Splunk Search

Ask a Question

Discussions

Thread Info

print latest and values of status in an order.

I have some this like this |stats value(status) by time, id I want to print the latest time, values(status) i...

by Contributor in

What will this query do? (This is a saved search running on cron *****)

Hi Please help me understand what will this saved search do? index=os sourcetype=splunk_health_check |eval value=d...

by Path Finder in

Extracting filename from verbose message

I am trying to write a splunk query to create a dashboard. I have message from where I need particular part as fil...

by Explorer in

Data manipulation. Is this feasible ?

Let's say I have a CSV with 2 columns So I have transactions count per day mentioned against the date.. Now I want to...

by Contributor in

Timechart for a span=2hrs not splitting from 00:00

For example in the below search, when I try to perform timechart for span=2hrs, why it always takes from 23:00 of the...

by Path Finder in

Conditional search

Below is the log example. Fri Oct 11 20:01:48 2019: History was not closed with a proper agent termination after the ...

by New Member in

How do I find the time period when my events were in a particular state

I am new to splunk and I am ingesting data from smart lights from my home into splunk, I want to create dashboard to ...

by Splunk Employee in

How to use a lookup after an inputlookup

I can't get a search to work, the column I want to add with a lookup stays empty. The following example lookup I'm...

by New Member in

How to add different marker types for different lines in one chart?

Hi, I have 3 lines in 1 chart (average, threshold, total_alarm) I would like to use different marker types for the 3 ...

by New Member in

Convert audit.log TTY data

I'm sending my splunk server /var/log/audit.log data from each client machine (splunkforwarder). I have logging of TT...

by Explorer in

Search _internal for metrics from non-indexer instances

Hi, I need to perform a search on forwarder data from the _internal index, but I need to exclude my indexers from ...

by Path Finder in

send job to background - resume after splunkd windows service restart?

Hi, I have sent a query manually to the background as a job. It will run quite long since the disks are not the fa...

by Explorer in

Not able to map 2 different type of events

I have following below scenario Different stages of orders placed happens in below sequence order-process start...

by Communicator in

Update search command string of search Manager by js

i have an button that change the search command string, i want to update that string to "search" of searchManager and...

by Engager in

count users who access the system only once per week or only 52 times per year

Hi, I have user names in the field ContextUsername in index/ sourcetype index=otcs sourcetype=OtcsSummarytimings. ...

by Explorer in

Parameters in script

Hi, I have a script which needs parameters to be passed. I know that I can enroll the script in the input.conf file b...

by Explorer in

Calculating fields containing multiple values

I have two fields that each contain the same number of multiple values. One contains epoch times for the start of an ...

by Explorer in

How do I divide my other results from one specific result?

Currently I have index=* Name=rateA OR rateB OR rateC OR rateD OR rateE | stats sum(Rate) as sumRate by _time, Nam...

by Explorer in

How do I select a time frame for events?

For the following search, I want to display the earliest and latest events within a duration of a year. However, I wa...

by Explorer in

Append Column Header Field with Multivalues

I need to show my table column header in below format. I need to get column name and static header under my column. ...

by Path Finder in

eval condition help on manipulating a field which has multiple field values?

I have an eval condition in my query as follows My_query | eval object=host." (".id.")" | table host object ...

by Builder in

SPL: Clicking sort order in a table, doesn't display null values

Hello, Here is my SPL (although I don't believe it is necessary(?) as this is a (mis)functioning of SPL in general). ...

by Builder in

Time input is not displaying the correct time

Hi I have a table in Splunk dashboard where there is one time input that picks what gets displayed on the panel. Say...

by Explorer in

How to avoid the overuse of appendcols?

Hi Splunkers! Just wondering whether anyone can advise me on how to tune the following search statement? The reas...

by Path Finder in

Why are there no results when time range is set between anything less than time posted?

I am plotting a timechart based on a datetime field (timestamp) in the event. The search looks like: * "logname=c...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

print latest and values of status in an order.

What will this query do? (This is a saved search running on cron *****)

Extracting filename from verbose message

Data manipulation. Is this feasible ?

Timechart for a span=2hrs not splitting from 00:00

Conditional search

How do I find the time period when my events were in a particular state

How to use a lookup after an inputlookup

How to add different marker types for different lines in one chart?

Convert audit.log TTY data

Search _internal for metrics from non-indexer instances

send job to background - resume after splunkd windows service restart?

Not able to map 2 different type of events

Update search command string of search Manager by js

count users who access the system only once per week or only 52 times per year

Parameters in script

Calculating fields containing multiple values

How do I divide my other results from one specific result?

How do I select a time frame for events?

Append Column Header Field with Multivalues

eval condition help on manipulating a field which has multiple field values?

SPL: Clicking sort order in a table, doesn't display null values

Time input is not displaying the correct time

How to avoid the overuse of appendcols?

Why are there no results when time range is set between anything less than time posted?

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

September Community Champions: A Shoutout to Our Contributors!

Community Content Calendar, October Edition

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions