Splunk Search

Discussions

Thread Info

How do you return the latest value only if it's not equal to "closed"?

I'm having a tough time figuring this one out for some reason. The datasource I am using contains multiple records ba...

by New Member in

How do you add the average and the standard deviation as a new field?

Hi, This might be trivial question, but I am having a hard time to figure it out. Any help is greatly appreciated...

by Path Finder in

Regex to extract a number from string

Hello, I am trying (rather unsuccessfully) to extract a number of varying length form a sting. The constants are 0...

by Communicator in

Is it possible to add a field by source at index-time ?

I would like to add a new field at index-time that will be visible in the list of events. In the same way as Host, so...

by Explorer in

Define user field in Security Essentials

I have added Security Essentials on my indexer and the Splunk_TA_windows app on the forwarders however when i run the...

by Path Finder in

can you help me with regex

Hi, I have a search with regex ERROR * | rex ".*?(?(?:\w+\.)+\w*?Exception).*" | stats sparkline count by e...

by New Member in

Can we search in different time ranges between multiple indexes?

Hi, Can I run a search with two or more indexes and specify a different time range in each one? For example, woul...

by Communicator in

List of computers extracted from the computer

Scenario: In a way, the local admin user can be retrieved, the computer to remove the domain, and without the domain ...

by New Member in

How can I group the query?

Hi all, I am new to splunk Following is the information: Column1 Column2 colum...

by Explorer in

How eliminate records from a search that appear twice only?

Hi, I have a search which returns a list of records, some of them have a duplicate Value. Here's an example of the ou...

by Explorer in

Why is join slow?

I've seen a lot about not using join subsearches, how it's slow, etc etc. Which proves to be true in practice. Wha...

by Explorer in

Temenos T24 Monitoring whit Splunk

Hi team i have been working a new project with banking sector where they are using the Core Banking T24. Does a...

by Communicator in

stacked bar chart in timeline series

hi! I want to create a stacked bar chart like in a timline series like this |[----RUN TIME----]|[----IDLE TIME----...

by Communicator in

How do I schedule a recurring search that would alert if an index is missing data feeds from hosts?

Hi. I need to schedule a recurring search that would alert/email me if an index, say "web", is missing data feeds...

by Loves-to-Learn in

List Comparison

I'm wanting to find out if it's possible to take a list of items in a text file, conduct a search against that list a...

by Contributor in

How do you use fillnull to return a count of 0?

I have events that have a value called "Date First Found" that is of the format: "%m/%d/%Y". I calculate the number o...

by New Member in

With regex, can you help me with a matching issue for a blank space?

Hello, I am having an issue with some regex that I wrote. it is working fine except for this blank space. Re...

by New Member in

Why does my real time search job keeps getting killed?

Hi I have a real time search over the past 5 minutes, however it works for 30 seconds an then it dies. any ideas? ...

by Influencer in

How do you correlate events from two different indexes by date?

Hi folks, I have 2 indexes containing information as below: index ABC _time sessionkey ...

by Explorer in

Replication and search factors "not met"

We have: - Index Cluster Master - Search head cluster (3 nodes) - Index Cluster (3 nodes) - Heavy forwarder (1 node) ...

by Explorer in

Added _meta to default result in double counts.

unable to search data using SPL index=test ssp=3538 following search does return the result index=test ssp=*...

by Splunk Employee in

What's wrong with my eval case statement?

What is wrong with this? | eval Count=case((sourcetype="input1" OR sourcetype="input2") AND index="foo1", "NA" (s...

by Communicator in

Field extractions aren’t working as expected since upgraded to 7.2.3

Since upgraded to Splunk version 7.2.3, some fields extractions aren’t showing on the searches properly. In particula...

by Splunk Employee in

How to merge remaining fields into a multivalue field after dedup'ing one field?

Hi, Just as the question says. My current search results in something similar to this: ip device ------...

by Communicator in

How to plot a timechart from summary index?

Hi, I have a summery index with events like this :- 3/06/2019 00:00:00 +0000, search_name=ABCD , search_now=155191...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do you return the latest value only if it's not equal to "closed"?

How do you add the average and the standard deviation as a new field?

Regex to extract a number from string

Is it possible to add a field by source at index-time ?

Define user field in Security Essentials

can you help me with regex

Can we search in different time ranges between multiple indexes?

List of computers extracted from the computer

How can I group the query?

How eliminate records from a search that appear twice only?

Why is join slow?

Temenos T24 Monitoring whit Splunk

stacked bar chart in timeline series

How do I schedule a recurring search that would alert if an index is missing data feeds from hosts?

List Comparison

How do you use fillnull to return a count of 0?

With regex, can you help me with a matching issue for a blank space?

Why does my real time search job keeps getting killed?

How do you correlate events from two different indexes by date?

Replication and search factors "not met"

Added _meta to default result in double counts.

What's wrong with my eval case statement?

Field extractions aren’t working as expected since upgraded to 7.2.3

How to merge remaining fields into a multivalue field after dedup'ing one field?

How to plot a timechart from summary index?

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions