Splunk Search

Ask a Question

Discussions

Thread Info

How do I timechart the percentage of a total?

Hello all, Currently I have acquired a timechart in the format: Field_A / Field_B / Field_C / Field_D / Total /...

by Explorer in

Interesting regex

Hi, I have the below data and looking to determine the API call name . For the first one the name would be ...

by Motivator in

How do you pass a field into a subsearch?

There are a few other similar questions on Splunk answers, but each answer has been tailored to each asker's use case...

by Motivator in

How to index all users' OS search history, web search history, and web browsing history from any browser using a universal forwarder on a given host?

I am interested in indexing all user's OS search history, web search history, and web browsing history from any brows...

by Motivator in

Non English characters are not indexed ?

Hey guys, It seems that if a field in Splunk index contains Non English characters - the search is very slow. I would...

by Contributor in

Why is the following regex command not terminating as expected?

I have events like this.... <22>2018-10-10T09:38:50.631063-05:00 m0074417 sendmail[16942]: w9AEM7sO030350: to=<thi...

by Builder in

Real Time Search Visualisation works briefly then gives wrong results

I am running the following search: index=fi | stats last(BP) as start,first(BP) as last by Name | eval diff=last-s...

by Engager in

How do I pass an event's field value from a subsearch to an eval statement to retrieve another field?

How do I pass an event's field value into a subsearch to retrieve another field? At the moment, I can't use join b...

by Explorer in

Can you help me with the following search using a lookup?

Hi, We are frequently required to validate that data is being received by Splunk from multiple servers. The lists ...

by Champion in

Is it possible to use an inputlookup command with an OR statement?

Hi, I have a query that uses this search to look for hosts that we need to validate: |tstats count WHERE index=...

by Champion in

How do I make a regex expression to remove "=20" and more?

So here are the results from my "Scanned" field: 20Certificates.pdf 20from=20GLA-PTX164760.pdf 20from=20a=20Xerox....

by Explorer in

Multiple Searches at the Same Time

Is it possible to run multiple searches without having to open multiple browser tabs? Does Splunk have a built in tab...

by New Member in

Splunk 7.2 Tstats, Addinfo, and Earliest/Latest Bug?

Hello! I've recently upgraded a test server of mine from 6.x.x to 7.2.x to find a weird bug and I'm wondering if a...

by Explorer in

request optimization with best practices

hello I use the request below but i would like to have an example of doing this code more performant following spl...

by Motivator in

How to match two columns based on prefix (Numbers/Letters) and do a loop through each result

So we have a lookup and an index : We need to correlate the prefix from the lookup with the data from the index, ...

by New Member in

Can you help me with the following Splunk search query?

Hi, So i'm having this rule... index=logs sourcetype=console_test_1 "[Status] Discovered" | rex "<regex ...

by New Member in

How do I improve a lookup-stats by output search?

Let's say I have a search that immediately goes into a lookup with a filtered kvstore of 1 million events followed by...

by Motivator in

How can I get a timeline of the percentage of a particular error code among a total of logs coming into Splunk?

Hi, I'm trying to get a timeline of the percentage of a particular error code among the total of logs. And, based ...

by Explorer in

Why can't results can be shown when calculating the difference between two columns from two searches?

Here is my query : index="basicdataapi" source="/data/api-process/logs/equitydata-rawdata-producer/application.log...

by Engager in

How do I find the latest time project name in each group?

I want to group by virtual machine and then find the latest time project name in each group. How would I implement th...

by Explorer in

How do I calculate the number of server requests in the last 2 minutes?

Hello everyone. Want to display the output only for the time which crosses 18 months (earliest time)

by New Member in

Using regex, how do you extract data when there are special characters?

I am trying to create a Regular Expression string which could extract several key pieces of data from a syslog event ...

by New Member in

How can I group IP addresses together to exclude them from my searches?

Hello, I'm new to Splunk and I was just wondering: how can I group IP addresses together to exclude them from my ...

by New Member in

Why Does Search Head Cluster Replication Fail with large lookup table

Replication is failing with the following error. 07-12-2015 21:08:45.859 +0000 WARN ConfReplicationThread - Erro...

by Explorer in

How can I group last results into OTHERS?

Hi, I have a search that gives me results as below "Country" "Sales" "Total Sales" "Percentage" A ...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do I timechart the percentage of a total?

Interesting regex

How do you pass a field into a subsearch?

How to index all users' OS search history, web search history, and web browsing history from any browser using a universal forwarder on a given host?

Non English characters are not indexed ?

Why is the following regex command not terminating as expected?

Real Time Search Visualisation works briefly then gives wrong results

How do I pass an event's field value from a subsearch to an eval statement to retrieve another field?

Can you help me with the following search using a lookup?

Is it possible to use an inputlookup command with an OR statement?

How do I make a regex expression to remove "=20" and more?

Multiple Searches at the Same Time

Splunk 7.2 Tstats, Addinfo, and Earliest/Latest Bug?

request optimization with best practices

How to match two columns based on prefix (Numbers/Letters) and do a loop through each result

Can you help me with the following Splunk search query?

How do I improve a lookup-stats by output search?

How can I get a timeline of the percentage of a particular error code among a total of logs coming into Splunk?

Why can't results can be shown when calculating the difference between two columns from two searches?

How do I find the latest time project name in each group?

How do I calculate the number of server requests in the last 2 minutes?

Using regex, how do you extract data when there are special characters?

How can I group IP addresses together to exclude them from my searches?

Why Does Search Head Cluster Replication Fail with large lookup table

How can I group last results into OTHERS?

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions