Splunk Search

Discussions

Thread Info

What is this Where clause by time doing?

Is this requesting all the records, from 3 minutes ago? index="my_index" source="bandstats" recordType="core" ...

by Explorer in

How to find the duration for order submission to each suborder process.

I am working for a product where I will have one order number, it has multiple suborders. Once each suborder processe...

by New Member in

How do I divide a columns number by two?

The code belows displays a column showing the amount of times the string "GetPolicy.doPost(56)" occurs. I want to div...

by Explorer in

S2: Receiving search error message

My customers are getting error below for their searches; [splunk-idx-1] Streamed search execute failed because: E...

by Splunk Employee in

Need assist with regex for extractions

I am trying to get some name space information from the clients inputs. the value I want is namespaceName. I am unfam...

by Path Finder in

How do you compare multiple events to filter out the same host with different field values?

I have alert logs coming in from an AV tool and when a tech is working on an alert assigned it to themselves, it gene...

by Explorer in

Can I use the same search but divide the results of one time frame with another?

How can I use the same search to divide the results of a specific time frame with the total daily sum to get a percen...

by New Member in

How to extract only the first three octets of the IP address instead of the whole address?

I have the below command to extract the top 100 IP addresses. How can I modify the search to extract only the first t...

by Path Finder in

Search for daily indexing rate per sourcetype and list the specific indexes

Hello all, I just came onto a new job and we're trying to figure out the daily indexing rate broken down by source...

by Path Finder in

ldap seach with a wildcard

I have a search below that works fine, but I would like to add a wildcard to it. This search works | ldapsearch do...

by Path Finder in

How to read and write data to CSV lookup?

Hi, I must write and read data from lookup files. Example: cn,srcip,destip,owner "Canada","207.188.75.136","192.1....

by Engager in

Splunk rex field extraction issue

Hi Guys, I have to extract one field from the below log and i tried this regex in https://rubular.com/ "(?<=^4Nett...

by New Member in

Timechart duration, with values rolling into next span

I am running the below search to get a sum of starvation per 15 minute period. The problem I am having, is that durat...

by Path Finder in

intermediate storing of the results

Hello, I have a dbxquery, that returns a table, where I am interested in one column, let us say c1. Then in my sea...

by Builder in

How to configure indexer, search head, deployment

Hello, I am new to splunk and learning it . My question is when we install splunk what are things to be done if ne...

by New Member in

Optimize Nested Search

This search is slow (our dns logs are large). index=winlogs sourcetype=dns | eval dottedquestion=replace(replace(q...

by Path Finder in

How to group a list per Index/object?

Hi, I would like to ask for help in grouping a list per Index/object. I have tried using tables but the values ar...

by New Member in

Get the roles from rest API and set to field in search

I need to get the roles assigned to current logged in user and set the value to filed in search. Anybody has any idea...

by Path Finder in

Compare Current Field Value to 24 Hour Average

So I am currently trying to compare the average value of a field is using 7 days of events to what the value is curre...

by Path Finder in

How to create a regex that extracts date and time from the description field?

I have 1000 of text entities under the description field, and I want to write a regex for it and put to a different e...

by New Member in

see results of a rex command

i have this rex code to extract the string from an event field: | rex "(?\d{1,2})\s+hours?\s+ago" | eval process=...

by Explorer in

Eval Statement for today plus 7 days?

All, Quick one I am stuck on. I want an EVAL statement that takes _indexedtime and adds 7 days to it and creates ...

by Builder in

Query to get results from multiple indexes?

I've 2 indexes "abc" and "def". There is a field "account_number" in index "abc" and a field "Emp_nummber" in index "...

by Explorer in

error: 'lookup-table-files': File is binary and not gzipped

Hi, I am trying to add a new lookup table using the GUI and get the above error. I looked at the file with a hex edit...

by Explorer in

SPL query to replace ALL values in a field with "Hello World"

I'm trying to write a simple query to replace all of the values in a field (let's call this field my_field) with a si...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

What is this Where clause by time doing?

How to find the duration for order submission to each suborder process.

How do I divide a columns number by two?

S2: Receiving search error message

Need assist with regex for extractions

How do you compare multiple events to filter out the same host with different field values?

Can I use the same search but divide the results of one time frame with another?

How to extract only the first three octets of the IP address instead of the whole address?

Search for daily indexing rate per sourcetype and list the specific indexes

ldap seach with a wildcard

How to read and write data to CSV lookup?

Splunk rex field extraction issue

Timechart duration, with values rolling into next span

intermediate storing of the results

How to configure indexer, search head, deployment

Optimize Nested Search

How to group a list per Index/object?

Get the roles from rest API and set to field in search

Compare Current Field Value to 24 Hour Average

How to create a regex that extracts date and time from the description field?

see results of a rex command

Eval Statement for today plus 7 days?

Query to get results from multiple indexes?

error: 'lookup-table-files': File is binary and not gzipped

SPL query to replace ALL values in a field with "Hello World"

Fall Into Learning with New Splunk Education Courses

Super Optimize your Splunk Stats Searches: Unlocking the Power of tstats, TERM, and ...

How Splunk Observability Cloud Prevented a Major Payment Crisis in Minutes

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions