Splunk Search

Thread Info

How to create a table that has values summed up by the column?

I would like to manipulate it to look like this:

by Path Finder in

How do I calculate the date difference for two timestamps other than _time and exclude weekends?

Hello, I have two timestamps , both are NOT _time. Received Date - 09/10/16Processed Date - 09/14/16 I need to ...

by Explorer in

Log sources not reporting in 24 hours

anyone have an idea on how to write up a search that will provide details on which logsource stopped reporting for th...

by Path Finder in

Efficient Lookup Table Search for each Field, Combine Results?

I'd like to run a search for each host in a list but only return the top result for each host. In a search, it could ...

by Path Finder in

Merging two distinct Splunk into one

Hello, Let's say the company has two departments that used Splunk independantly, and now they want to merge them t...

by Explorer in

iterate over extracted value from field and then print it

Dear splunkers , I have one field in which there is value like net = 192.168.128.0/24, from this field value pair ...

by Communicator in

How can i calculate datetime Difference between two datetime values.

Begin date - 2018-05-02 22:00:23.235371 End Date - 2018-05-02 22:01:33.815546 Expected Result should be - 70

by Engager in

Schedule search to run one time only

I want to schedule a search so that it can be manually set to run without repetition during non-business hours when t...

by Motivator in

Timezone conversion issue Raw Text Data (UTC) to Splunk Index (EST)

I am sure this question is asked numerous times and there are number of answers around this but for some reason its n...

by New Member in

Entering earliest and latest time for backfill summary search. What is the format?

I'm having trouble figuring out the proper syntax for specifying an exact date/time for my summary backfill search. F...

by Champion in

Extract field value

Hello, Could anybody assist with this question - what method is the best to extract to new field value of "animal"...

by Engager in

How to break events in this scenario

Here is a subset of my log file. This content appears for an App named App-1, but it just repeats in my log for aroun...

by New Member in

How to convert epoch to H:M:S?

Hi Guys, I have the below time formats that I converted to epoch to get the difference. START - "04-30-2018 16:17...

by Communicator in

Multiselect values as table input?

I have a multiselect dropdown. I also have a stat table which utilizes a KVstore. I want the multiselect values to fi...

by Communicator in

Query to filter logs based on the condition

I have host=abc_cloud_aws_dev host = abc_cloud_aws_qa Here is my basic search string index=myindex host=abc_cloud...

by New Member in

Total foreach Row

I have a query that shows me the type of operations someone has performed but I would also like to sort by the total ...

by New Member in

Multivalue fields- Count Values that match a value in multi value field

Hello SPlunk team, my base query returns something like the table below . I need to find the count of all intents tha...

by New Member in

Why is search in index not displaying results that are present but displaying when searching for more data?

I've got a problem and part of that problem is I'm not sure how to search for the solution. Using Verbose search ...

by Path Finder in

How to get average, max TPS by Method

Hi, I am looking for splunk query which can give average, max and 90th percentile value of transactions per second...

by New Member in

How to compare multiple sourcetypes?

Hello, In one index I have multiple sourcetypes. I want to be able to compare the values between these sourcetypes...

by Explorer in

creating table with different stats command

Hi All, Is it possible to combile the stats from different queries in a single table or string. If I can create a ...

by Communicator in

How to create an area chart from CSV with multiple data series?

Hi, I just started using Splunk and find it to be a very powerful tool but I don't seem to be able to create an Area ...

by New Member in

How do you group by day without grouping your other columns?

I am trying to produce a report that spans a week and groups the results by each day. I want the results to be per us...

by Explorer in

Remove colons from a number

I'm looking to get rid of the numbers and colon before the larger one in the middle, and after I have 1:31705:...

by Explorer in

See what time range users search

I want to write a query to see what time range users are using in their searches. e.g. 90% of searches use the last 2...

by Path Finder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

How to create a table that has values summed up by the column?

How do I calculate the date difference for two timestamps other than _time and exclude weekends?

Log sources not reporting in 24 hours

Efficient Lookup Table Search for each Field, Combine Results?

Merging two distinct Splunk into one

iterate over extracted value from field and then print it

How can i calculate datetime Difference between two datetime values.

Schedule search to run one time only

Timezone conversion issue Raw Text Data (UTC) to Splunk Index (EST)

Entering earliest and latest time for backfill summary search. What is the format?

Extract field value

How to break events in this scenario

How to convert epoch to H:M:S?

Multiselect values as table input?

Query to filter logs based on the condition

Total foreach Row

Multivalue fields- Count Values that match a value in multi value field

Why is search in index not displaying results that are present but displaying when searching for more data?

How to get average, max TPS by Method

How to compare multiple sourcetypes?

creating table with different stats command

How to create an area chart from CSV with multiple data series?

How do you group by day without grouping your other columns?

Remove colons from a number

See what time range users search

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...