Splunk Search

Thread Info

How come the timewrap command is displaying today's results and not from the value of the day in the timemodifier?

I am using the search below to get a week over week results using Timewrap, but the results shown are from today and ...

by New Member in

How to search to check license usage every hour and send an alert email every 10 mins upon reaching 80%?

How to write a search for License usage to be checked every hour & send an alert email every 10 mins upon reaching 80...

by New Member in

Timechart values not working

I've been trying to chart some data and every way I try, it just doesn't work. I'm able to create a table of my da...

by Builder in

Is there any way to optimize post process searches instead of running them alternately?

Search 1 is : index=reportstore earliest=-28d@d latest=@d sourcetype=reportstore_logs host=denver | eval ReportCre...

by New Member in

Can I replace a string in the logs on the host itself?

So, I have been using Splunk out of the box for a while, but now I would like to do some data massaging before I ...

by Path Finder in

How do you count Unique IDs, in both indexes, based on a specific event?

I am trying to get Unique IDs (appears in both indexes) but I only want to count if there is event_name="AccountFinal...

by New Member in

How do you return only 1 result from a lookup?

I'm enriching my search with a match against a lookup table. However, the lookup returns more than 1 result for each ...

by Explorer in

Difference in _time and _indextime for logs

Hi, We are getting indexing lag in one of our splunk index. There is variation in _index-time and _time hence produc...

by Explorer in

Search From Two Indexes. Applying A Name Referenced By Id On Both Searches.

Hi there, Hoping someone could help me out. I'm currently using the AWS Add-On For Splunk and I wanted to expand t...

by New Member in

How do you find data/values in a lookup that do not exist in the logs?

We have a lookup file that has a list of series stored in a field — TS_SERIES_ID. We want to find the count of series...

by Explorer in

Can you help me with a query with the timechart command?

same search: timespan showing X results while search is showing Y results for the same timeframe. This search that...

by Path Finder in

Will you help me create the regex to convert the following data into a column value pair?

Hi, Below is my sample payload. I want to convert/display it into a column value pair. Eg, ESBTransactionID 750105...

by Path Finder in

How do you extract a field using regex?

00000887 ThreadMonitor W WSVR0606W: Thread "WebContainer : 24" (00000887) was previously reported to be hung but has ...

by New Member in

Can you help me answer a question with the chart command?

Hi there, I have this query formed and I can't the get expected result, but it's very close to what I want. The re...

by Path Finder in

What are some solutions for high cardinality field reporting?

We have high cardinality data -- virtually every event is unique except for a small percentage of cases that we care ...

by Champion in

stats option compatibility

Does stats support function inside function like shown below ? Where first i want to take percentile90 of PERCENT9...

by Path Finder in

Can you help me extract the time value and the thread count from the following data using regex?

00000887 ThreadMonitor W WSVR0606W: Thread "WebContainer : 24" (00000887) was previously reported to be hung but has ...

by New Member in

How to display a search result by the Log Size per field in MB, not the event count?

Hi I have the following search which is presently displaying the list of eventcounts by the field "category_type"...

by Builder in

What is the best query for retrieving a field name in different languages?

hello, I use the WMI below index="windows-wmi" sourcetype="WMI:Reliability" Logfile=Application SourceName="App...

by Motivator in

How do you extract dynamic nested array coordinates from JSON?

I need help in extracting fields from the dynamically nested array coordinates from JSON. Here is the example dat...

by New Member in

How do I find rows in a table with more fields, which are NOT EQUAL to any row in table with less fields?

I.e. <search1>: ... | table id, f1, f2, f3 <search2>: ... | table id, f1, f2 I need to find all records in <s...

by Explorer in

How do you calculate availability with 2 searches?

Hi team, I want to determine the availabilty of my application with the http status code (Number of request ht...

by Explorer in

How do I extract the value of a field value in Splunk?

Hello all, I am trying to get the value of a field from an event in Splunk. The event looks like follows: messa...

by Explorer in

time picker average if selected more than one day

Hi All. I need help regarding one my query, shown below index=int_app source="City_APP*" FUNCTION=* ACTION=...

by Path Finder in

How do you go forward and backwards through the following records?

Hi all, I need some help here. I have a sample records of 30 lines, and now would need to eval the endtime. Howeve...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

How come the timewrap command is displaying today's results and not from the value of the day in the timemodifier?

How to search to check license usage every hour and send an alert email every 10 mins upon reaching 80%?

Timechart values not working

Is there any way to optimize post process searches instead of running them alternately?

Can I replace a string in the logs on the host itself?

How do you count Unique IDs, in both indexes, based on a specific event?

How do you return only 1 result from a lookup?

Difference in _time and _indextime for logs

Search From Two Indexes. Applying A Name Referenced By Id On Both Searches.

How do you find data/values in a lookup that do not exist in the logs?

Can you help me with a query with the timechart command?

Will you help me create the regex to convert the following data into a column value pair?

How do you extract a field using regex?

Can you help me answer a question with the chart command?

What are some solutions for high cardinality field reporting?

stats option compatibility

Can you help me extract the time value and the thread count from the following data using regex?

How to display a search result by the Log Size per field in MB, not the event count?

What is the best query for retrieving a field name in different languages?

How do you extract dynamic nested array coordinates from JSON?

How do I find rows in a table with more fields, which are NOT EQUAL to any row in table with less fields?

How do you calculate availability with 2 searches?

How do I extract the value of a field value in Splunk?

time picker average if selected more than one day

How do you go forward and backwards through the following records?

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...