Splunk Search

Discussions

Thread Info

Why are we getting message "waiting for queued job to start..." and search job takes 5 minutes to run?

Hi, One of my customers received a "waiting for queued job to start" message today, and it then took about 5 minut...

by Champion in

merging 2 fields based on a common 3 field in the same index

I have an index with multiple fields that I have created using "Extract new fields". The following is the what my cur...

by Engager in

How to calculate the Average Weighted as definition?

Hello All I have been looking on the forum for a solution on how to calculate the average weighted. I see several ...

by New Member in

How to change format and then insert+combine them

Hello. Could anyone help me out? I have a DoB string with the following format dob='2002-01-03' I would like to ...

by New Member in

How to get a direct count of results which are over a certain amount?

I've set up the following search with a count of events based on specific time frames over a week span: index=epac...

by New Member in

Timetable/Schedule is been given in lookup table, how to use it in splunk query

Hi Splunkers, I am stuck in a situation where I have been provided an input lookup file containing operational hou...

by Explorer in

How to read different time slots from lookup table

Hi splunkers, I have a situation to read different operational hours of same bin size for the last 3 days Scena...

by Explorer in

chart only display when event exist at day / day hour

Hi how to display in chart only the days (or day & hour) when a „event“ (in my case speedtest results) is/are avai...

by Explorer in

Why doesn't a > WHERE clause work when an = does?

I cannot seem to get my search to return results when comparing a property with a greater than comparison even though...

by New Member in

Why does appendcols only show a fraction of overall search?

index=* App=appA OR appB OR appC | stats sum(Rate) as appSumRate by _time, App | appendcols [ search index=* App=a...

by Explorer in

How to customize the time range picker to only show "Date Range" as an option using XML?

How do I customize the time range picker to only show "Date Range" as an option? using XML..... Ive read all the answ...

by Explorer in

finding root cause of exception from stack trace

Hi, How can we show the root cause of any exception from the stack trace(if stack trace is available)? Currentl...

by Path Finder in

Overwrite _time with field only shows all entries in timechart ignoring the timeframe selected

Hi, I need to perform a timechart count for a particular field. The dates in the field aren't related to the timestam...

by Explorer in

Querying auth failures using ldapsearch and inputlookup

Hello there, There are a couple of queries that I use to search for authentication failures on members of high-pri...

by New Member in

merge search between 2 index

We need to merge results from two indexes, I mean, I need any successfully login for users at the same time from t...

by Path Finder in

Get current user from Custom Search Command

Hello Splunkers, I am developing an app containing a Custom Generating Search Command. (I think the Generating par...

by Engager in

index growth in last 7 days

Hi, Using below query now i am showing the trend of growth of one particular index for last 7 days. index=_intros...

by Communicator in

UTF-8 searching not working in Splunk 8.0

Hi after upgrading to Splunk 8.0 our searches with UTF-8 characters failed to work. Why can't we search on data wi...

by Engager in

charting the percentage from more files based on value field

Hello, I'm facing with a chart representation monthly based. Every month I receive 3 files like the follow: 01/...

by Explorer in

Using the transforms.conf file to only forward events that match a regex.

I've got a log file that get's 2 different event formats depending on if debugging is turned on. When debugging is tu...

by Path Finder in

Contingency table using dictated column fields

I am currently looking to make a table that shows how variables from 5 fields (the first five rows that splunk says h...

by New Member in

How to convert JSON with multiple values for same metric name in to metric points

I have a sample JSON object containing multiple values for same metric_name which is CPU_usage. How to convert it in ...

by Contributor in

My events are in the below mentioned description format, How can extract fields with multi values, perfect solution/query ?

Event 1: Filesystem Type Size Used Avail UsePct MountedOn /dev/mapper/rootvg-rootlv ext3 6.0G 4.0G 1.7G 71% / /dev/sd...

by Engager in

How multivalue of field can be extracted in the below mentioned event , all the events are in the same format, any solution/query ?

Filesystem Type Size Used Avail UsePct MountedOn /dev/mapper/rootvg-rootlv ext3 6.0G 4.3G 1.4G 77% / /dev/sda1 ext3 1...

by Engager in

where does splunk store output of shell scripts?

Hi, On Splunk forwarders, we have few shell scripts in "SPLUNK_HOME/etc/apps/my_app/bin/" that are being run. Just...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why are we getting message "waiting for queued job to start..." and search job takes 5 minutes to run?

merging 2 fields based on a common 3 field in the same index

How to calculate the Average Weighted as definition?

How to change format and then insert+combine them

How to get a direct count of results which are over a certain amount?

Timetable/Schedule is been given in lookup table, how to use it in splunk query

How to read different time slots from lookup table

chart only display when event exist at day / day hour

Why doesn't a > WHERE clause work when an = does?

Why does appendcols only show a fraction of overall search?

How to customize the time range picker to only show "Date Range" as an option using XML?

finding root cause of exception from stack trace

Overwrite _time with field only shows all entries in timechart ignoring the timeframe selected

Querying auth failures using ldapsearch and inputlookup

merge search between 2 index

Get current user from Custom Search Command

index growth in last 7 days

UTF-8 searching not working in Splunk 8.0

charting the percentage from more files based on value field

Using the transforms.conf file to only forward events that match a regex.

Contingency table using dictated column fields

How to convert JSON with multiple values for same metric name in to metric points

My events are in the below mentioned description format, How can extract fields with multi values, perfect solution/query ?

How multivalue of field can be extracted in the below mentioned event , all the events are in the same format, any solution/query ?

where does splunk store output of shell scripts?

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

Your summer travels continue with new course releases

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions