Splunk Search

Ask a Question

Discussions

Thread Info

Calculating Percentage

Hello! I'm having trouble with the syntax and function usage... I am trying to have splunk calculate the percentag...

by Path Finder in

Search for field range of numbers inside of case statement

Greetings! Hoping there is an easier way to write this sequential host list such as (host = "vlt(01 through 16)-sh...

by Engager in

Converting date to epoch time

Hi I'm trying to convert a certain date to epoch time to calculate it with the current time. But for some reason i...

by Path Finder in

How does the pairing work in a transaction?

This one relates to How can we deal with a negation of a transaction? We have this code - (index=wineventlog ...

by Motivator in

how can pass a date to search index to pull the incremental data

i am trying to pull the data from splunk index using python and it triggers every 5 min. So i need to fetch the new d...

by New Member in

How to extract missing event date from header

Hello, I'm trying to index a log in the IIS W3C Extended Log Format. The date information in each event is missing, b...

by New Member in

First Everyday

There are multiple CSVs which I generate on a daily basis. Each CSV has some critical data & has 2 columns - _time & ...

by Contributor in

How to get only latests events from an events set ?

Hello Splunkers ! We need your help, as we didn't found any answers solving our issue  We will be so grateful...

by Explorer in

How to chart with multiple values on legend

I want to have different values in the legend of a column and that the yaxis is a specific value of this legend. ...

by New Member in

Search based on two searches where one field from one search subtracts results from the other search

So i have logs coming from two different applications. They both both track certain customer requests. They both have...

by New Member in

lookup multiple fields and tables

I have a two part question about lookup tables: Q1 - I have a 1 lookup table that has multiple fields. Sometimes t...

by Path Finder in

Search comma surrounded phrase in _raw using rex

In the logged data: ....,en,us,....(one record) ....,en,in,.....(another record) (Here .... represents string data...

by New Member in

How to extract a string from a field that contains letters, numbers and characters?

731/5000 How to extract a field that can contain letters, numbers and characters, as in the example below? The field...

by Path Finder in

How to filter events for hosts with wildcard in a search querry.

Hello all, I am new to Splunk, so please excuse any gaps in my knowledge :). I am trying to create customized aler...

by New Member in

field extraction

I have a filed that has value something like this: ww.abcd.hongkong ww.abcd.cn ww.abcd.asiaenglish.ph ww.abc.us ...

by Contributor in

Sum of a multivalue field inside a row

Sum of a multivalue field inside a row Hi below is how my processed data look like And the expected outpu...

by Explorer in

Avg of past data vs current product data.

I have product family pens, we release a new pen named blue. I want to compare avg sales of pens in past 24hrs with s...

by Contributor in

Lookup table of key=value limits with a random assignment of key=value fields indicating consumption with different field names

I have a lookup table that has information such as resources_available_queue_a=1000 resources_available_queue_b=23...

by Contributor in

Fix table header and add vertical scrollbar using CSS and JavaScript

Hi All, I want to display 100 rows results in table per page with vertical scrollbar and fix the header when we mo...

by Super Champion in

Display the top 5 line chart field values

I'm having some trouble with getting the top 5 line values on a line chart. My current search is below index=db s...

by Path Finder in

Column width adjustable table

Morning all, Im sure this may have been answered in the past, but is there away to have a table in splunk that you...

by Path Finder in

How to create a sub-search that looks for events 10 mins earlier

index=windows sourctype=bla EventCode=g host=abc user=cvb NOT [ search index=email |table _time,host |fields _time, ...

by Engager in

KV_Mode against Constant value host fields

I have a new data source that extracts quite well using KV_mode = auto (or KV_Mode=json). The data itself is a si...

by Explorer in

Field extraction

I have field in my raw events src = https://www.abcd.com/shop/buy-laptop/dell-200 src= https://www.abcd.com/shop/...

by Contributor in

How to alert when a deviation has been detected in volume between two time periods?

I currently use the following query to compare volume counts between current day and a week ago: sourcetype=abc in...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Calculating Percentage

Search for field range of numbers inside of case statement

Converting date to epoch time

How does the pairing work in a transaction?

how can pass a date to search index to pull the incremental data

How to extract missing event date from header

First Everyday

How to get only latests events from an events set ?

How to chart with multiple values on legend

Search based on two searches where one field from one search subtracts results from the other search

lookup multiple fields and tables

Search comma surrounded phrase in _raw using rex

How to extract a string from a field that contains letters, numbers and characters?

How to filter events for hosts with wildcard in a search querry.

field extraction

Sum of a multivalue field inside a row

Avg of past data vs current product data.

Lookup table of key=value limits with a random assignment of key=value fields indicating consumption with different field names

Fix table header and add vertical scrollbar using CSS and JavaScript

Display the top 5 line chart field values

Column width adjustable table

How to create a sub-search that looks for events 10 mins earlier

KV_Mode against Constant value host fields

Field extraction

How to alert when a deviation has been detected in volume between two time periods?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!