Splunk Search

Ask a Question

Discussions

Thread Info

From epoch to _time for make a timechart based search.

Hello! i hope you can help me with this. I´m trying to set as _time an epoch field located at "rt" field. ...

by Path Finder in

Splitting a column into two "even column index" and "odd column index"

Hello, I have a column looking like this: Value 1.234 2.456 7.223 0.765 ... Preliminary I know that each first ...

by Engager in

help on appendcols subsearch

hi I use the search below in order to calculate a percentage but I have a wrong result I am explaining When I exec...

by Motivator in

Deploy model from mltk toolkit experiment to predict next 5 values

Hello Colleagues, I created an experiment to predict the numerical values and have a model generated / published. ...

by Builder in

Splunk calculate sequential sum for every timestamp

Hello, I would like to create fields (or a field with multiple values) which represents the sum for each timestamp. ...

by Path Finder in

How to preventy hyphens in fieldnames with KV_MODE JSON?

Hi everybody, I am extracting nested JSON with KV_MODE = JSON, which seems to work correctly. My problem is, I am ...

by Communicator in

ERROR SearchParser

ERROR SearchParser - The search specifies a macro 'bcoat_request' that cannot be found. Reasons include: the macro na...

by Explorer in

How to use a value without including it in search results

I am running a map command off of an initial search. The map ends with a sendemail command which sends a table of res...

by Explorer in

Why isn't this regex working on /var/log?

Hi, I'm using a Single Instance of Splunk 6.6.2 and I've tried filtering some events of my log using the code belo...

by Contributor in

Good unix way check if splunkd and splunkweb are running

What's a good Unix-y way to check whether splunkd and splunkweb are running? (I know the bin/splunk command does this...

by Explorer in

How to apply color to a field with multiple values appended together?

JobExecutionTime 2652.180000 3462.840000 823.780000 I have a field named JobExecutionTime and i have it as a list...

by Explorer in

where in splunk do I find the CLI for Rest API

I have logged in and "installed" the Rest APi App I cant seem to find where to go to use it?

by New Member in

How to calculate the difference between two fields on two paired events matched via the contents of a third field?

Trying to calculate out a "TransactionTime" time by pairing two events by one matching field (ECID) and then working ...

by Explorer in

How to run stats for just user and return values for other fields?

I have the following search looking for > three login attempts with > 0 successes and two or > failures by user, src,...

by Influencer in

Could not construct lookup

Hi, I'm having an issue with a splunk lookup and I can't work out what the issue is. I have a lookup file, that am...

by Explorer in

Why only one condition works for where clause in a tstats search

Hi Splunkers, when I set 2 conditions for the same field to where stanza - I get 0 results. Example: | tstats sum...

by Contributor in

How to create a search to alert me when a user is part of one or more groups in a specific OU?

I'm having trouble writing a query in splunk to notify me when a user has been added to one or more groups in a speci...

by New Member in

How do I subtract values from different events and fields based on a common field?

Please help, I'm stuck on this problem for a while. Basically, lets say I have different events with fields like this...

by New Member in

Sorting Question for joins

I have been trying to sort this and I can not seem to be able to get it. index=uberagent* sourcetype=uberAgent:Sy...

by Explorer in

how to exclude sending logs to heavy forwarder which ends with a specific string using transforms.conf in cluster master?

The following are my transforms.conf and props.conf in my cluster master transforms.conf [send_to_heavyforwar...

by Builder in

After configuring LDAP authentication with AD groups. Few users are unable to login although they belong to same AD group.

We have newly setup the Splunk Environment in AWS platform where we have used LDAP authentication method and created ...

by New Member in

Can you help me extract the following field using regular expression?

I want to extract the Autosys_Job from the below log snippet and so used the below rex. Log Snippet : Query : ...

by Explorer in

Is it possible to define multiple evals as default for each search?

Hi, I would like to know whether it is possible to perform something like this per default for each and every sear...

by Motivator in

Rounding off percentage values in pie chart not working?

I displayed the percentage values by enabling this: <option name="charting.chart.showPercent">1</option> And...

by Engager in

Calculate average on two different times

I want to get a 7 day and 30 day average in a single search. sourcetype="businessService" OR sourcetype="bpmservice-...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

From epoch to _time for make a timechart based search.

Splitting a column into two "even column index" and "odd column index"

help on appendcols subsearch

Deploy model from mltk toolkit experiment to predict next 5 values

Splunk calculate sequential sum for every timestamp

How to preventy hyphens in fieldnames with KV_MODE JSON?

ERROR SearchParser

How to use a value without including it in search results

Why isn't this regex working on /var/log?

Good unix way check if splunkd and splunkweb are running

How to apply color to a field with multiple values appended together?

where in splunk do I find the CLI for Rest API

How to calculate the difference between two fields on two paired events matched via the contents of a third field?

How to run stats for just user and return values for other fields?

Could not construct lookup

Why only one condition works for where clause in a tstats search

How to create a search to alert me when a user is part of one or more groups in a specific OU?

How do I subtract values from different events and fields based on a common field?

Sorting Question for joins

how to exclude sending logs to heavy forwarder which ends with a specific string using transforms.conf in cluster master?

After configuring LDAP authentication with AD groups. Few users are unable to login although they belong to same AD group.

Can you help me extract the following field using regular expression?

Is it possible to define multiple evals as default for each search?

Rounding off percentage values in pie chart not working?

Calculate average on two different times

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions