Splunk Search

Ask a Question

Discussions

Thread Info

what's max # events I can have timestamped with a particular second? millisecond?

If that limit is breached, what will stop working? Is there a way to raise the limit? Merged question: I'm r...

by Splunk Employee in

Your search did not return any events because you are in Smart Mode.

@gcusello @richgalloway @woodcock Your search did not return any events because you are in Smart Mode. In what all s...

by Communicator in

REST vs. Normal Search

What is the difference between a normal search in Splunk and a search that incorporates the REST command?

by Communicator in

timechart and verbose mode

Why does when we run timechart, search mode changes to verbose? I ran this with smart mode and suddenly see it in ver...

by Communicator in

How to change color of row after column has a certain value?

I'm somewhat new to Splunk. I have a dashboard displaying a table with data. I have code that fills in the column...

by Explorer in

Why dedup when we have stats values function

@gcusello @woodcock @richgalloway Why do we need two functions for the same functionality? 'dedup' displays unique v...

by Communicator in

Get daily event count with reference to a field called "TIME_CREATED" rather than using index time

Tried to use the below query but unfortunately events are grouped with reference to _time index=omi_UAT host=* so...

by Loves-to-Learn Lots in

Need Regex

Hi Please help me with the regex for below 1) Hostname 2) IP address 3) UserID (for eg: vijay_111) 4) mail id

by Builder in

comparing data from index and input table

Hi Everyone, Thanks for your support too. I have indexed data of staff events from a source. One field in tha...

by New Member in

Change value of field at index time based on condition

Hi, I am wondering if its possible t change value of field based on condition at index time. For example: If...

by Path Finder in

On Splunk Search UI, The column and "edit mark" to edit the column are overlapped

When I run my custom search command, the results in Splunk's Statistics tab are appearing in a weird UI. The column a...

by Path Finder in

confusion with @ symbol

I know that '@' rounds off to the nearest time. For example, if we have 9:37, shouldn't it round off to 10 instead of...

by Communicator in

There is no way to base a search on a date time field other than _time when using the datetime picker in the search app. Change my mind. PLEEEEEEASE!!!

All, I love Splunk as it makes tons of things super simple. Until it comes time to use the date time picker with any ...

by Path Finder in

How do I find the average time (by day) of an event?

I have a search that returns the time of the first instance of a specific event (field "firstaction") by date (field ...

by New Member in

Finding Outliers on event counts

I am trying to build a query to find outliers using avg and stdev on a perfmon counter but the counter is not a value...

by Explorer in

Can an alert's actions be data-driven?

Suppose, one has an alert defined for checking multiple application-instances. Can the actions defined for the ale...

by Path Finder in

How to search records sequentially?

I have a search: index=lab-testresults sourcetype=lab-testresults type=testCase and inside of the testCase I have a f...

by New Member in

How to Display Only Count of 0

Greetings, I've been trying to tweak an inherited report to only show the results where the count of events is bla...

by Path Finder in

Stats Sum question

I have sum (field) which has been piped into stats sum of another field, Not sure what is happening here. Kindly help...

by Communicator in

Multisearch on one index. need to add wieght to results and Timechart final results

All, I've been banging my head against the wall on this. Maybe its not possible, I don't know. I'm doing a multi sear...

by Explorer in

How to pattern match with the extracted field

I have a report generated with following fields, Field 1 , Field 2, Field 3. I have to create an alert based on...

by Path Finder in

multiple stats count function in the same search component

@gcusello I have multiple count functions in the same search component. What does it mean by that? What is really ha...

by Communicator in

How to display media field

Hi everyone, I'm trying this search but apparently Splunk doesn't have the same logic as SQl. Can someone give me ...

by Explorer in

How to search the results produced by the multireport command?

I have the following search: index="main" |rename Proj_repo AS Project | multireport [ stats values(Project) AS Pr...

by Path Finder in

Using NOT and != would return the same results.

(T/F) Using NOT and != would return the same results. For me, the answer is false but quizlet says true. I say false ...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

what's max # events I can have timestamped with a particular second? millisecond?

Your search did not return any events because you are in Smart Mode.

REST vs. Normal Search

timechart and verbose mode

How to change color of row after column has a certain value?

Why dedup when we have stats values function

Get daily event count with reference to a field called "TIME_CREATED" rather than using index time

Need Regex

comparing data from index and input table

Change value of field at index time based on condition

On Splunk Search UI, The column and "edit mark" to edit the column are overlapped

confusion with @ symbol

There is no way to base a search on a date time field other than _time when using the datetime picker in the search app. Change my mind. PLEEEEEEASE!!!

How do I find the average time (by day) of an event?

Finding Outliers on event counts

Can an alert's actions be data-driven?

How to search records sequentially?

How to Display Only Count of 0

Stats Sum question

Multisearch on one index. need to add wieght to results and Timechart final results

How to pattern match with the extracted field

multiple stats count function in the same search component

How to display media field

How to search the results produced by the multireport command?

Using NOT and != would return the same results.

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions