Splunk Search

Discussions

Thread Info

Efficient and "correct" way to counting stats based on a sequence of events within a rolling timeframe

Creating stats count based on a sequence of events within a timeframe. For example, count the unique sessions, within...

by Path Finder in

How to use of Group by on the Event Number column to get the latest result by EventTime?

I have a table like below in Splunk I want to apply a group by on Event Number col and want to get the top(la...

by New Member in

External URL link with Hyperlink in alert message body

Hi Splunkers, Is it possible to add an External URL as Hyperlink in the message body of an alert? I know we can pl...

by Engager in

How to catch information from inspector job?

Hi I would like to catch the information in the example below: This search has completed and has returned 1 000...

by Motivator in

Some logs were missed by splunk in search index

While using splunk, we are missing some events in search index. There is no repeated behavior of this kind but they a...

by New Member in

How to use plus sign before a result to calculate percentage?

Hello I use the eval below in order to calculate a percentage | eval Trend_Proc_time=round(100-(Proc_dest*100)/(Pr...

by Motivator in

How do I search from a lookup table and match when part of a string from an events' field matches a value in a lookup table?

Hi all, I know many questions exist similar to this one but none are useful for my particular use case. Please if...

by Path Finder in

How to use rex to extract username from emailid?

Hi All Please help me to extract username from the emailid. Ex: test123@test.com abc2@test.com Required: ...

by Explorer in

How to split data into multiple columns?

I am having data in a single field in this format: 1. xyz 2. dsh bh 3. sdh dsd() 4. trrt .... so on I want to spl...

by Path Finder in

How to get the sum of total number of failed items count after excluding Item Not Recognized and Loading for both fields?

I have two fields body.response.failedItemsCount , body.failedItemsCount , In this I have to filter with two unwanted...

by Explorer in

How to use 'where' command in multiple places?

Hello everyone. Want to display the output only for the time which crosses 18 months (earliest time)

by New Member in

How to extract values in a field?

In my table, I have a field named Username, and it has two values: Machine 1 and 2. I only want to show Machine1 only...

by Communicator in

How do you retrieve names in comments using regex?

Hi, index="os" sourcetype="test" CaseNumber=*| dedup _time,CaseNumber | rex field=Notes "(?\d+-\d+-\d+\s*\d+:\d+...

by Explorer in

Top of field with multiple values

Hi, I'm trying to do a simple search that returns the top repeated values of a field. The problem is that this ...

by New Member in

Splunk Deployment only for Log Management Purpose

Hi Team, We have a requirement where we need to deploy Splunk Solution only for Log management purpose (less 50 GB...

by Engager in

How to create a chart that will display the open and resolved tickets over time?

I need to create a chart that will display the open and resolved tickets over time. Here is my current code: |...

by Path Finder in

How to use timechart command for the below query

This is the query i m using: query1: sourcetype=tanium earliest=-24h query="User-Sessions-and-Boot-Time-Details-fr...

by New Member in

Why is host missing from Search?

Hi All, I'm just getting started so this is probably going to be an easy one. I have Splunk light and have set...

by New Member in

How do you do a recursive search for the first value from every morning?

Can you run a Splunk search and have it only return the first log value identified at a certain time per day, and the...

by Explorer in

define two fields for cidrmatch function

I want to use the eval function with cidrmatch function like 1- who to mention multip subnets in x field against c...

by Communicator in

extracting values in a field

in my table, I have a field named Username, and it has two values: Machine 1 and 2. I only want to show Machine1 only...

by Communicator in

Sum of two fields

I have two fields "body.response.successfulItemsCount" & "body.successfulItemsCount". I need sum of total of these tw...

by New Member in

average of response time for the service call per day.

sourceType="source_log" | rex field=_raw .... ........ Expected output : Service_call Avf for 03/04 avg for 03...

by New Member in

How to use IN function with VALUE-LIST as a search or lookup

hi, We have a SPL which emits hostname as a single value, but this needs to be checked against a valid list of hostna...

by Super Champion in

Can you help me with a problem I'm having with the delta command for microseconds?

I have the following search. index=ironstream IFCID=1 LUWID_LUNAME=DBTP | rex "QWSAPROC_0001\":\"(?P<pr...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Efficient and "correct" way to counting stats based on a sequence of events within a rolling timeframe

How to use of Group by on the Event Number column to get the latest result by EventTime?

External URL link with Hyperlink in alert message body

How to catch information from inspector job?

Some logs were missed by splunk in search index

How to use plus sign before a result to calculate percentage?

How do I search from a lookup table and match when part of a string from an events' field matches a value in a lookup table?

How to use rex to extract username from emailid?

How to split data into multiple columns?

How to get the sum of total number of failed items count after excluding Item Not Recognized and Loading for both fields?

How to use 'where' command in multiple places?

How to extract values in a field?

How do you retrieve names in comments using regex?

Top of field with multiple values

Splunk Deployment only for Log Management Purpose

How to create a chart that will display the open and resolved tickets over time?

How to use timechart command for the below query

Why is host missing from Search?

How do you do a recursive search for the first value from every morning?

define two fields for cidrmatch function

extracting values in a field

Sum of two fields

average of response time for the service call per day.

How to use IN function with VALUE-LIST as a search or lookup

Can you help me with a problem I'm having with the delta command for microseconds?

What's New in Splunk Observability - August 2025

Introduction to Splunk AI

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions