Splunk Search

Discussions

Thread Info

Is it possible to perform a tstats from an accelerated savedsearch?

I am asking because I attempted to use "savedsearch=" as a command after a | tstats much like calling a "datamodel=" ...

by Engager in

Upgrade Enterprise Security app to 5.2 - Any specific issues to note

Hi All, I am planning to upgrade the Enterprise Security app on our environment from 4.7.0 to 5.2.0. Splunk Enterp...

by Explorer in

Subtotals with Sum

Hi, I wonder whether someone can help me please. I've written the following query: `wso2_wmf(RequestCompleted)`...

by Motivator in

Dependency on Azure Services status

we need to send out notification when ever a global outage was happening with Azure using the RSS feed, is the any qu...

by Engager in

Nested JSON field

Hi I'm trying to do a count within my JSON logs. It's about the following data. I want to do a count for the extensio...

by New Member in

How do you make a regex field extraction to stop capture after underscore and last 2 digits?

Hi, I'm new to regex field extraction. I need a regex to capture only specific characters on my event source. I tr...

by New Member in

How can I display just the prediction (future) in a chart ?

I'm doing a chart where i want to predict the disk space for the month after and I have this : .... predict C as "Pre...

by Explorer in

How do you make a stacked bar chart based on a field?

I need to present the output of a query in a stacked bar diagram. Here is my search output: Now, I want to...

by Explorer in

Any way to extract date information from file name and time information from message ?

I have some source files which the messages have only time information without date information as below. [ xxxxx2017...

by Splunk Employee in

How do I get a substring from a field after the "_" character?

I have a string as ABCD_20190219_XYZ I need to get 20190219 like 8 characters after first "_" and than convert tha...

by New Member in

How can I send historical data from Splunk to QRadar (On Prem and On Cloud)

Hello, I need to know how to send historical data from Splunk to QRadar (Version 731) I am aware that there are so...

by Engager in

ERROR SearchResultsCSVSerializer - Failed to open file for writing

Seeing tons of these errors in splunkd logs of indexers. What could be the reason? We are also experiencing search pe...

by Communicator in

How do you find the difference of an hour in _time and _indextime in Splunk logs?

We have logs being parsed in Splunk which have differences in _indextime and _time of an hour. Please advise how can ...

by Explorer in

How to set up a NEAR real time search in Splunk 6.6.3

I have a client that wants to set up a "near" real time search in Splunk. Can this be done (it needs to be continuous...

by Path Finder in

How can I add the results of some particular columns to a new column?

I ran a query which gave results in the below manner I just want the last two columns, that is Today and ...

by New Member in

Unable to search using REST API

Hi I have a cloud instance version 7.0.2.1 https://prd-p-df4vmzb62ds7.cloud.splunk.com. I am trying to use REST API t...

by New Member in

Is the mvindex function just visual?

With my situation, all events have double the values in each field for some reason. I'm not an admin so I just have t...

by Communicator in

"addinfo" and "search_now" -- has search_now been removed?

Hi all, Previously I've used "search_now" to determine the start time of a late-running scheduled search. This app...

by Communicator in

Not enough pct_cpu metrics in introspection

Please advise! We noticed that in our 7.0.2 on-prem Splunk install on CentOS, CPU load metrics are partially missing....

by Path Finder in

Calculate on one field in multiple events

Hi, I collect json data like this: {"timestamp":"2019.02.19-10:20:30","label":"xxx","size":"100"} {"timestamp":...

by Path Finder in

Appropriate ingest structure for large lists and for analysis

Hi, I've got a large list which is grouped in chronological order and I'd like to ingest it into Splunk. The li...

by Communicator in

How do you combine stats results for a base data grid?

I would like to combine the results of two searches to use as a dashboard base search and then filter in different wa...

by Path Finder in

How can I create a scatter plot of data points distributed over time?

Hi, I am having some difficulty in locating information to help me to create a scatter plot (over time) of a data ...

by Explorer in

How do you find the count of hours between two dates?

Hi, Please find the below query index="os" sourcetype="Service" CaseNumber=* status="Complete" assignment_gro...

by Explorer in

Define condition per timeframe

Hi there, I hope for some help with a query. I'm using the following query to get a list of all failed login ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Is it possible to perform a tstats from an accelerated savedsearch?

Upgrade Enterprise Security app to 5.2 - Any specific issues to note

Subtotals with Sum

Dependency on Azure Services status

Nested JSON field

How do you make a regex field extraction to stop capture after underscore and last 2 digits?

How can I display just the prediction (future) in a chart ?

How do you make a stacked bar chart based on a field?

Any way to extract date information from file name and time information from message ?

How do I get a substring from a field after the "_" character?

How can I send historical data from Splunk to QRadar (On Prem and On Cloud)

ERROR SearchResultsCSVSerializer - Failed to open file for writing

How do you find the difference of an hour in _time and _indextime in Splunk logs?

How to set up a NEAR real time search in Splunk 6.6.3

How can I add the results of some particular columns to a new column?

Unable to search using REST API

Is the mvindex function just visual?

"addinfo" and "search_now" -- has search_now been removed?

Not enough pct_cpu metrics in introspection

Calculate on one field in multiple events

Appropriate ingest structure for large lists and for analysis

How do you combine stats results for a base data grid?

How can I create a scatter plot of data points distributed over time?

How do you find the count of hours between two dates?

Define condition per timeframe

A Prelude to .conf25: Your Guide to Splunk University

4 Ways the Splunk Community Helps You Prepare for .conf25

Enhance Your Splunk App Development: New Tools & Support

Sometimes searches are not running on iPad

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

Splunk Search

Are you a member of the Splunk Community?

Discussions