Splunk Search

Discussions

Thread Info

How can I find the response time with an event time and max time of the events

We have a use case where we need to calculate the time difference between the maximum infotime (steptype="endNBflow")...

by Explorer in

Calculate Ratio of Two Counter Streams

I've two counter streams, I would like to display that as a percentage asB/(B+C) in the chart but it always gives me...

by New Member in

Splunk not able to extract fields properly

Hi Splunk Experts, I have some data coming into splunk which has the following format: [{"columns":[{"tex...

by Engager in

Comparing lookup file with an index

I am trying to compare an IP address field called ex_ip thats stored in a lookup file with an index called activity w...

by Loves-to-Learn Lots in

Unique users logging in each day chart / search

I seem to be close on trying to find the statistics to be able to pull unique users per day but I know I'm missing so...

by Explorer in

How to use different time ranges in subsearch and main search ?

Hi, am creation a dashboard using dashboard studio, and i want to run a query with subsearch.i want to use the time f...

by New Member in

Perform an operation on values in the column of a lookup table that share the same row values

I have a lookup table that looks like this (: Column 1Column 2Column 3Column 4Value 1--15Value 1--60Value 2--75Valu...

by Engager in

JSON extraction

Hello Expert Splunk Community , I am struggling with a JSON extraction .Need help/advice on how to do this operatio...

by Explorer in

Using mstats to create separate columns per metrics

I know that I can combine multiple metrics using mstats as: | mstats avg(_value) AS "Average" WHERE metric_name=me...

by Engager in

To Remove values with '0' from the calculation

I have below query to calculate average response times. For some reason some times the value is coming as '0'. i want...

by Explorer in

Help on Splunk query

Hi, I have 4 fields in my index ID, Method, URL, HTTP_responsecode ID is in the form of XXXX-YYYY-ZZZZ-AAAA, Now, I...

by Path Finder in

How to Remove the null values in a field for particular type only.

HI, I have a single query to get all types of data in table.for one particular type I have an issue with the null v...

by Communicator in

Combining two fields into one field

I currently have two different fields Host Domain F32432KL34 domain.com I wish to combin...

by Path Finder in

extract only xml part from an event

Hi,my event has unstructured data i.e. few strings than xml part than few more strings and another xml follow by few ...

by Path Finder in

Few fields not visible when check on the all feilds section but i can see them when i table them with the names.

I have a strange issue, when i search for specific event in Splunk and I am looking for specific fields( ex field1, f...

by Loves-to-Learn in

Excluding multiple slashes throughout regex capture string

Trying to figure out how to extract a field using regex to capture the entire string. Only problem is there are a bu...

by Engager in

How to create a base search that retains multiple regex fields?

I have a dashboard that is built from 3 different searches. They all come from the same data so I would like to turn ...

by Motivator in

multiple Case conditions?

Hi, I am using multiple case conditions but the condition is not matching. In the third line of the code used AND c...

by Builder in

How to use stats in multiple Condition and fields ?

Hi Guys, I am trying fetch details using stats.In this query I am trying get status from the below conditions and w...

by Builder in

Dividing combined value into separate values

Currently, I have a table that looks like this: Table1 Hostname Vendor Product Version----...

by Path Finder in

Lateral movement search needed

Hi, I need an help with my windows security logs how we can create the lateral movement use case

by Builder in

Log searching Splunk

I am searching some logs in an application for the last 24 hours (or any time range the user has selected). Is it pos...

by Path Finder in

Issue using rex to replace string

Hello world, I'm trying to use rex to rename the part of the strings below where it says "g0" to "GRN". So the outp...

by Explorer in

Setting a date range as a field for the chargeback app

I have a question regarding how to properly extract the time ranges between the Events to use as a field value for a ...

by Communicator in

Collect command with federated searches

I have a use case where I'm trying to collect events from a federated search. I can run and search results using the ...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How can I find the response time with an event time and max time of the events

Calculate Ratio of Two Counter Streams

Splunk not able to extract fields properly

Comparing lookup file with an index

Unique users logging in each day chart / search

How to use different time ranges in subsearch and main search ?

Perform an operation on values in the column of a lookup table that share the same row values

JSON extraction

Using mstats to create separate columns per metrics

To Remove values with '0' from the calculation

Help on Splunk query

How to Remove the null values in a field for particular type only.

Combining two fields into one field

extract only xml part from an event

Few fields not visible when check on the all feilds section but i can see them when i table them with the names.

Excluding multiple slashes throughout regex capture string

How to create a base search that retains multiple regex fields?

multiple Case conditions?

How to use stats in multiple Condition and fields ?

Dividing combined value into separate values

Lateral movement search needed

Log searching Splunk

Issue using rex to replace string

Setting a date range as a field for the chargeback app

Collect command with federated searches

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions