Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to generate a search to find which Splunk user and URL is generating queries?

I need queries like: which Splunk user generating the query? Output need [ Username, Time, Search Query] Which ...

by Explorer in

Help with creating an earliest/latest event table

(Using Splunk 6.1.2 for...reasons) Background: We send out a push notification to a third party. The third party s...

by Path Finder in

Use of Lookup with search query

Hi, I need some help related to a search query. My search query has a field called "holdings" which contain data like...

by Explorer in

Can someone help me with Regex or rex command?

I have a field name called Column1 with the following data below... Data1: |Transitioned to:Team1|Transition Reaso...

by Explorer in

Difference between _time and -indextime

Hi, We have splunk UF installed on our streamers. The splunk UF sends logs to splunk forwarder of our analytics s...

by Influencer in

How to calculate date based upon a patch lot value.

How can we apply below logic in splunk. We have the data in Splunk which is coming out as below. Host Patching ...

by Path Finder in

how to copy of entire splunk instances to another instance?

Hii Everyone, I want to move all the knowledge objects and everything from one splunk instance to another instance......

by Explorer in

Extract Fields Apache Logs

Hi i have raw data like this: 192.0.100.3 - - [30/Jul/2019:00:06:05 -0500] "GET /test/ HTTP/1.1" 403 207 "-" "Mozilla...

by New Member in

column name updated how to keep both query results ini same dashboard

Hi, index="spectrum" * | eval foo=_cd | rename "ns1.alarm.ns1.attribute{}.$" as value "ns1.alarm.ns1.attribute{}....

by Communicator in

Discrepany in total count

Hello guys, I have the following syntax and data: However, there is a discrepancy with the total count per ...

by Explorer in

How to produce multiple values graphs

We have a log of some metrics that look like this: 20:45:00 10.10.71.01 values : [12035313, 233658, 0, 0, 24249, 1...

by Loves-to-Learn in

What is wrong with this "map" command search?

I'm facing a very strange situation. I have simplified it to just where the problem is ocurring Check out the below 2...

by Motivator in

Help with Regex extracting fields

Can someone please help with extracting the bold highlighted field from below /07981368-d226-4cf6-8d88-9853c843bc...

by New Member in

Optimize repeat searches in append

I have a search in below format: index=xyz sourcetype=abc...|table code... |join code[search index=def ....] ...

by Builder in

timechart is continous - cannot ignore the timeframe of missing events.

one of our dashboards were using below query | timechart count span=1d cont=false in 6.6.4 Splunk enterprise, we c...

by Path Finder in

Display timechart by adding values from other panels

I have 3 panels. Each panel runs a query and displays the result in timechart. This works fine. Now , I would like t...

by Path Finder in

How to combine chart count for two fields in one search

Hi, Can any one help me adding two fields in one search I am seeing both fields in splunk selected fields but not ...

by Explorer in

How can I refine this search string to grab those for the whole year and add other Splunk commands to break them into common ‘buckets’ with counts for each type of error without duplicate error types?

How can I refine this search string to grab those for the whole year and add other Splunk commands to break them into...

by New Member in

help with CASE needed

by Builder in

adhoc searches : canceled remotely or expired

We are starting see issues with users running adhoc searches. While doing adhoc searches we are seeing the error: ...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to generate a search to find which Splunk user and URL is generating queries?

Help with creating an earliest/latest event table

Use of Lookup with search query

Can someone help me with Regex or rex command?

Difference between _time and -indextime

How to calculate date based upon a patch lot value.

how to copy of entire splunk instances to another instance?

Extract Fields Apache Logs

column name updated how to keep both query results ini same dashboard

Discrepany in total count

How to produce multiple values graphs

What is wrong with this "map" command search?

Help with Regex extracting fields

Optimize repeat searches in append

timechart is continous - cannot ignore the timeframe of missing events.

Display timechart by adding values from other panels

How to combine chart count for two fields in one search

How can I refine this search string to grab those for the whole year and add other Splunk commands to break them into common ‘buckets’ with counts for each type of error without duplicate error types?

help with CASE needed

adhoc searches : canceled remotely or expired

Introducing Edge Processor: Next Gen Data Transformation

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Using Machine Learning for Hunting Security Threats

How can I build a use case scenario for MFA login ...

Will Splunk searches using lookup get affected if ...

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?