Splunk Search

Discussions

Thread Info

how to find the total time taken by a search to finish the run for both adhoc and saved searches

Hi, i want to find out the total run time of both ad-hoc and saved searches. I checked in _audit index to find out th...

by Explorer in

Average of value during last running state

I am having data as shown in the below image, Is there a way i can get the avg of output considering the d...

by Explorer in

How to get the earliest _time of each column hit 100%

Hi , i have produced output below using predict command . _time Prediction(hostA) Prediction(HostB) Prediction(H...

by New Member in

How to run searches based on lookup table details

Hi I'm trying to match a table list of tasks for a client with a task run result. The table task shows if the task is...

by New Member in

Splunk help

by New Member in

rex pattern to create a field

Hi, I have this string in the log. 439 XObk5g6CUI62-gr3UIKfXAAAAAs 1@43465473@A and I want to create a field ou...

by New Member in

Normalise the values of a field and joining the event count of the field values

Hi, I have a list of Tenants and the data is being pulled from Jira labels. Some of the labels have not been spell...

by New Member in

how to extract multiple values into one field

I have windows logs in below format, and not able to extract single field for merged text value. I want to create a f...

by Path Finder in

How to extract a field using rex?

This is the string in the log I 2019-05-23 18:22:38.984Z 7881 216 XObk7A6CU-I62gr3UIKfXQAAAAs 1@43465473@A WPB-Log...

by New Member in

How to create transaction based on event data?

So I'm trying to build a transaction based on events I am getting from a log. I'm struggling how to set the transacti...

by Communicator in

how remove extra new line?

i need that all lines will be one line, without newline

by New Member in

How to create a search to get a list of Indices?

Hello Splunkers, I am relatively new with Splunk and was wondering if someone out there can please tell me which ...

by New Member in

how to write splunk query for watching abuse of a service account?

Hello, I want to write a detection for watching abuse of a service being used. How to do i start writing the logic...

by New Member in

How to sort a column chart to view the top 10 values?

Hi, I try to make a column chart using this search: index=webtrafic | rename ProcessName AS RootObject.Process...

by Communicator in

Splunk SDK - Search String with parameter having Spaces

By using Splunk SDK, able to use the below search string and get the results from SPlunk String searchQuery_string = ...

by Explorer in

In a datamodel search why are tstats and stats results not the same?

hello splunker. i changed search to datamodel search(tstats) for speed up. but, stats and tstats result are sl...

by Explorer in

Rex to parse key/value tags in splunk

Hello all, Please help me with some regular expression. This is the text: {"Value": "arn:aws:cloudformation:us-west-2...

by New Member in

Avg Day of Week does not show up, when no result found

Hello, I`m trying to find a solution for this problem. The result of the following SPL query should show every day...

by Explorer in

Can I execute several functions with a single (perhaps custom) command?

Based on the statistical data we have to generate, we normally have to type out many functions like so: search str...

by Explorer in

Why does WinNetMon report Protocol ID=58 as SIP?

WinNetMon maps protocol #58 to "SIP", but according to IANA, #58 is "IPv6-ICMP"? Seems fine for others: 17=UDP,6=T...

by Path Finder in

list all fields within a sourcetype

Hi, Is there a way to display all fields being used by a sourcetype, without the values?

by Champion in

How to attain a list with all the fields in which a certain string appears?

For example, given the fields and values: field1=A123 field2=baba field3=A123B field4=bA123 I want a list with...

by New Member in

How to troubleshoot eval expressions?

I'm new to Splunk, and I am trying to figure out how the eval command works in searches. Sometimes I don't get any r...

by New Member in

How to add a new column after lookup match?

Hi all, I'm stuck with this i hope somebody can helps me. I have a csv lookup with following data for search matc...

by Path Finder in

Trying to get stats output for 2 fields after the "by"

I have data that looks like this: event,myField,myHost,myCategory yes,a,host1,category1 yes,b,host1,category1 yes,...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

how to find the total time taken by a search to finish the run for both adhoc and saved searches

Average of value during last running state

How to get the earliest _time of each column hit 100%

How to run searches based on lookup table details

Splunk help

rex pattern to create a field

Normalise the values of a field and joining the event count of the field values

how to extract multiple values into one field

How to extract a field using rex?

How to create transaction based on event data?

how remove extra new line?

How to create a search to get a list of Indices?

how to write splunk query for watching abuse of a service account?

How to sort a column chart to view the top 10 values?

Splunk SDK - Search String with parameter having Spaces

In a datamodel search why are tstats and stats results not the same?

Rex to parse key/value tags in splunk

Avg Day of Week does not show up, when no result found

Can I execute several functions with a single (perhaps custom) command?

Why does WinNetMon report Protocol ID=58 as SIP?

list all fields within a sourcetype

How to attain a list with all the fields in which a certain string appears?

How to troubleshoot eval expressions?

How to add a new column after lookup match?

Trying to get stats output for 2 fields after the "by"

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions