Splunk Search

Discussions

Thread Info

search to find users that worked most events

i want to know who worked the most splunk events per day. We have corelation searches that fire on specific use cases...

by Explorer in

How to Eval urldecode and then regex?

I have some URL encoded logs. ...| eval decoded_raw = urldecode(_raw) how would I write a rex to find any deco...

by Builder in

subtraction of timestamp from two search

i would like to calculate response time by extracting timestamp from two different search then subtracting Response=S...

by New Member in

How to calculate concurrent operations on a server in a timechart?

Hi, I'm trying to show the concurrent number of 2 operations(eg, data 'export', and data 'import') on a server in ...

by New Member in

How to count the number of alerts with various time ranges and displays, together?

I want to create a visualization that shows the number of sales in the last 1, 2, and 7 days all within the same visu...

by Builder in

Unable to use regex to index logs

Hi, I wish to configure splunk forwarder to pick logs from a directory that match any of the below patterns. Essentia...

by Observer in

How to populate a column that generates time difference for the results which are generated from a stats command?

I have this query. index=azure Operation=UserLoggedIn user!=Unknown|sort - _time | iplocation ClientIP | eval T...

by New Member in

TimeChart implemention over two grouping

i have log file as below need to calculate Execution time for each events and dispay data by grouping with Errorcode ...

by New Member in

Splunk freezing for other users when doing large base search.

Hi Other users are unable to open splunk screens for up to 1 minute while one user is running a large base search?...

by Influencer in

Process end with load job

I have modified the xml of my dashboard in order to load some data directly form the results of the process related t...

by New Member in

item and time column lookup help

I have several rows of a CSV lookup Name,00:00,00:15,00:30 test1,A,A,A test2,A,N,N I want to matchup _time with th...

by Builder in

How to write a query to show the top performer (Single Value)?

Hello All, I want to write something that shows a single value with the below data Customer M 5 Units Customer N 15 U...

by Communicator in

Stats Values Multisearch

Hi, I wonder whether someone could help me please. I'm using the following join query which extracts the data perf...

by Motivator in

When creating an app, how to configure it that after the install, "Restart Required" dialog would be displayed?

I am creating an app which is using a lookup file. That lookup file is populated by a saved search with this setting ...

by Contributor in

Date parsing incorrect

I have logs from two Unifi switches. One parses the date just fine, the other gets the year messed up, but parses the...

by Path Finder in

round function doesn't work with timechart but does with table

This following doesn't work. I don't see the decimals limiting to two digits. | eval n=round(var5,2) | timechart span...

by Contributor in

How to round up a number and avoid infinite zeros?

I am trying to round UP numbers one decimal to the left whenever its, for example: 10510 ---> 11000 10499 ---> 10000 ...

by Ultra Champion in

How to input the value of key from the second search result in the "in" clause of "where" of the first search?

HI I want to write a query like this index=* "searchString1" | where in ([search "searchString2" | field key]) ...

by New Member in

Keep specific events and discard the rest (PART 2)

Hi, I followed previous instructions and successfully was able to keep only ERROR and WARN logs and "discard the ...

by Builder in

How to find difference between (Today's logins) and (Average logins of that particular week day for last 30days) by hour?

I need to calculate difference between (TodayLogins-AverageLogins of that particular weekday). For that I have calcul...

by New Member in

How to remove empty buckets in timechart

When I plot a timechart, there are some empty buckets, which causes a gap in my graph. This happens if I have no data...

by Contributor in

rex help??

hi.. how can i tell splunk to pick the first occurence of regular expression from a single event.i have written a ...

by Motivator in

Splunk forwarder log monitoring for unspecified stanzas

Hello, can i please whether the splunk will monitor the logs which are not absolutely specified . For example , i ...

by New Member in

Is the append command's default maxout=50000 also the maximum limit, or can I override this with a larger number?

Using an append command, it seems I can successfully set the maxout to a number less than 50000, but not increase it ...

by Path Finder in

i need and when a splunk agent goes down or stops

i have 30 servers, out of which I want to monitor splunk agents of only 4 servers i have the following query. i...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

search to find users that worked most events

How to Eval urldecode and then regex?

subtraction of timestamp from two search

How to calculate concurrent operations on a server in a timechart?

How to count the number of alerts with various time ranges and displays, together?

Unable to use regex to index logs

How to populate a column that generates time difference for the results which are generated from a stats command?

TimeChart implemention over two grouping

Splunk freezing for other users when doing large base search.

Process end with load job

item and time column lookup help

How to write a query to show the top performer (Single Value)?

Stats Values Multisearch

When creating an app, how to configure it that after the install, "Restart Required" dialog would be displayed?

Date parsing incorrect

round function doesn't work with timechart but does with table

How to round up a number and avoid infinite zeros?

How to input the value of key from the second search result in the "in" clause of "where" of the first search?

Keep specific events and discard the rest (PART 2)

How to find difference between (Today's logins) and (Average logins of that particular week day for last 30days) by hour?

How to remove empty buckets in timechart

rex help??

Splunk forwarder log monitoring for unspecified stanzas

Is the append command's default maxout=50000 also the maximum limit, or can I override this with a larger number?

i need and when a splunk agent goes down or stops

Can’t make it to .conf25? Join us online!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!