Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
JelianeL

how to sum 2 fields of value

Hi, if I have: 2012-10-16T03:27:05+0000, cCount:0 , lCount:17, in an event. How can I cCount + lCount = totalCount?...
by JelianeL Explorer in Splunk Search 09-05-2018
0 11
0
11
cabowman

With a full list of class C IPs, how can i get Splunk to show me how many VLANs are in the data?

We are searching new environments monthly this means we are blind going in. I can get Splunk to stat out a total list...
by cabowman Engager in Splunk Search 09-05-2018
0 5
0
5
hrithiktej

Splunk has found 10 orphaned searches owned by 5 unique disabled users.Click to view the orphaned scheduled searches. Reassign them to a valid user to re-enable or alternatively disable the searches.

Splunk has found 10 orphaned searches owned by 5 unique disabled users.Click to view the orphaned scheduled searches....
by hrithiktej Communicator in Splunk Search 09-05-2018
0 3
0
3
WXY

How do I convert year, month, day, hour, minute, seconds to seconds?

Now, I want to get the time interval For example: between 2018/5/31 8:25:45 and 2018/5/31 8:25:47 ,the time interva...
by WXY Path Finder in Splunk Search 09-04-2018
0 1
0
1
apple143

Is there any difference between top and stats in tstats?

I could see the same result in index=* ~~~ | top abc index=* ~~~ | stats count by abc | sort -count (ignore percent c...
by apple143 Engager in Splunk Search 09-04-2018
0 2
0
2
fuwuqi

How do I create a rolling time window which counts forward and backward?

Given a dummy index/data consisting of the following fields: sku_number customers_id date_purchase ------...
by fuwuqi Engager in Splunk Search 09-04-2018
0 1
0
1
anzianojackson6

Can someone help me with a regex that transforms nullQueue before specific date?

I've got data coming in (Dropbox). This is pulled with the TA via REST API. I can't use the ignoreOlderThan in inputs...
by anzianojackson6 Explorer in Splunk Search 09-04-2018
0 4
0
4
chowell

regex wimp

I have this in a transforms.conf file on one of my forwarders. My goal is to drop everything from either of the IP's,...
by chowell Explorer in Splunk Search 09-04-2018
1 2
1
2
landen99

Why does adding a table command after transaction result in no results found?

| inputlookup id_test.csv | reverse | eval _time=now()| transaction Col_A startswith=(Col_C=yes) returns result...
by landen99 Motivator in Splunk Search 09-04-2018
0 2
0
2
dreeck

combining fields from two log entries which have a common id that is named differently

Base, How can I combine two log entries that share a common ID when the field name of the ID is different between b...
by dreeck Path Finder in Splunk Search 09-04-2018
0 2
0
2
jbethmont

How to chart a list of key/value pair fields only if a condition matches?

Hi Splunk'az, I have events composed of 64 key/value pairs that are being extracted into fields at indexing time: ...
by jbethmont Explorer in Splunk Search 09-04-2018
0 6
0
6
jgr_26

To find number of days between two dates

Please give a solution to calculate the number of days between two given dates.. Regards Govind.
by jgr_26 Engager in Splunk Search 09-04-2018
0 9
0
9
sangs8788

How to sort the month when using the field in chart over command?

Hi Below is a query which returns the latency over month by cust_id. Events contain fields as month=April, month=May...
by sangs8788 Communicator in Splunk Search 09-03-2018
0 1
0
1
bishtk

What's the output of the following eval and now() function query?

Hi All, Could you please help me here in confirming what would be the output of the below eval command? "eval age =...
by bishtk Communicator in Splunk Search 09-03-2018
0 7
0
7
sajjadkernel

show one instance of an error (out of many errors coming repeatedly) from a given time

I am getting many errors while just writing keyword error when searched from a single log file like Retrying connecti...
by sajjadkernel Engager in Splunk Search 09-03-2018
0 3
0
3
anantdeshpande

Can you help me build a KVStore record deletion query?

hello, Short background.. One of the application populates some ids for deletion of multiple types like type A, B...
by anantdeshpande Path Finder in Splunk Search 09-03-2018
0 0
0
0
tonniea

Process delayed - Could you suggest a way to speed up our search?

We have a search with some subsearches that runs for about 40 seconds. "This search has completed and has returned 1...
by tonniea Explorer in Splunk Search 09-03-2018
1 0
1
0
RiccardoV

set a column's max-width in a chart

Hi, I have a JSChart like this and I want to set a max width for graph's column. I want to avoid this huge column whe...
by RiccardoV Communicator in Splunk Search 09-02-2018
3 6
3
6
codymoore

How do I search for users logging into our Splunk server remotely?

We had a user log in remotely either with ESXI, with a VM, with Remote Desktop or with the command prompt using SSH. ...
by codymoore New Member in Splunk Search 09-02-2018
0 2
0
2
shayhibah

How to create a static column in a table?

I would like to create one column with labels that should not be changed. For example: column title: my_own first r...
by shayhibah Path Finder in Splunk Search 09-02-2018
0 3
0
3
svchnik

How to count the number of events by types that occurred during each period of time

How to count the number of events by types that occurred during each period of time (for example, yesterday and the d...
by svchnik New Member in Splunk Search 09-02-2018
0 2
0
2
rtev

Why are events not sorting in Chronological Order with a basic search?

Today, I noticed that, when performing a basic search, the events are not sorted chronologically. Additionally, not a...
by rtev Path Finder in Splunk Search 09-01-2018
1 8
1
8
samsam48

How to perform targeted searches on rex fields?

I have some unstructured events, and I've been using rex field to create a variety of fields to better organize ever...
by samsam48 Explorer in Splunk Search 08-31-2018
0 5
0
5
nqjpm

Comparison and condition function help. Multiple If, case or like statements in search

index=foo | eval Compliant=case(like(AppVersion,"14.12%"), "OK", like(AppVersion,"14.11%"),"OK" , like(AppVersion,"14...
by nqjpm Path Finder in Splunk Search 08-31-2018
0 2
0
2
bravosec1

How to speed up my old correlated threat intel search using tstats & datamodel accelerations?

Hello Splunker> I would like to convert my old correlation search which used the join function below:- index=main sou...
by bravosec1 New Member in Splunk Search 08-31-2018
0 3
0
3
Top Labels
Get Updates on the Splunk Community!

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...

Upgrade Prep for 10.4, Network Observability Deep Dives, and More from Splunk Lantern

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...

Splunk Developer Day announcements: AI agents, MCP tools, Forecasting, and Custom ...

Splunk Developer Day was packed with product and platform updates for developers building in the AI ...