Splunk Search

Discussions

Thread Info

Single query to an external REST API

I am working on an app that will have an interactive UI where you could input a hash value and afterwards the app wou...

by Engager in

Is there a Splunk command to find out configuration errors or typos?

Hi, I was wondering is there a Splunk command to find out configuration errors? For example, LINE_BrEAKER in props...

by Path Finder in

How do you compare the average memory performance of 2 servers?

Hi All, Please help me create a query that compares cpu and memory with threshold performance in 1 month ( 4 data ...

by New Member in

Can you help me create a regex that would extract a host from a path?

How can I extract hostname from the path for host_regex in data input on directory monitoring? I need only host na...

by Builder in

How do I write a regex for different field extractions according to event value?

I have events like the ones below. I want to make a different field extraction according to the value of field MODEL....

by Explorer in

How can i retrieve the values of a correlation matrix from Splunk web into a text file (name of the fields)?

hello , can anyone tell how can i retrieve the values of a correlation matrix from Splunk web into a text file (na...

by New Member in

How can I display our search results as a percent in a single value panel?

Hi my basesearch... index = lc source= X |stats count by status ...gets me the amount status by status: Sta...

by Path Finder in

How do I search data for the time & date that it was generated by the system?

I have big data in an Index, but I am looking for the specific data of time & date of system generated. I have a t...

by Communicator in

How can I optimize a search that times out?

This search is looking back one month over a large dataset. I would like it to be accelerated, and run once a month o...

by Path Finder in

Can you help me with the following timechart query?

index=X sourcetype=X source=X | timechart first(percentage_allocation) as percentage_allocation by devicename I ...

by Path Finder in

How can I display/hide some specific values in a dashboard?

Hello everyone, I have a dashboard where some stacked volumes(7) are represented and also I added the total of the...

by Explorer in

From the following log data, how do I create a table that includes the average response time?

My log Data is in this format: response="{"status":"success","Registries":[{"create":"2018-08-28","last":null,"Sto...

by New Member in

How do you use regex on 2 fields and combine them into one field for an xyseries?

Hi all, I have a simple regex to extract 2 fields — name1 and name2. And I would need to combine it like this: nam...

by Path Finder in

Can you help me create a search which would return the following table for a Splunk dashboard?

Hi, I want to know if it is possible to do the following table in Splunk dashboard. Thanks.

by New Member in

How to get the top 10 max values for each field value?

Trying to analyze some windows perfmon data. The data looks like this: counter -> name of performance metric (ie. % P...

by Communicator in

iplocation command not returning lat/lon fields (with allfields=true)

As in subject, I run the following command: MY_SEARCH | iplocation allfields=true clientip | table lat lon ...

by Explorer in

iplocation command not working in 6.3.0

Hi. I tried the following search, some search... | fields cip | stats count by cip | iplocation cip I have ...

by Communicator in

Splunk Jira Integration - Search returns no records

Hi, Am trying to integrate Jira with Splunk enterprize and followed below steps. 1. Installed Add-on for Jira https:/...

by Explorer in

Tags & Summary Index

Hi everyone, I would like to know if it's compatible using tags and summary index at the same time. Thanks for ...

by Path Finder in

How do I configure a forwarder to whitelist only Event Code 4624 and Logon Types 2 or 11?

I'm trying to edit inputs.conf in my forwarder to show ONLY Event 4624, with only Logon Type 2 or 11. I've seen many ...

by New Member in

How do you make a regex that skips an optional word?

I'm fairly new to regex. In other languages, i just string split and hack it up as needed, but i'm trying to use rege...

by Path Finder in

How do you group by field in the stats table?

I am attempting to get the top values from a datamodel and output a table. The query that I am using: | from da...

by Communicator in

Can you help me create a regex to extract a value from an event?

Below is a sample event. I could use some help in regex in fetching the value "29.3445667" present in the last part o...

by Contributor in

フィールドの値を使用して判定を行いたい

フィールドvalueに値が、affectedにその条件が入っています。例 No value affected 1 10 = 2 5 =< 3 1 != イベント毎...

by Explorer in

How do I make a search that groups output and gives the max date?

The below query works fine it. It displays all of the heartbeats generated. What I would like though is to show just ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Single query to an external REST API

Is there a Splunk command to find out configuration errors or typos?

How do you compare the average memory performance of 2 servers?

Can you help me create a regex that would extract a host from a path?

How do I write a regex for different field extractions according to event value?

How can i retrieve the values of a correlation matrix from Splunk web into a text file (name of the fields)?

How can I display our search results as a percent in a single value panel?

How do I search data for the time & date that it was generated by the system?

How can I optimize a search that times out?

Can you help me with the following timechart query?

How can I display/hide some specific values in a dashboard?

From the following log data, how do I create a table that includes the average response time?

How do you use regex on 2 fields and combine them into one field for an xyseries?

Can you help me create a search which would return the following table for a Splunk dashboard?

How to get the top 10 max values for each field value?

iplocation command not returning lat/lon fields (with allfields=true)

iplocation command not working in 6.3.0

Splunk Jira Integration - Search returns no records

Tags & Summary Index

How do I configure a forwarder to whitelist only Event Code 4624 and Logon Types 2 or 11?

How do you make a regex that skips an optional word?

How do you group by field in the stats table?

Can you help me create a regex to extract a value from an event?

フィールドの値を使用して判定を行いたい

How do I make a search that groups output and gives the max date?

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

Splunk Community Badges!

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

Search for triggered save searches and their actio...

Splunk Search

Are you a member of the Splunk Community?

Discussions