Splunk Search

Discussions

Thread Info

timechart for multiple, but similar, itemnames

I am attempting to grab data from a set of Items that all have relatively similar names, i.e.: ItemName = LocX_Var...

by Explorer in

How to use "set diff" and "diff" commands to list out new values in a file comparing different days/weeks/months/years?

I have data which add new files every day. I want to compare today's data with previous day/week/month/year data and ...

by Communicator in

How to calculate percentage based on 4 different searches

Hello everyone. Want to display the output only for the time which crosses 18 months (earliest time)

by New Member in

eventcount - spanning over week

I'm attempting to write a search using eventcount command. I want to graph the number of events in my index/sourcetyp...

by Contributor in

Regex on input change

In a dashboard, I have a dropdown input where the user can enter an IP address (customs value). I want to validate th...

by New Member in

How to join using a wildcard?

I have a lookup that contains host names with wildcards. I am trying to do a inputlookup to grab those host names wit...

by Communicator in

How to lump data into two groups by a field for a trendline?

So I have some data which looks similar to this: time="timevalue", name="name", measurement="value" And I have...

by Explorer in

How can I compare two search results in one chart?

I would like to compare the result count of two search queries in one column chart (one column for each query and day...

by Explorer in

How to generate several "chart / over / by" charts for each value X using trellis?

Hello Splunk Community, I'm trying to build a dashboard that dynamically displays several bar charts based on each...

by New Member in

field extraction to value

Some of my log lines include "20180228 034322 : [04936] License threshold of 100% reached. There are 202 of 202 licen...

by New Member in

Event timestamp parsing incorrectly, pls help!

Hi, While loading data, the timestamp that is being loaded is incorrect. For 2nd row in below records, the timesta...

by New Member in

How to change a value at index time

Hiya, simple question here. I want to change the way a value is represented to me after I index, see the following: ...

by Loves-to-Learn in

User defined inputs for a field in splunk

Hi, I have a situation, where user/admin need to verify if the event should be taken into consideration or not. I...

by Communicator in

How to sort the dashboard title on navigation dynamic list?

Hi Guys, I added a dynamic list on an app but the dashboard titles are not in order. How can I make it alphabetica...

by Communicator in

How to remove extra characters from an indexed event?

Good afternoon Is there a way to remove extra characters (\xAF) from already indexed events such as this one: 2...

by New Member in

how to feed search result into "custom search command" and get output from custom search command?

Hi, I have written a custom search command to send whois queries for ip addresses that are resulted from search head...

by New Member in

How to handle gracefully "No Results Found"

Hello, I've the below query. I wanted to know when there're no errors, instead of showing "No Results Found", how can...

by New Member in

Finding difference and percentage from 2 events withe same fields but difference index

I have this query that returns this: Sample event in index=idx_A: year=2018 month=04 day=10 hour=09 event_count...

by Explorer in

need help with showing eval in stats

so I have this query (host=pnr-proxy-prod* OR host=master*.menlosecurity.com* OR host=pnr-webui-prod*) (source=*...

by Path Finder in

Is the "type" field removed from Splunk metrics in 6.6?

So we have this query: index=_internal type=Usage st!=splunk_metrics earliest=-1d@d latest=-0d@d | bucket _time ...

by Builder in

How to create an alert if there are more than 5 login_id(s) associated to any unique sourceIP

I have an app behind a WAF, and I am looking at the WAF logs to see how many unique login IDs are coming from a singl...

by Builder in

Lookup and powershell command

hi i want to use the powershell code below in order to know if the computer ping or not PS C:> Test-Connection -Co...

by Motivator in

how can test my search query to make sure splunk is giving correct output

I want to test the data retrieved by Splunk query. How can I validate the results.

by New Member in

How to find peak time and the low time of the requests with the span of every hour?

Hi Team, I like to find the peak time of the success requests (http_status=200) and also the least time of the reques...

by Engager in

How to create a case statement with NOT LIKE option?

| eval usage=case(like(_raw,"%FirstClass%"),"A_Grade",like(_raw,"%SecondClass%"),"B_Grade",like(_raw,"%ThirdClass%"),...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

timechart for multiple, but similar, itemnames

How to use "set diff" and "diff" commands to list out new values in a file comparing different days/weeks/months/years?

How to calculate percentage based on 4 different searches

eventcount - spanning over week

Regex on input change

How to join using a wildcard?

How to lump data into two groups by a field for a trendline?

How can I compare two search results in one chart?

How to generate several "chart / over / by" charts for each value X using trellis?

field extraction to value

Event timestamp parsing incorrectly, pls help!

How to change a value at index time

User defined inputs for a field in splunk

How to sort the dashboard title on navigation dynamic list?

How to remove extra characters from an indexed event?

how to feed search result into "custom search command" and get output from custom search command?

How to handle gracefully "No Results Found"

Finding difference and percentage from 2 events withe same fields but difference index

need help with showing eval in stats

Is the "type" field removed from Splunk metrics in 6.6?

How to create an alert if there are more than 5 login_id(s) associated to any unique sourceIP

Lookup and powershell command

how can test my search query to make sure splunk is giving correct output

How to find peak time and the low time of the requests with the span of every hour?

How to create a case statement with NOT LIKE option?

.conf25 Community Recap

Splunk App Developers | .conf25 Recap & What’s Next

Congratulations to the 2025-2026 SplunkTrust!

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions