Splunk Search

Ask a Question

Discussions

Thread Info

Unable to build query using append/appendpipe to get desired percentage of stats

Given: index=log category=Price | eval PriceStatus=case(activity=="approve" AND event=="complete", "Price Approve...

by Engager in

How to write custom Text for a Search result?

For my Dashboard I ping a Source and want to see to Text-States: UP or DOWN. My search statement looks similar lik...

by Explorer in

field value is being extracted as fieldname in regex

I am trying to extract xml fields using regex but I am encourtering this issue for this specific tags, It is working ...

by Path Finder in

How to sort search results by numbers

The rounding of search results has already been discussed numerously. But unfortunately, it doesn't work for me. I wa...

by Explorer in

showing result quarterly

I am new in splunk i want to calculate the quarter data based on all people and what are the highest planned and lowe...

by New Member in

Missing original value after using distinct query

Hi, I am having the following issue that need your help. The scenario is: I am working on the report of firewall data...

by New Member in

Unique requests

Need creating a search query for Splunk that results in a list of unique requests that have been completed.

by Engager in

How to get count of multiple strings with common index and source type?

I'm trying to create a dashboard which will display pie-charts from different results. For this, I've multiple string...

by Explorer in

Does the Trellis visualisation work with real time searches?

I am attempting to make a trellis visualization off the sample data : * clientip=* | iplocation clientip | looku...

by Path Finder in

Get average connections for the past few days, compare to current connections

I have the following search, I'm trying to get it to show the src, dst, current amount of connections, and then an av...

by Path Finder in

Splunk not able to recognize the JSON file source type and index it

I am trying to monitor a folder containing JSON files in it. But, I observed that files are not getting indexed. Whe...

by New Member in

search peers sick

Hi im having this issue : The times on the system clocks for the machines running this search head and the intende...

by Builder in

timechart with WHERE clause not behaving as expected

I have a fairly straightforward query using timechart to count the top 10 users triggering an event. ( Sanitized ) ...

by New Member in

start a search certain number of hours/days/weeks from time picker set value

Good day everyone, I am dealing with a challenge and really hope i can get an answer here. I am running a Join search...

by Path Finder in

Unable to extract common values by joining indexes?

index=abc sourcetype=xyz | eval is_passed=if(label=="PASS", 1, 0) | eval is_failed=if(label=="FAIL", 1, 0) | stats...

by Explorer in

About usage of {} in eval

I recently saw the manual of eval, and I found the following description. To specify a field name with multiple wo...

by Builder in

Getting the wrong fields extracted from my props and transforms conf files

So i'm trying to extract and ip address from a multi-value field and my transforms stanza is something along these li...

by Explorer in

how to find third largest salary from a salary field

Please help me in Finding the 3rd or nth largest value from a field... SALARY 10000 30000 20000 80000 60000 930...

by Engager in

Getting data from seperate searches where fields are not the same name

I have two searches, one that gives me a table: index="netapp_snapmirror_reports" source="/var/tmp/netapp_snapmirr...

by Path Finder in

Can a field value of any column but used as a fieldname in eval?

I have a field as field1, and field2 which is an indexed event: Field1 1.A 2.B and another table I have as mat...

by Observer in

Using a column of field names to dynamically select fields for use in eval expression

Hi. Suppose my search generates the first 4 columns from the following table: field1 field2 field3 lookup r...

by New Member in

Search Question: Event Sampling

Does anyone know of a good way to pull one event of a specific eventcode/type when searching for multiple eventcodes?...

by Builder in

extract no.

hi all I have events in json format need to extract number from this sip:+1234566@12.23.34.45 example: i need +1234...

by Path Finder in

How to add counts and sum from different fields

Hi, New to Splunk and still trying to get to grips with it. I am trying to present a single table with the followi...

by Engager in

How to Find Standard Deviation of a Daily Volume?

I'm trying to find the standard deviation of the daily volume of traffic per host. index=index sourcetype=sourcetype ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Unable to build query using append/appendpipe to get desired percentage of stats

How to write custom Text for a Search result?

field value is being extracted as fieldname in regex

How to sort search results by numbers

showing result quarterly

Missing original value after using distinct query

Unique requests

How to get count of multiple strings with common index and source type?

Does the Trellis visualisation work with real time searches?

Get average connections for the past few days, compare to current connections

Splunk not able to recognize the JSON file source type and index it

search peers sick

timechart with WHERE clause not behaving as expected

start a search certain number of hours/days/weeks from time picker set value

Unable to extract common values by joining indexes?

About usage of {} in eval

Getting the wrong fields extracted from my props and transforms conf files

how to find third largest salary from a salary field

Getting data from seperate searches where fields are not the same name

Can a field value of any column but used as a fieldname in eval?

Using a column of field names to dynamically select fields for use in eval expression

Search Question: Event Sampling

extract no.

How to add counts and sum from different fields

How to Find Standard Deviation of a Daily Volume?

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions