Splunk Search

Discussions

Thread Info

How to trigger rs.slaveOk() from Splunk MongoDB (Hunk) app to query data from secondary instance

We have a requirement of querying MongoDB collections from secondary instance using Splunk MongoDB app (Hunk). The vi...

by Explorer in

Help with an API one shot search time discrepancy

I see significant search time discrepancy when I run a one-shot search via the python SDK as opposed to when I run th...

by Explorer in

Ignore or Remove characters from search results

I have a need to ignore specific characters in my search results. I'm assuming this can be done with REGEX or somethi...

by Contributor in

both stats and timechart gives different values

Hi all I was wondering if i can get some help in this. as I have some fields in stats and i want span=1w of that. wh...

by Path Finder in

How to allow user to enter a value that doesn't exist in a dropdown

I have a dropdown that reads from a lookup but would like to allow the user to enter in a value that doesn't exist in...

by Explorer in

Line graph: Count per hour with a trendline that plots the average count every 24 hours.

I have a line graph that displays the number of transactions per hour. I want a trendline to go with it, but I want i...

by Path Finder in

To compare today's Index size with yesterday's

I use the below query to find the index size, how can I modify the query to get the comparision between todays's inde...

by Builder in

Splunk display 0 when no results found from last x minutes

Hi Team, Need help in creating a query. I want to display 0 when no data/events found. But I am getting "No result...

by Path Finder in

Why is one interesting field not always displayed, and what change do we need to make to have this field always appear by default?

I am not always getting one interesting field, even though I have selected all fields from the fields bar on the left...

by Path Finder in

INTERESTING FIELDS missing in Search&Reporting app (default app)

HI Friends, In Search&Reporting app (default app) when I search anything, I see only 3 INTERESTING FIELDS coming ...

by Explorer in

How to aggregate data in an index

Right now we receive and store several data points per second in an index and do reporting on it. In the future we wo...

by New Member in

Can't query for Metrics

I have create a metric Index called "my_metric_index". I see, that the index is populated with events. I have adde...

by Engager in

How do I find the "Event" that directly proceeds the selected "Event"?

Let's say I perform this search: index=mysecretindex host=mysecrethost* source="/my.log" error-3005 Then say...

by Path Finder in

Need help with eval

my search query : index=index1"PrepareResponseTime= " | rex "PreResponseTime= (?[0-9]*) ms" | where PrepareResp...

by New Member in

Unable to stat the splunk indexer missing: /app/splunk/openssl directory

Hi, We are unable to start the our one of the indexer in cluster getting the below error. Can we copy the director...

by Explorer in

How to use Where condition in lookup .csv file

Hi, I have created a lookup file name file1.csv . There are two columns in the file "Application" and "Allow" and...

by Path Finder in

Can I map multiple groups to be bound to one role?

All, Can I map multiple AD groups to one role in authentication.conf? Example?

by Builder in

Help with Splunk search query and Lookup

Hi, I am struggling to form my search query along with lookup. So the scenarios is like this - I have a search query ...

by Explorer in

Join consecutive events in same index

Hi, I thought this would be easy but no! I'm doing the query below on the Sample data below but the FileTime_END valu...

by New Member in

Search results in dispatch command message "The minimum free disk space (18446744073709551615MB) reached"

Recently I migrated one of our indexers to a new machine. Sometimes searches result in the below message despite ...

by New Member in

Value in location field gets truncated when search is ran

Hi, In my Splunk logs, I have a field called location which stores values like" SINGAPORE (ABC) WASHINGTON DC (AB...

by New Member in

average count by day

I have a search looking for the events I want to look at. Then i want to have the average of the events per day. I...

by Motivator in

search.log: SearchEvaluator - using old evaluator

Seeing lots of "SearchEvaluator - using old evaluator" in search.log for TSTAT with DMA. Could someone please expl...

by Contributor in

Unable to calculate a difference after using mvindex with _time field

I am using a transaction to combine events and I want to calculate the difference in time between the two events. I a...

by New Member in

eval calculations

how to solve the above issue using eval function. (1 * 100) / (1 + 2) = % .

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to trigger rs.slaveOk() from Splunk MongoDB (Hunk) app to query data from secondary instance

Help with an API one shot search time discrepancy

Ignore or Remove characters from search results

both stats and timechart gives different values

How to allow user to enter a value that doesn't exist in a dropdown

Line graph: Count per hour with a trendline that plots the average count every 24 hours.

To compare today's Index size with yesterday's

Splunk display 0 when no results found from last x minutes

Why is one interesting field not always displayed, and what change do we need to make to have this field always appear by default?

INTERESTING FIELDS missing in Search&Reporting app (default app)

How to aggregate data in an index

Can't query for Metrics

How do I find the "Event" that directly proceeds the selected "Event"?

Need help with eval

Unable to stat the splunk indexer missing: /app/splunk/openssl directory

How to use Where condition in lookup .csv file

Can I map multiple groups to be bound to one role?

Help with Splunk search query and Lookup

Join consecutive events in same index

Search results in dispatch command message "The minimum free disk space (18446744073709551615MB) reached"

Value in location field gets truncated when search is ran

average count by day

search.log: SearchEvaluator - using old evaluator

Unable to calculate a difference after using mvindex with _time field

eval calculations

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

Join searches by hostname when one index has the s...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

Splunk Search

Are you a member of the Splunk Community?

Discussions