Splunk Search

Ask a Question

Discussions

Thread Info

How do you get tabular event with field value pair?

I have an event in the below format. INCIDENT_ID PROBLEM_KEY ...

by Communicator in

How do I calculate another time frame based on time input?

I am trying to build a dash where I need to calculate another earliest and latest based on an input of time. The s...

by New Member in

Can we disable the drilldown for a specific field in pie chart?

I have a pie chart which displays two things 1) ABC 2)XYZ When I click on ABC, it should go to other Dashboard via...

by Explorer in

How to find days between today's date and field value date?

I am trying to subtract a field value date (Step Due Date) from today's date (nowstring) to determine if the number o...

by Path Finder in

What are these Interesting Fields returned from the search "index=os sourcetype=iostats"?

Looking at: index=os sourcetype=iostats I come across many fields, but what do they mean?: Interesting Fiel...

by Motivator in

Why is my index time extraction not working

On my Intermediates or Heavy Forwarders and Search Heads I have: props.conf [role_extract] TRANSFORMS-roleextract = e...

by New Member in

How do I calculate elapsed time between hours on two specific dates?

I have an Incident "Open Date" in following format DD/MM/YYYY HH:MM and an Incident "Close Date" in same format. I...

by Explorer in

How to combine two field results into single field permanently ?

Lets say I have extracted two fields rs_time1 and rs_time2. But now, I want to merge the values from these fields to ...

by New Member in

Outputnew: How do I compare two Fields in two Lookup tables?

Hello, I need help finding out how I can display field values of one lookup that are not present in the same-name...

by Communicator in

How do I run a query for a user's Internet activity and create a table by date and url?

I need to run a query for a user's Internet activity. I would like to create a table/report for the output that's lim...

by New Member in

How to list a count ONLY if the value within a query is above a certain threshold?

Hello. Today, I have several panels in a dashboard to provide us daily, weekly, and monthly counts of certain problem...

by New Member in

How do I search to exclude logs with extensions?

Hi, In my data, I have API calls with several extensions like (.html, .com, .php and many more). I am trying to excl...

by Path Finder in

How do I create a derived field using two searches?

I want to create a derived field using a search string like so: (host=HostA sourcetype="SourceTypeA" counter=...

by Engager in

Help sorting by time results in lost records

When I do a sort, the records show up newest first. I will typically search for events on the duration of a week or a...

by New Member in

How to round a number when displaying results in a chart?

I am trying to display the response times of services for the last 7 days in a chart , but I want to round the respon...

by New Member in

How to calculate the number of days between two dates?

I have two dates as part of a string. I have to get these dates in separate fields by using the substr function. Now,...

by Communicator in

APPEND is not UNION?

Splunk version 4.3 search A : index=webserver1 type=error | table serverName message method search B : index=webse...

by Path Finder in

Time value difference in duration: getting value as 0d

HI All, I am able to get the time value difference in epoch and able to convert it to string with the following co...

by Communicator in

How to change two parts of a search query based on input selection?

I have a column chart that needs to update based on the input selection (Hour/Weekday/Month - aka $field4$). I've man...

by Path Finder in

Why would Splunk be grouping events together when I haven't told it to?

Wow, so finding any related questions on this has proven very difficult as any searches for "Splunk grouping events t...

by Builder in

How do you link transactions with other sourcetypes based on timestamp?

Splunk fellows your help is needed, In our project (license plate recognition on gas stations) - we have 2 source...

by New Member in

How to create a regex or rex in a search to extract each line in a log event to separate events?

Hi Splunk Gurus - I am new to splunk, need your help on the below. Below is how the events are getting into splunk...

by New Member in

Comparing arbitrary # of columns values similar to xyseries?

Suppose I have a data set with a metric, let's say for example, it contains the average # of stamps licked per day by...

by Path Finder in

How to update certain time fields of lookup table without overwriting old table entries?

So, I put together a search not too long ago, with help from the community on here, that would run hourly to update a...

by Explorer in

How do I use an if-statement to reduce rows of a field in a Splunk result set?

I have the following Splunk base search: sourcetype=serverA FATAL OR ERROR OR WARN | rex field=_raw max_match=1 "...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do you get tabular event with field value pair?

How do I calculate another time frame based on time input?

Can we disable the drilldown for a specific field in pie chart?

How to find days between today's date and field value date?

What are these Interesting Fields returned from the search "index=os sourcetype=iostats"?

Why is my index time extraction not working

How do I calculate elapsed time between hours on two specific dates?

How to combine two field results into single field permanently ?

Outputnew: How do I compare two Fields in two Lookup tables?

How do I run a query for a user's Internet activity and create a table by date and url?

How to list a count ONLY if the value within a query is above a certain threshold?

How do I search to exclude logs with extensions?

How do I create a derived field using two searches?

Help sorting by time results in lost records

How to round a number when displaying results in a chart?

How to calculate the number of days between two dates?

APPEND is not UNION?

Time value difference in duration: getting value as 0d

How to change two parts of a search query based on input selection?

Why would Splunk be grouping events together when I haven't told it to?

How do you link transactions with other sourcetypes based on timestamp?

How to create a regex or rex in a search to extract each line in a log event to separate events?

Comparing arbitrary # of columns values similar to xyseries?

How to update certain time fields of lookup table without overwriting old table entries?

How do I use an if-statement to reduce rows of a field in a Splunk result set?

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Buttercup Games: Further Dashboarding Techniques (Part 5)

Customers Increasingly Choose Splunk for Observability

Large JSON payloads don't always perform field ext...

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static