Splunk Search

Discussions

Thread Info

How to aggregate data in an index

Right now we receive and store several data points per second in an index and do reporting on it. In the future we wo...

by New Member in

Can't query for Metrics

I have create a metric Index called "my_metric_index". I see, that the index is populated with events. I have adde...

by Engager in

How do I find the "Event" that directly proceeds the selected "Event"?

Let's say I perform this search: index=mysecretindex host=mysecrethost* source="/my.log" error-3005 Then say...

by Path Finder in

Need help with eval

my search query : index=index1"PrepareResponseTime= " | rex "PreResponseTime= (?[0-9]*) ms" | where PrepareResp...

by New Member in

Unable to stat the splunk indexer missing: /app/splunk/openssl directory

Hi, We are unable to start the our one of the indexer in cluster getting the below error. Can we copy the director...

by Explorer in

How to use Where condition in lookup .csv file

Hi, I have created a lookup file name file1.csv . There are two columns in the file "Application" and "Allow" and...

by Path Finder in

Can I map multiple groups to be bound to one role?

All, Can I map multiple AD groups to one role in authentication.conf? Example?

by Builder in

Help with Splunk search query and Lookup

Hi, I am struggling to form my search query along with lookup. So the scenarios is like this - I have a search query ...

by Explorer in

Join consecutive events in same index

Hi, I thought this would be easy but no! I'm doing the query below on the Sample data below but the FileTime_END valu...

by New Member in

Search results in dispatch command message "The minimum free disk space (18446744073709551615MB) reached"

Recently I migrated one of our indexers to a new machine. Sometimes searches result in the below message despite ...

by New Member in

Value in location field gets truncated when search is ran

Hi, In my Splunk logs, I have a field called location which stores values like" SINGAPORE (ABC) WASHINGTON DC (AB...

by New Member in

average count by day

I have a search looking for the events I want to look at. Then i want to have the average of the events per day. I...

by Motivator in

search.log: SearchEvaluator - using old evaluator

Seeing lots of "SearchEvaluator - using old evaluator" in search.log for TSTAT with DMA. Could someone please expl...

by Contributor in

Unable to calculate a difference after using mvindex with _time field

I am using a transaction to combine events and I want to calculate the difference in time between the two events. I a...

by New Member in

eval calculations

how to solve the above issue using eval function. (1 * 100) / (1 + 2) = % .

by New Member in

AD FS ip field extraction

Stuck on regex question for Ad FS logs. I am trying to extract all ips following a field ("Client IP: ") in a AD FS l...

by Engager in

Convert Transaction Search

I made the following search to group exceptions together that happened within 1 second but I want to be able to view ...

by Explorer in

Read CSV and use with index info

(first four rows) JOB_NAME,Description ATUALIZACAOATIVOS,BATCH-PRO-AGRO BLOQUEIO-EMISSORES,BATCH-PRO-AGRO CONCATENAPD...

by Explorer in

Timechart fillnull with append search

So, I'm trying to come up with a way to compare data from this year and last year into a Single Value Graph but I am ...

by Engager in

I am getting mostly info=denied events for specific users while searching for _audit index. While user can no longer query any indexes. Does that info indicates permission issues? or something else.

I am getting info=denied events for specific users while searching for _audit index. What is the significance of this...

by Explorer in

How to generate a search to find which Splunk user and URL is generating queries?

I need queries like: which Splunk user generating the query? Output need [ Username, Time, Search Query] Which ...

by Explorer in

Help with creating an earliest/latest event table

(Using Splunk 6.1.2 for...reasons) Background: We send out a push notification to a third party. The third party s...

by Path Finder in

Use of Lookup with search query

Hi, I need some help related to a search query. My search query has a field called "holdings" which contain data like...

by Explorer in

Can someone help me with Regex or rex command?

I have a field name called Column1 with the following data below... Data1: |Transitioned to:Team1|Transition Reaso...

by Explorer in

Difference between _time and -indextime

Hi, We have splunk UF installed on our streamers. The splunk UF sends logs to splunk forwarder of our analytics s...

by Influencer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to aggregate data in an index

Can't query for Metrics

How do I find the "Event" that directly proceeds the selected "Event"?

Need help with eval

Unable to stat the splunk indexer missing: /app/splunk/openssl directory

How to use Where condition in lookup .csv file

Can I map multiple groups to be bound to one role?

Help with Splunk search query and Lookup

Join consecutive events in same index

Search results in dispatch command message "The minimum free disk space (18446744073709551615MB) reached"

Value in location field gets truncated when search is ran

average count by day

search.log: SearchEvaluator - using old evaluator

Unable to calculate a difference after using mvindex with _time field

eval calculations

AD FS ip field extraction

Convert Transaction Search

Read CSV and use with index info

Timechart fillnull with append search

I am getting mostly info=denied events for specific users while searching for _audit index. While user can no longer query any indexes. Does that info indicates permission issues? or something else.

How to generate a search to find which Splunk user and URL is generating queries?

Help with creating an earliest/latest event table

Use of Lookup with search query

Can someone help me with Regex or rex command?

Difference between _time and -indextime

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

Your summer travels continue with new course releases

From Alert to Resolution: How Splunk Observability Helps SREs Navigate Critical ...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions