Splunk Search

Discussions

Thread Info

How do you count the least number of events (as opposed to the highest number)?

I have a Top Ten report going which counts the highest number of network timeout/disconnects on wireless devices by t...

by Communicator in

tstats summariesonly query does not return results

Hi all, my query is not returning any results and I think it's an error in the query. The clauses 'as' and 'from' in ...

by Communicator in

How do I fetch data from an existing field?

I have a field in my log which contains a huge text data with two different formats. I tried to catch a few parts in ...

by Communicator in

How do you create a Splunk query to get new inbound IP's?

I am trying to get a list of new inbound IPs/hosts, which would compare to the old data of the previous month from a ...

by Path Finder in

mstats latest(_time) not working

I am not able to get the latest (or earliest) _time values using mstats. | mstats sum(bytes) latest(_time) where i...

by Contributor in

Regex Expressions

Hi Team, I need to extract the fields from the JSON format in my Search Head GUI so kindly let us know how to proc...

by Path Finder in

How do I compare the log date with the time picker date?

I want to check the records for which CREATE_TIME matches based on my date selection from time picker control. Curren...

by Communicator in

Display all values at time when hoovering over timechart

I have a timechart with multiple values/graphs. When hoovering my mouse over the timechart I can only see one value ...

by Path Finder in

How do I convert rows to columns by time?

I have universal forwarder data which I access using the below query, but the fields are coming in each row. I wan...

by Builder in

How do you tweak Splunk to display an event that is more than 500 lines long?

I'm getting an error in Splunk GUI that says my events are exceeding a 500 max limit. How do you tweak Splunk to disp...

by Splunk Employee in

How do you do a trend calculation with a plus sign?

hello, With the code below, i calculate a % trend between values. When the result of the trend is negative, a nega...

by Motivator in

How do you use Splunk to search within document text of wiki server and SharePoint data sources?

Is it possible to use Splunk as search engine that uses a wiki server and SharePoint as its data sources? It must sea...

by Engager in

Is there a way to determine if Splunk results will return in tabular format or raw events format?

Hi All, I have a requirement to email Splunk results. The problem is some Splunk results are in table format and some...

by New Member in

How do you calculate the difference between two specific values in the same field (%) then timechart span=1h for the past 24hrs

How do you calculate the difference between two specific values in the same field and return that value in a percent ...

by Communicator in

How do I display multiple sources, hosts, and source types on a table?

I want a table that shows my hosts, sources, source types, and indexes with some data feeds. How do I approach that? ...

by Explorer in

How does Splunk Universal Forwarder (UF) take the ulimit value for Open files?

hi All, On one of our servers, we recently faced issues with file forwarding. Upon checking in internal logs, we s...

by Explorer in

How do I remove dynamically named columns from a table when their values contain a specific string?

I have an API input that returns a JSON object containing a nested element with multiple dynamically named columns, w...

by Builder in

Why are Time Modifiers not working with SPL CLI?

Doing a search on CLI with time range modifiers does not seem to work. I have tried earliest_time/latest_time and ...

by Explorer in

What is the difference between index time extractions and search time extractions?

My question is what is the difference between an index time extraction and a search time extraction? Can anyone expla...

by Explorer in

How do I group events based on contiguous runs of field value?

I would like something like a stats command that groups events only if they form a contiguous run of a particular fie...

by Contributor in

Trying to manually Create Regex for search

We have been trying to create a search for AWS:Simple Email Services to locate any Bounce Back emails that come in; S...

by Explorer in

Can you help me with a query involving the eval command?

I'm trying to set up a search for when a user disables their 2FA vs when IT disables it for them. I have the User...

by Path Finder in

Can you help me compare two searches and then print the difference?

Hello, I am using two searches for seeking two windows events 4732 and 4733. I want to print into a new table even...

by Path Finder in

How do you use the arules command to identify the association between purchased items?

Please could you help me on the working example with dataset using arules command? i'm planning to use this in my ...

by New Member in

Chart examples

Hi, I have the data in the below format i.e i have calculated base on Type A,B,C per month and the data looks like J...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do you count the least number of events (as opposed to the highest number)?

tstats summariesonly query does not return results

How do I fetch data from an existing field?

How do you create a Splunk query to get new inbound IP's?

mstats latest(_time) not working

Regex Expressions

How do I compare the log date with the time picker date?

Display all values at time when hoovering over timechart

How do I convert rows to columns by time?

How do you tweak Splunk to display an event that is more than 500 lines long?

How do you do a trend calculation with a plus sign?

How do you use Splunk to search within document text of wiki server and SharePoint data sources?

Is there a way to determine if Splunk results will return in tabular format or raw events format?

How do you calculate the difference between two specific values in the same field (%) then timechart span=1h for the past 24hrs

How do I display multiple sources, hosts, and source types on a table?

How does Splunk Universal Forwarder (UF) take the ulimit value for Open files?

How do I remove dynamically named columns from a table when their values contain a specific string?

Why are Time Modifiers not working with SPL CLI?

What is the difference between index time extractions and search time extractions?

How do I group events based on contiguous runs of field value?

Trying to manually Create Regex for search

Can you help me with a query involving the eval command?

Can you help me compare two searches and then print the difference?

How do you use the arules command to identify the association between purchased items?

Chart examples

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions