Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
prot3ctor

How to change format and then insert+combine them

Hello. Could anyone help me out? I have a DoB string with the following format dob='2002-01-03' I would like to fo...
by prot3ctor New Member in Splunk Search 11-18-2019
0 7
0
7
mcram52

How to get a direct count of results which are over a certain amount?

I've set up the following search with a count of events based on specific time frames over a week span: index=epacka...
by mcram52 New Member in Splunk Search 11-18-2019
0 1
0
1
hanikawadhwa

Timetable/Schedule is been given in lookup table, how to use it in splunk query

Hi Splunkers, I am stuck in a situation where I have been provided an input lookup file containing operational hours...
by hanikawadhwa Explorer in Splunk Search 11-18-2019
0 5
0
5
hanikawadhwa

How to read different time slots from lookup table

Hi splunkers, I have a situation to read different operational hours of same bin size for the last 3 days Scenario:...
by hanikawadhwa Explorer in Splunk Search 11-18-2019
0 1
0
1
buzek

chart only display when event exist at day / day hour

Hi how to display in chart only the days (or day & hour) when a „event“ (in my case speedtest results) is/are avail...
by buzek Explorer in Splunk Search 11-18-2019
0 4
0
4
47024

Why doesn't a > WHERE clause work when an = does?

I cannot seem to get my search to return results when comparing a property with a greater than comparison even though...
by 47024 New Member in Splunk Search 11-18-2019
0 6
0
6
sbentley_ea

Why does appendcols only show a fraction of overall search?

index=* App=appA OR appB OR appC | stats sum(Rate) as appSumRate by _time, App | appendcols [ search index=* App=a...
by sbentley_ea Explorer in Splunk Search 11-18-2019
1 2
1
2
onegame999

How to customize the time range picker to only show "Date Range" as an option using XML?

How do I customize the time range picker to only show "Date Range" as an option? using XML..... Ive read all the an...
by onegame999 Explorer in Splunk Search 11-18-2019
0 1
0
1
prad18

finding root cause of exception from stack trace

Hi, How can we show the root cause of any exception from the stack trace(if stack trace is available)? Currently wh...
by prad18 Path Finder in Splunk Search 11-18-2019
0 6
0
6
andimnf

Overwrite _time with field only shows all entries in timechart ignoring the timeframe selected

Hi, I need to perform a timechart count for a particular field. The dates in the field aren't related to the timestam...
by andimnf Explorer in Splunk Search 11-18-2019
0 10
0
10
lbnsam

Querying auth failures using ldapsearch and inputlookup

Hello there, There are a couple of queries that I use to search for authentication failures on members of high-privi...
by lbnsam New Member in Splunk Search 11-18-2019
0 3
0
3
aalhabbash1

merge search between 2 index

We need to merge results from two indexes, I mean, I need any successfully login for users at the same time from two...
by aalhabbash1 Path Finder in Splunk Search 11-18-2019
0 1
0
1
maxdouglas

Get current user from Custom Search Command

Hello Splunkers, I am developing an app containing a Custom Generating Search Command. (I think the Generating part ...
by maxdouglas Engager in Splunk Search 11-18-2019
0 1
0
1
surekhasplunk

index growth in last 7 days

Hi, Using below query now i am showing the trend of growth of one particular index for last 7 days. index=_intr...
by surekhasplunk Communicator in Splunk Search 11-18-2019
0 2
0
2
MCG_RasmusToelh

UTF-8 searching not working in Splunk 8.0

Hi after upgrading to Splunk 8.0 our searches with UTF-8 characters failed to work. Why can't we search on data with...
by MCG_RasmusToelh Engager in Splunk Search 11-18-2019
1 0
1
0
gballanti

charting the percentage from more files based on value field

Hello, I'm facing with a chart representation monthly based. Every month I receive 3 files like the follow: 01/10/2...
by gballanti Explorer in Splunk Search 11-17-2019
0 2
0
2
JordanPeterson

Using the transforms.conf file to only forward events that match a regex.

I've got a log file that get's 2 different event formats depending on if debugging is turned on. When debugging is tu...
by JordanPeterson Path Finder in Splunk Search 11-17-2019
0 3
0
3
totho

Contingency table using dictated column fields

I am currently looking to make a table that shows how variables from 5 fields (the first five rows that splunk says h...
by totho New Member in Splunk Search 11-17-2019
0 2
0
2
ankithreddy777

How to convert JSON with multiple values for same metric name in to metric points

I have a sample JSON object containing multiple values for same metric_name which is CPU_usage. How to convert it in ...
by ankithreddy777 Contributor in Splunk Search 11-17-2019
0 4
0
4
Rakesh_597

My events are in the below mentioned description format, How can extract fields with multi values, perfect solution/query ?

Event 1: Filesystem Type Size Used Avail UseP...
by Rakesh_597 Engager in Splunk Search 11-16-2019
0 1
0
1
Rakesh_597

How multivalue of field can be extracted in the below mentioned event , all the events are in the same format, any solution/query ?

Filesystem Type Size Used Avail UsePct Mou...
by Rakesh_597 Engager in Splunk Search 11-16-2019
0 2
0
2
batemanj

where does splunk store output of shell scripts?

Hi, On Splunk forwarders, we have few shell scripts in "SPLUNK_HOME/etc/apps/my_app/bin/" that are being run. Just w...
by batemanj New Member in Splunk Search 11-16-2019
0 2
0
2
hraj05579

How to extract value using KV pairs?

Hello all, How I can extra value from my event? 23-Oct-2019 08:07:23 <TestCase1>23</TestCase1> 23-Oct-2019 08:07:23...
by hraj05579 New Member in Splunk Search 11-16-2019
0 2
0
2
dglass0215

How to create a search to find offline event that does not have a corresponding succeeding online event

Hello, I have a sourcetype which has data telling me if something goes offline and then when it comes online. I am ...
by dglass0215 Path Finder in Splunk Search 11-16-2019
0 4
0
4
fklink

simple table to count monthly and yearly

Hi together i have some events like: date product count_soled_today 2019-01-06 bike ...
by fklink New Member in Splunk Search 11-16-2019
0 4
0
4
Top Labels
Get Updates on the Splunk Community!

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...

Global Splunk User Group Events: May + June 2026

Your Splunk Community Awaits: Discover Upcoming User Group Events Worldwide    Staying ahead in the fast-paced ...