Splunk Search

Discussions

Thread Info

Is there any way to customize the default list of data fields collected by Splunk Mint iOS SDK?

We are using Splunk Mint SDK in our iOS app. By default it collects a lot of fields listed here - https://docs.splunk...

by New Member in

How can I find out the average run time of a query?

Based on Can I see the top skipped searches? I got a couple of offending queries, with a message such as - The max...

by Motivator in

Chart not sorting dates the way I would expect

Hello everyone, I have a self-service dashboard running in our Splunk Cloud V6.2 environment which displays index...

by Path Finder in

How to optimize a subsearch with a wide range?

I have a subsearch that I use to determine the first occurrence of the issue logged. I currently have an earliest=-4d...

by Explorer in

Exporting search results to Amazon S3 buckets

How can I export my search results or send alert results to an AWS S3 bucket?

by Influencer in

Search '!=' does not work after upgrading to Splunk 8

Anybody else having issues with search operator '!=' after upgrading to Splunk Enterprise 8? My search is index=m...

by Explorer in

Charting Assistance

I'm having an issue with a visualization. Works fine if I don't try to do the fancy eval but won't plot out in visual...

by New Member in

How many concurrent searches are possible in Splunk Cloud?

Hello, I am considering migrating an environment to Splunk Cloud. How many concurrent searches are possible in th...

by Explorer in

Combine result from 2 queries into same bar chart

I see such questions are frequently asked on this forum, but I still don't get a clear picture yet. I have my firs...

by Explorer in

Compare field value from different sourcetypes to list the value of the third field

Hi All, i have 2 files indexed as 2 different source types. In Sourcetype1 i created: 1. Field1 presents the value of...

by New Member in

Using 'by' clause overrides 'limit'?

I have used the following source="C:\Users\spali\Downloads\products\*" host="DESKTOP-K35HBNT" | top product_name pri...

by Communicator in

How to extract the same URL with dynamic values such as Session ID,CategoryID?

I want to group all the URL with dynamic values such as sessionid , category id ,etc, and display as 1 URL with count...

by New Member in

Can I see the top skipped searches?

Is there a way to categorize the skipped searches by volume, by time of invocation, etc? We are trying to understand ...

by Motivator in

How can I find the related search job to an error message in splunkd.log

Hi, we have an error message in splunkd.log. Error Message: "Invalid value "*" for time term 'earliest'" It h...

by New Member in

what's max # events I can have timestamped with a particular second? millisecond?

If that limit is breached, what will stop working? Is there a way to raise the limit? Merged question: I'm r...

by Splunk Employee in

Your search did not return any events because you are in Smart Mode.

@gcusello @richgalloway @woodcock Your search did not return any events because you are in Smart Mode. In what all s...

by Communicator in

REST vs. Normal Search

What is the difference between a normal search in Splunk and a search that incorporates the REST command?

by Communicator in

timechart and verbose mode

Why does when we run timechart, search mode changes to verbose? I ran this with smart mode and suddenly see it in ver...

by Communicator in

How to change color of row after column has a certain value?

I'm somewhat new to Splunk. I have a dashboard displaying a table with data. I have code that fills in the column...

by Explorer in

Why dedup when we have stats values function

@gcusello @woodcock @richgalloway Why do we need two functions for the same functionality? 'dedup' displays unique v...

by Communicator in

Get daily event count with reference to a field called "TIME_CREATED" rather than using index time

Tried to use the below query but unfortunately events are grouped with reference to _time index=omi_UAT host=* so...

by Loves-to-Learn Lots in

Need Regex

Hi Please help me with the regex for below 1) Hostname 2) IP address 3) UserID (for eg: vijay_111) 4) mail id

by Builder in

comparing data from index and input table

Hi Everyone, Thanks for your support too. I have indexed data of staff events from a source. One field in tha...

by New Member in

Change value of field at index time based on condition

Hi, I am wondering if its possible t change value of field based on condition at index time. For example: If...

by Path Finder in

On Splunk Search UI, The column and "edit mark" to edit the column are overlapped

When I run my custom search command, the results in Splunk's Statistics tab are appearing in a weird UI. The column a...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Is there any way to customize the default list of data fields collected by Splunk Mint iOS SDK?

How can I find out the average run time of a query?

Chart not sorting dates the way I would expect

How to optimize a subsearch with a wide range?

Exporting search results to Amazon S3 buckets

Search '!=' does not work after upgrading to Splunk 8

Charting Assistance

How many concurrent searches are possible in Splunk Cloud?

Combine result from 2 queries into same bar chart

Compare field value from different sourcetypes to list the value of the third field

Using 'by' clause overrides 'limit'?

How to extract the same URL with dynamic values such as Session ID,CategoryID?

Can I see the top skipped searches?

How can I find the related search job to an error message in splunkd.log

what's max # events I can have timestamped with a particular second? millisecond?

Your search did not return any events because you are in Smart Mode.

REST vs. Normal Search

timechart and verbose mode

How to change color of row after column has a certain value?

Why dedup when we have stats values function

Get daily event count with reference to a field called "TIME_CREATED" rather than using index time

Need Regex

comparing data from index and input table

Change value of field at index time based on condition

On Splunk Search UI, The column and "edit mark" to edit the column are overlapped

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!