Splunk Search

Discussions

Thread Info

Timechart with Convert Timeformat

So i can build a timechart like this: | timechart limit=3 span=1m count by host useother=F But when I export ...

by Motivator in

My splunk stats count is showing count but unable to view the events

Hi, When I search for a particular index in my splunk I am not getting any events data. However, when I do search the...

by Explorer in

Detecting outlier based on result of timechart

Hi, I am trying to detect if any of the server in farm decrease in performance. I can see performance going down ...

by Engager in

Odd Data Extraction via Rex

Hello, I am trying to extract data for this log. I have the data logged into the search. What's odd is when I atte...

by Path Finder in

Trim or replace a Token value in Dashboard

Im creating link to different dashboards based on the application clicked on from the main form So i have a token ...

by Path Finder in

Eval Token expression - How to set a token with eval?

Eval Token expression - How to set a token with eval? I'm trying to set a token with eval. $row.ReportName$ is...

by New Member in

Error when trying to extract fields

I currently am trying to extract the externalDropshipId from the following log "updatedTimestamp" : "2019-12-23T2...

by Path Finder in

Confusion with count

I have a source with 100,000 events. For an Interesting field "action" where it has value as "purchase" with a count ...

by Communicator in

correlate 2 events

Hi Guys, We will have 2 events within a fraction of 3- 4 seconds when ever a user fail to login to our application...

by Path Finder in

Extract the second word with the events

All, I'm able to extract the second word but now the requirement is little different. _time _raw Shivera 346.78...

by Explorer in

Convert Time Format

Hi , In splunk query i need to convert time format as below . Current format - 08:09.23 AM, Fri 06/10/2016 R...

by Loves-to-Learn Lots in

How to configure a search for metadata

I have a number of Jenkins jobs for which I would like to create a dashboard with search (pull downs, form fills). Th...

by New Member in

Splunk Query to get time taken by each application in a transaction

Hi All, I am new to splunk. I got a transaction which is flowing through multiple applications. I got a requiremen...

by New Member in

Search the strings that are not available in lookup file

All, I have a question on how to perform a search with the strings that are not available in lookup file.. I ha...

by Explorer in

Regex / Transforms issue.

Hi Regexian Splunkers, I have an event that looks like so: 2020-02-20 20:22:02.202020 test:>"value" test1:>"v...

by Contributor in

How to add 30 day average into Splunk license usage search?

I am using the Splunk 30 day usage search and would like to add the 30 day average into the search and then as on ove...

by Influencer in

How do I get my transaction search to use the first start event as the starting point?

Hi, i have log file and i am using startswith Starting Dispatcher and endswith completed. but some times in the log t...

by New Member in

splunk syntax search a subnet

All, I want search a subnet over all indexes and sourcetypes. The subnet is 5.5.0.0/16 How would the query look so...

by Path Finder in

[subsearch]: Subsearch produced 1313901 results, truncating to maxout 50000

I am getting subsearch error while using the join command in my search. I have to use join command to connect 2 sourc...

by Builder in

Subsearch Help

I have the following search: index="*" sourcetype=endpoints [search index="*" signature="sig_id" | dedup dest | fi...

by Communicator in

"Could not load lookup" error on Indexers

We upgraded our indexers from 6.6.4 to 7.3.3 and now any search gives us: [sptsp005] Could not load lookup=LOOKUP-...

by Engager in

How can I create a time chart grouping the data per 5 minutes, but showing every minute?

Example: _time---value---group 00:01------2---------2 00:02------3---------5 00:03------4---------9 00:04------2--...

by New Member in

Trim braces from a token variable-Dynamic dashboards

Im creating link to different dashboards based on the application clicked on from the main form So i have a variab...

by Path Finder in

Splunk CLI and UI give different search results

I index manually through UI the log file i wish to index (Data Inputs > Add new > Index Once) and select all the conf...

by New Member in

Search for Suspicious Logon Behavior

Hello there. I want to build a query that alerts off when a single source IP or source computer is attempting to logo...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Timechart with Convert Timeformat

My splunk stats count is showing count but unable to view the events

Detecting outlier based on result of timechart

Odd Data Extraction via Rex

Trim or replace a Token value in Dashboard

Eval Token expression - How to set a token with eval?

Error when trying to extract fields

Confusion with count

correlate 2 events

Extract the second word with the events

Convert Time Format

How to configure a search for metadata

Splunk Query to get time taken by each application in a transaction

Search the strings that are not available in lookup file

Regex / Transforms issue.

How to add 30 day average into Splunk license usage search?

How do I get my transaction search to use the first start event as the starting point?

splunk syntax search a subnet

[subsearch]: Subsearch produced 1313901 results, truncating to maxout 50000

Subsearch Help

"Could not load lookup" error on Indexers

How can I create a time chart grouping the data per 5 minutes, but showing every minute?

Trim braces from a token variable-Dynamic dashboards

Splunk CLI and UI give different search results

Search for Suspicious Logon Behavior

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

Your summer travels continue with new course releases

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions