Splunk Search

Community Activity

Working on "snoweventstream" in a subsearch - Any thoughts? Hi guys, I'm trying to control whenever I have to send an event to ServiceNow or not, and that's what I've done so f... by victor_menezes Communicator in Splunk Search 09-28-2018 0 2	0	2
How do I cut a string after a certain text and count the results of the string before the cut? Here is my current search in Jboss Logs: index=jboss_app CLASS="foo.bar.bas.classname" MESSAGE="Error doing the thin... by iambobwall New Member in Splunk Search 09-28-2018 0 2	0	2
Can you help me with my custom dynamic field extraction? Hi, looking for some help on this one. I have multi-line events that I'm trying to create dynamically named fields fr... by mbodtkerj New Member in Splunk Search 09-28-2018 0 7	0	7
How do I remove gaps in charts? Hi splunkers, I was able to plot a graph that, whilst it shows all the info I need, it also contains massive gaps th... by ADRIANODL Explorer in Splunk Search 09-27-2018 0 7	0	7
How do I search for Chinese characters in Splunk? Hi, I need to create a report that looks for certain terms in Chinese. Is there anything special that I need to do ... by a212830 Champion in Splunk Search 09-27-2018 0 2	0	2
How can i get the first event after match a event? I want to make a search that match for a event, than get the next event. Example: Event1 _time event_hash status_la... by johnny_goya Explorer in Splunk Search 09-27-2018 0 2	0	2
Can you help me with my join query? I'm having trouble with a join query. It doesn't work with the inner or left join, although I can see the event from ... by seomisp Explorer in Splunk Search 09-27-2018 1 14	1	14
How to troubleshoot error "Configuration initialization for C:\Program Files\Splunk\etc took longer than expected (1869ms) when dispatching a search"? Why are we getting this error and how do we fix this? by puneethgowda Communicator in Splunk Search 09-27-2018 1 5	1	5
Why can't I find logs under _internal Index when I'm able to see in them in actual Index? Hi friends, I am using the below search query to see the usage of a specific Index. When I pull the search for 30da... by pkumar9610 Explorer in Splunk Search 09-27-2018 0 5	0	5
What is the best way to count events and calculate the disk space these events use? So, the first part of this is really easy. index=active_dir \| stats count by EventCode This will give me the a lis... by cboillot Contributor in Splunk Search 09-27-2018 0 4	0	4
Is it possible to compare equality of two fields at the root search without using \| search, \| where, or \| eval? I'm trying to work around the limitations of data model root searches not supporting pipes. Is there any way to do s... by responsys_cm Builder in Splunk Search 09-27-2018 0 6	0	6
How to search for specific text in field without additional text? Sorry for the strange title... couldn't think of anything better. Doing a search on a command field in Splunk with va... by joesrepsol Path Finder in Splunk Search 09-27-2018 0 4	0	4
Can you help me create a pie chart that would display info from a CSV Lookup file? I created a .CSV file with error_code and Description. I am trying to compare error_code with the logs and create a p... by sandeepmakkena Contributor in Splunk Search 09-27-2018 0 25	0	25
How to use a list of values from a table into foreach fieldstr? Hi, I already used the following lines with success: \| foreach fieldstr=device "device_name1" "device_name2" "device... by danielearangiom Explorer in Splunk Search 09-27-2018 0 1	0	1
I want to see Number of hits from an IP address on a particular url in a minute I am looking for result which will show, number of hits on a URL from a particular IP address in a minute. For exampl... by kasturea Explorer in Splunk Search 09-27-2018 0 1	0	1
How do I pull a stats table where there are blank fields in event data? This is the event data: ls1=INFO ls1Label=Severity ls2=MS SQL SERVER ls2Label=ServerType ls3=Command List ls3Label= c... by reneedeleon Engager in Splunk Search 09-27-2018 0 3	0	3
Splunkd service wont start on Windows Server (handler/weak reference error) Has anyone encountered this error before? Our splunk instance is completely down. 08-10-2018 12:45:50.153 -0700 INF... by jospina2 Explorer in Splunk Search 09-27-2018 0 2	0	2
How to search a field for values that are stored in another field? Hi, Can you please help me with the following case? I'm trying to use the value of a field to search within the valu... by macoo Explorer in Splunk Search 09-27-2018 0 6	0	6
How do you reference a field value as a field to use in a table? So I have a field day_Today=Friday Now I want to use the value of day_Today as a field in my table \| table Date va... by michaelrosello Path Finder in Splunk Search 09-27-2018 0 3	0	3
How to extract data using regex? Hi All, I Have data in below mentioned format. I need to extract value CUP_Used and cup_used using regex and store i... by Shan Builder in Splunk Search 09-27-2018 0 5	0	5
Could you help me with my regex expression? hi I would like to extract the field in bold with a regex: 06/09/2018 - 14:23:01 -- End of installation of ePO (5.0... by jip31 Motivator in Splunk Search 09-26-2018 0 2	0	2
Will you help me with this string to date conversion? I'm struggling to convert this to a Splunk readable format. Sep 18, 2018 17:25:24.870411000 Can you me figure out h... by jiaqya Builder in Splunk Search 09-26-2018 0 4	0	4
How do I combine subtotals and totals in a search query? Is it possible to do this? Should I use appendcol? multisearch? join? Please enlightened me. Scenario: The IP below... by rajyah Communicator in Splunk Search 09-26-2018 0 5	0	5
Ignore empty data point when calculating average I am trying to calculate the average for a few columns and rows but I have came across the following issue. Some rows... by ermosk Engager in Splunk Search 09-26-2018 0 10	0	10
Transactions and reporting multivalue event types Hi all. I'm having trouble expanding a multivalued Transaction into separate fields by their corresponding values. I'... by dmart New Member in Splunk Search 09-26-2018 0 0	0	0

Get Updates on the Splunk Community!

Painting a Clearer Picture: Creating Cross-Domain Visibility with AI Canvas

Thursday, June 25, 2026 | 11AM PDT / 2PM EDT Duration: 1 Hour (Includes live Q&A) Register to ...

Analytics Workspace deprecation

As of Splunk Cloud Platform 10.4.2604 and Splunk Enterprise 10.4, Analytics Workspace is now deprecated. ...

Splunk Developer Day Recap: Building, Publishing, and Growing on the Splunk Platform

Splunk Developer Day brought the Splunk developer community together for a practical look at what it means to ...

Splunk Search

Working on "snoweventstream" in a subsearch - Any thoughts?

How do I cut a string after a certain text and count the results of the string before the cut?

Can you help me with my custom dynamic field extraction?

How do I remove gaps in charts?

How do I search for Chinese characters in Splunk?

How can i get the first event after match a event?

Can you help me with my join query?

How to troubleshoot error "Configuration initialization for C:\Program Files\Splunk\etc took longer than expected (1869ms) when dispatching a search"?

Why can't I find logs under _internal Index when I'm able to see in them in actual Index?

What is the best way to count events and calculate the disk space these events use?

Is it possible to compare equality of two fields at the root search without using | search, | where, or | eval?

How to search for specific text in field without additional text?

Can you help me create a pie chart that would display info from a CSV Lookup file?

How to use a list of values from a table into foreach fieldstr?

I want to see Number of hits from an IP address on a particular url in a minute

How do I pull a stats table where there are blank fields in event data?

Splunkd service wont start on Windows Server (handler/weak reference error)

How to search a field for values that are stored in another field?

How do you reference a field value as a field to use in a table?

How to extract data using regex?

Could you help me with my regex expression?

Will you help me with this string to date conversion?

How do I combine subtotals and totals in a search query?

Ignore empty data point when calculating average

Transactions and reporting multivalue event types

Painting a Clearer Picture: Creating Cross-Domain Visibility with AI Canvas

Analytics Workspace deprecation

Splunk Developer Day Recap: Building, Publishing, and Growing on the Splunk Platform

How to get an extract of threshold values set in s...

how to query OCI Audit logs from Datasafe

SPLUNK ES 8.2.3 Drill Down not appearing

Using Splunk to Analyze Web Traffic & Machine-Gene...

How can i export a list of all services in APM

Splunk Search

Join the Conversation