Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to use JSON subfields with the eval command?

My log entries consist of a single json object, like so: { Severity: "INFO", Message: { StatusCode: 200, Route: "/...

by Engager in

How to develop a table that displays top 10 counts, unique distinct counts, and total counts?

I have the following query to display top 10 counts, for example: sourcetype=IIS | top 10 URL This returns the...

by Explorer in

How to develop a search to find free disk space using Splunk for Windows server?

We have added the below code in out inputs.conf file for 50+ servers I am not sure on how to check the free space via...

by Path Finder in

Is this statement on Splunk search types correct?

I have found this entry in one of the blogs (non-Splunk). Do you think this statement is correct? The following ar...

by Explorer in

Is there an option to stop a search job after a certain time through Splunk REST API?

I have a Splunk search which takes long time to execute. I want to stop the Splunk job if it doesn't complete in a mi...

by Engager in

Why is my search resulting in error "Streamed search execute failed because: JournalSliceDirectory: Cannot seek to 0"?

While running the search index=networking | timechart count on Splunk v. 6.3.3, we are getting the following error: ...

by Builder in

How do I create a chart with the x-axis as processing time for transactions and the y-axis as number of events?

Location Processing Time (minutes) ----------- --------------------------- Central ...

by Explorer in

regex over multiline event

Hello, given the events i have to import in Splunk, i would like to extract the fields. My problem occurs with the...

by Explorer in

how to search only for current date?

hi, i need to know what i should insert into latesttime and earliesttime to specify search only for current day

by Contributor in

Clarification regarding pivot command

Hey all, I've just encountered the pivot command for the first time and after reading through the Splunk page on i...

by Communicator in

Is conditional background coloring possible in Splunk charts?

Hi Team, Can any one help me to know if conditional coloring is possible in Splunk Charts as shown in the below im...

by Communicator in

Need Regex help in parsing specific fields

String is ----------------- OfferRedeemedRequest [partnerID=1234, partnerName=MCenter, messagePriority=9, userID=2a28...

by Explorer in

How to modify my search to sort date values in order to populate a check box form?

Hello, Splunk rookie here, I have a field in my data set that shows a date (ie. 06/26/2016) which I have used to ...

by New Member in

How to edit my filtering search using a select drop-down value to improve performance?

Dear All, I have a small performance problem and I'd like to know if someone can help me. I have a basic dashboard...

by Engager in

How to incorporate metadata command in my lookup table to be able to view time offline?

I have a few searches I have added a lookup table to. All of them work, but one. The one below uses metadata and I'm ...

by Path Finder in

Calculate percentage of multiple values, different events

I am trying to display the percentage of Total Modems against Total Modems on Card 0. The XML I am given unfortuna...

by Path Finder in

How do I modify this regular expression syntax?

I have a field with value like this (R14760) 16.5.2 - FRI, 27 MAY 2016 13:46:07 EDT I want to extract 16.5.2 into ...

by Explorer in

What does the "percent" column of top limit search represents?

This is a pretty basic question but seems like something is amiss with the result I am getting. My search is as follo...

by Communicator in

How to modify my search to calculate availability of multiple applications?

I'm looking into creating equal availability across the board for different applications that are all being tested by...

by Engager in

How to convert time from file to timestamp

Hello I have a extracted field from the raw data including time data like: 16.09.23;11:05:11:652 Now I want ...

by Path Finder in

Splunk Search

Discussions

How to use JSON subfields with the eval command?

How to develop a table that displays top 10 counts, unique distinct counts, and total counts?

How to develop a search to find free disk space using Splunk for Windows server?

Is this statement on Splunk search types correct?

Is there an option to stop a search job after a certain time through Splunk REST API?

Why is my search resulting in error "Streamed search execute failed because: JournalSliceDirectory: Cannot seek to 0"?

How do I create a chart with the x-axis as processing time for transactions and the y-axis as number of events?

regex over multiline event

how to search only for current date?

Clarification regarding pivot command

Is conditional background coloring possible in Splunk charts?

Need Regex help in parsing specific fields

How to modify my search to sort date values in order to populate a check box form?

How to edit my filtering search using a select drop-down value to improve performance?

How to incorporate metadata command in my lookup table to be able to view time offline?

Calculate percentage of multiple values, different events

How do I modify this regular expression syntax?

What does the "percent" column of top limit search represents?

How to modify my search to calculate availability of multiple applications?

How to convert time from file to timestamp

Splunk Add-on for microsoft cloud services not get...

Scheduling the training set in MLTK

Automatic Lookup local=true

Error - In handler 'savedsearch': Expecting differ...

ldapfilter does not return all attributes