Splunk Search

Discussions

Thread Info

Splunk Daemonset for kubernetes not indexing data due to read only filesystem

I have configured splunk daemonset for k8s cluster. Agent logs are flowing. However the application logs are not gett...

by Loves-to-Learn in

Challenges Joining tables and returning values from both indexes

Hello, Based on some suggested changes by @jawaharas I was able to successfully lookup the value of user from the ...

by Path Finder in

how to get the first event time and last event time for field value

Hi Splunkers, My events will look like below. 2019-08-06 10:14:00 TYPE="PLB_1", STATUS="true", CAR="A", PLACE="...

by Path Finder in

How to sum values from specific rows to then display in pie graph

Hey guys, I'm trying to add the values that correspond to specific rows in a search, to then display on a dashboar...

by Engager in

Comparing/Merging/Grouping timestamp with timespan

Hey there! I have logs from two different sources in one search. One source provides a time range, while the other...

by Path Finder in

Help with splunk query, searchmatch finding false positives

Hey All, Very new to using splunk and love the power of dashboards. I'm executing the following index=my_app...

by Engager in

Does splunk support forwarding data from an IBM IFS (Integrated file system)?

Hello, There is an Add-on or connector in splunk to forward data from IFS (Integrated File System) IBM ? Than...

by Path Finder in

How to trigger rs.slaveOk() from Splunk MongoDB (Hunk) app to query data from secondary instance

We have a requirement of querying MongoDB collections from secondary instance using Splunk MongoDB app (Hunk). The vi...

by Explorer in

Help with an API one shot search time discrepancy

I see significant search time discrepancy when I run a one-shot search via the python SDK as opposed to when I run th...

by Explorer in

Ignore or Remove characters from search results

I have a need to ignore specific characters in my search results. I'm assuming this can be done with REGEX or somethi...

by Contributor in

both stats and timechart gives different values

Hi all I was wondering if i can get some help in this. as I have some fields in stats and i want span=1w of that. wh...

by Path Finder in

How to allow user to enter a value that doesn't exist in a dropdown

I have a dropdown that reads from a lookup but would like to allow the user to enter in a value that doesn't exist in...

by Explorer in

Line graph: Count per hour with a trendline that plots the average count every 24 hours.

I have a line graph that displays the number of transactions per hour. I want a trendline to go with it, but I want i...

by Path Finder in

To compare today's Index size with yesterday's

I use the below query to find the index size, how can I modify the query to get the comparision between todays's inde...

by Builder in

Splunk display 0 when no results found from last x minutes

Hi Team, Need help in creating a query. I want to display 0 when no data/events found. But I am getting "No result...

by Path Finder in

Why is one interesting field not always displayed, and what change do we need to make to have this field always appear by default?

I am not always getting one interesting field, even though I have selected all fields from the fields bar on the left...

by Path Finder in

INTERESTING FIELDS missing in Search&Reporting app (default app)

HI Friends, In Search&Reporting app (default app) when I search anything, I see only 3 INTERESTING FIELDS coming ...

by Explorer in

How to aggregate data in an index

Right now we receive and store several data points per second in an index and do reporting on it. In the future we wo...

by New Member in

Can't query for Metrics

I have create a metric Index called "my_metric_index". I see, that the index is populated with events. I have adde...

by Engager in

How do I find the "Event" that directly proceeds the selected "Event"?

Let's say I perform this search: index=mysecretindex host=mysecrethost* source="/my.log" error-3005 Then say...

by Path Finder in

Need help with eval

my search query : index=index1"PrepareResponseTime= " | rex "PreResponseTime= (?[0-9]*) ms" | where PrepareResp...

by New Member in

Unable to stat the splunk indexer missing: /app/splunk/openssl directory

Hi, We are unable to start the our one of the indexer in cluster getting the below error. Can we copy the director...

by Explorer in

How to use Where condition in lookup .csv file

Hi, I have created a lookup file name file1.csv . There are two columns in the file "Application" and "Allow" and...

by Path Finder in

Can I map multiple groups to be bound to one role?

All, Can I map multiple AD groups to one role in authentication.conf? Example?

by Builder in

Help with Splunk search query and Lookup

Hi, I am struggling to form my search query along with lookup. So the scenarios is like this - I have a search query ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Splunk Daemonset for kubernetes not indexing data due to read only filesystem

Challenges Joining tables and returning values from both indexes

how to get the first event time and last event time for field value

How to sum values from specific rows to then display in pie graph

Comparing/Merging/Grouping timestamp with timespan

Help with splunk query, searchmatch finding false positives

Does splunk support forwarding data from an IBM IFS (Integrated file system)?

How to trigger rs.slaveOk() from Splunk MongoDB (Hunk) app to query data from secondary instance

Help with an API one shot search time discrepancy

Ignore or Remove characters from search results

both stats and timechart gives different values

How to allow user to enter a value that doesn't exist in a dropdown

Line graph: Count per hour with a trendline that plots the average count every 24 hours.

To compare today's Index size with yesterday's

Splunk display 0 when no results found from last x minutes

Why is one interesting field not always displayed, and what change do we need to make to have this field always appear by default?

INTERESTING FIELDS missing in Search&Reporting app (default app)

How to aggregate data in an index

Can't query for Metrics

How do I find the "Event" that directly proceeds the selected "Event"?

Need help with eval

Unable to stat the splunk indexer missing: /app/splunk/openssl directory

How to use Where condition in lookup .csv file

Can I map multiple groups to be bound to one role?

Help with Splunk search query and Lookup

Can’t make it to .conf25? Join us online!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!