020 08:43:35 PM LogName=Security SourceName=Micro...

by New Member in

Generate a lookup for EPS

Hello. I have an index with traffic from 10 devices. I want to generate a lookup that contains the avg EPS over th...

by Path Finder in

splunk db connect

Hello community , I would like to know where splunk db connect stored data ?

by Path Finder in

I'm trying to move fields from multi value fields using mvindex. Currently under "time" field I have only 3 values so i am easily moving them as new field. Is there anyway to automate this process without hard coding it?

time = 9:30 10:30 11:30 Currently I am doing this | eval first.time=mvindex(time, 1), second.time=mvindex(time, 2),...

by Explorer in

How to divide a sum based values/count ?

| stats sum("Sum of consumption") as Total_Consumption count as Session I got as a result in splunk / statistic...

by New Member in

Retrieve configuration items from a custom python search command

I would like to get configuration items from within a custom search python command. I have created a setup which a...

by Explorer in

pass value of field from one search to another when using appendpipe

**I have a below search query:** | inputlookup splunk_report_test.csv | where report_type="upcoming_offers" | looku...

by Communicator in

how to avoid breaking event order of multi value field

Hi community, I am wondering, how can i keep the data of multi value field based in the order it happened, when sh...

by Explorer in

How to returns 0 or null if no results with tstats over time?

First of all, I apologize if I missed the answer somewhere and for my bad english. I try to supervise my hosts, in...

by Engager in

Filter multisearch results after matching on _time

Definitely a noob, and I must be missing something simple... I have two log files reporting the same error at simi...

by New Member in

Search result Not consistent

Hello Folks, I am new to splunk SDK and i am trying to write a code that search and return a search result from th...

by New Member in

There are a list of apps present on shcluster , how to check if any knowledge objects are associated/mapped to each apps?

I have multiple apps on shcluster, "/application/splunk/etc/shcluster/apps" . I need to check if there are any Knowle...

by Explorer in

How to use rex to perform field extraction from the end of the field as opposed to the beginning

I want to extract the top level domain from the CN field of a certificate in Splunk. The CN field may have multiple l...

by Explorer in

Index feed is having low throughput

Dear All, I am a SplunkAdmin and we are facing significant data low throughput in some of the indexes. There are m...

by Explorer in

Is it possible to run a search within an eval if statement?

Hello, I am wondering if it possible to do a search within an "if" statement. I have tried what I have in the sea...

by New Member in

Splunk Other category when group by

Hi, I have saved search below Queryone and want to classify anything not falling under regx pattern for APIFamily in ...

by Explorer in

Splunk group by value with pattern matching

I have saved search below FirstQuery which group by values with pattern matching and want to classify anything not fa...

by Explorer in

Search query: Unique values based on time

Hi Community, I'm using the search query to search for the user activity and I get the results with duplicate rows wi...

by Path Finder in

Create a query to compare Asset Inventory to see if an Asset exists between data pushes?

I am trying to create a dashboard that will showcase, between data pulls, the assets that no longer exists in the ind...

by New Member in

Convert a string in ISO 8601 to local time zone (accounting for DST)

I have a string from a complex JSON event providing an ISO 8601 date/time in UTC. I want to convert it to the local t...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to combine two different time source fields into _time

Lookup slowing performance ways to optimize

for each column return max value and row key value

while using streamstats avg(daycount) the resulting stats are out of order

Data Model: TStats time-functions get latest NOT NULL

Replace Text result

Generate a lookup for EPS

splunk db connect

I'm trying to move fields from multi value fields using mvindex. Currently under "time" field I have only 3 values so i am easily moving them as new field. Is there anyway to automate this process without hard coding it?

How to divide a sum based values/count ?

Retrieve configuration items from a custom python search command

pass value of field from one search to another when using appendpipe

how to avoid breaking event order of multi value field

How to returns 0 or null if no results with tstats over time?

Filter multisearch results after matching on _time

Search result Not consistent

There are a list of apps present on shcluster , how to check if any knowledge objects are associated/mapped to each apps?

How to use rex to perform field extraction from the end of the field as opposed to the beginning

Index feed is having low throughput

Is it possible to run a search within an eval if statement?

Splunk Other category when group by

Splunk group by value with pattern matching

Search query: Unique values based on time

Create a query to compare Asset Inventory to see if an Asset exists between data pushes?

Convert a string in ISO 8601 to local time zone (accounting for DST)

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions