Splunk Search

Ask a Question

Discussions

Thread Info

Best way to correct tostring(,"duration") bug?

Hi there, | eval session_length=tostring(end-start,"duration") is not padding zeros correctly (I believe just for ...

by Motivator in

Why am I getting error "Search process did not exit cleanly, exit_code=255", causing searches to not run in Splunk 6.0.3?

Hi Ninjas! Need a little help here. I'm experiencing an error "Search process did not exit cleanly, exit_code=255,...

by Communicator in

Searching/Reporting over for GDPR related data in Splunk indexes

As we have an issue to give insights into the ingested data in our Splunk platform towards our compliance officer, we...

by Explorer in

Check if a measurement is between startTime and endTime of an incident

Hi, I have 2 indexes. measurements - list of all measurements ( _time, transactionId, transTime, resultStatus...

by Engager in

Index <--> KV lookup column issue

Hi, So, I have an issue when I try to lookup KV store to columns in a data model based on a eval function. So to g...

by Explorer in

Why am I unable to get Table Cell Highlighting to work with my current XML, CSS, and JavaScript files?

I know there area a bunch of questions about table cell highlighting out there. I have looked at all of them and have...

by Communicator in

I have a list of data. I want to show them in a table

Hi, I am trying to create a table for data values in the list but I am able to get the first one only. The query I am...

by Loves-to-Learn in

How to rotate a table using transpose, remove the first row, and rename the column headers?

i have this search which gives me: ... | stats max(field1) as foo max(field2) as bar max(field3) as la by subname2 w...

by Motivator in

How to find an Average Count over an hour in 5 min buckets

Hi Experts! So I have an issue with GC cycles and we have this logged in splunk. I have used the below query which g...

by Path Finder in

How do I make my own search engine for own in house through we can filter out the complete data?

Hi, Is there any option through I can able to create my own search engine like Google through we can find the best so...

by New Member in

Regex pattern for url patterns to show as a single url in Dashboard

We have some below Regex patterns that have special characters, alphabets & digits and wanted them as a showing up as...

by Explorer in

Get fields from two searches with two common fields

Hi, I'm getting a trouble with this situation. I have two searches: From the first one i get host and auid: ...

by New Member in

Remove results from table if they do not meet a condition.

I am trying to create a search that will display all universal forwarders that have not checked in for over 24 hours....

by Engager in

eval if blank field

Hi, Can I use multiple field values to substitute a blank value? Currently have; | eval final_destination = ...

by Path Finder in

Creating a search that will fetch 10 unique repository that perform an action in the last 10 minutes

Hi Splunk, I am in trying to create an alert that will send email to users if the search query returned results if...

by Engager in

How do i compare two different fields , with the same name, from two different sourcetypes?

How do i compare two different fields , with the same name, from two different sourcetypes? I am trying to check one ...

by New Member in

How to TOP based on one of the stats by field ?

Hi I have below query which gives me TOP 20 Requests based on REQUEST_COST regardless of the RequestType | sear...

by Communicator in

Regex help in Splunk

Hi, I have few events in splunk like these - 1. "GET /test/materials/components/fields HTTP/1.1" 2. "GET /test1 HTTP/...

by Explorer in

Extracting date from filename and inserting as title in dashboard

I need to extract the date from my filename "abc_20190401" and put it as a title in my dashboard?

by New Member in

Is it possible to use two base searches in one post-processing search?

I have a dashboard similar to this one: <form> <label>Multiple Base Searches</label> <fieldset submitButton="f...

by Communicator in

Not able to invoke each rows sprint, the element after the "by".

I have been trying to see if (sprints==last_chunk) but my problem is that, if I eval within the stats section, sprint...

by New Member in

How to use conditional tokens to run an append command

I am creating a table by appending the result of many searches together so each result appears in one row of the tabl...

by Engager in

Save results to avoid recalculation for new users per day or total number of distinct users

I am pretty new to Splunk and this is my first posted question so here goes... I have an application and I need to...

by Explorer in

Searching and reporting against custom indexes

I created a new Index for syslogservers to store remote syslog messages coming in on a Data Input UDP:514; The in...

by New Member in

Regex Help

I have this data: cfjbht06,08-Apr-2019,18:01:47,2.9,11.6 Splunk is reading this timestamp as: 4/8/19 6:01:47...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Best way to correct tostring(,"duration") bug?

Why am I getting error "Search process did not exit cleanly, exit_code=255", causing searches to not run in Splunk 6.0.3?

Searching/Reporting over for GDPR related data in Splunk indexes

Check if a measurement is between startTime and endTime of an incident

Index <--> KV lookup column issue

Why am I unable to get Table Cell Highlighting to work with my current XML, CSS, and JavaScript files?

I have a list of data. I want to show them in a table

How to rotate a table using transpose, remove the first row, and rename the column headers?

How to find an Average Count over an hour in 5 min buckets

How do I make my own search engine for own in house through we can filter out the complete data?

Regex pattern for url patterns to show as a single url in Dashboard

Get fields from two searches with two common fields

Remove results from table if they do not meet a condition.

eval if blank field

Creating a search that will fetch 10 unique repository that perform an action in the last 10 minutes

How do i compare two different fields , with the same name, from two different sourcetypes?

How to TOP based on one of the stats by field ?

Regex help in Splunk

Extracting date from filename and inserting as title in dashboard

Is it possible to use two base searches in one post-processing search?

Not able to invoke each rows sprint, the element after the "by".

How to use conditional tokens to run an append command

Save results to avoid recalculation for new users per day or total number of distinct users

Searching and reporting against custom indexes

Regex Help

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions