Splunk Search

Discussions

Thread Info

Is it possible to search a word existing in all the searches of Splunk just like we do in other IDEs?

I have multiple searches in splunk which use the same lookup table. Is it possible I can check among all the searches...

by Path Finder in

Lookup - How to compare and remove events from the search?

I need to remove a list of servers from my search. This list changes once a month so I thought of using a lookup tabl...

by Path Finder in

Events older then 30 days

The following is a sample entry from a splunk index... lastOccurrence=2012-06-25 18:42:38.0|firstOccurrence=2012-0...

by Contributor in

What is the order that executes in query when I use both AND, OR in splunk query?

I have two different queries like below Query 1 :- field_1!="A" AND field_2="B" OR field_1!="A" AND field_2="C"...

by Builder in

How to extract the last underscore part of a field?

I have a value a_b_c. How do I extract the last '_' item. So in this case it'd be 'c'. The number of of underscores i...

by Communicator in

Can you cache report results and use them towards another search?

I need to be able to compare report results over the period of a time. The report itself takes minutes to run for a 1...

by New Member in

search showing times when raw events were 0

Looking to do a search which shows start time and end time when _raw events were 0 over a say 24hr period. Trying ...

by Path Finder in

Deployment architecture

I have I want to send windows logs through heavy forwarder to indexer. on windows server, I install universal for...

by Communicator in

How can I look back 7 days from when an event occurred?

Hey Guys, I have a daily report that is showing the # of orders planned and completed for the day. However, someti...

by Communicator in

How does Hunk search data from Hadoop?

Can someone please explain in simple layman terms how Splunk SEARCHES Hadoop Data? I understand it doesn't store them...

by Communicator in

Converting smiv1 to smiv2 , cant find module

Hi i am having difficulties on doing this one , can someone tell me what should i need to do to make it fix . As i c...

by Builder in

How can I get the graph that only displays percentage when using timechart?

I have a query below that is showing "PriceChangeCount", "Total" and "PriceChangeRate" in graph, How can I get the gr...

by Explorer in

Why do I see a count difference running a saved search via Splunk REST API call and running the search manually?

When I run a saved search via Splunk REST API call, I get a count which is entirely different when iI run the same se...

by New Member in

Compare daily search results against expected table

Hello, So I may be the victim of my own good deeds. Built an input form for the Infrastructure team to enter their...

by Path Finder in

Keep specific events and discard the rest

How to filter sets of monitored logs with HF? Hi, I have a number of logs files monitored by UFs and sent to a...

by Builder in

Tstats - What factors come into play when deciding to put a field in the beginning or after the GROUPBY section?

When analyzing different tstats commands in some apps we've installed, sometimes I see fields at the beginning along ...

by Explorer in

I have a problem in creating regex for below expression?

expression: 2018-02-2008:13:44|ABC1034|Sumit Martin|0|147707|Amit|SURESH||19490616|M|2030 SQ 16 PERRA|ABC E-212|INDIA...

by Path Finder in

csv file size limit for inputs

is there a file size limit for csv files for inputs ? it seems we have issues indexing a csv file which is over 250MB...

by Builder in

Create output[Site Down] by comparing two hosts that match a field down

I'm trying to create a search that will look at hosts over a period time E.G 1 week within period of time(10 - 30 min...

by New Member in

How to get the event details between two different dates?

I have a splunk log in the following format: INFO com.tmobile.sfdc.reports.batch.listener.OrderJobListener - ORDE...

by Path Finder in

how to re-arrange the column values to corresponding rows in table

Hi All, i have created the table & table is in below format... i need to display the table like below forma...

by New Member in

Feels like "return" command should support argument of 0 (all). Thoughts?

When performing subsearches using the return command, I am often disgusted with myself for employing a not-future-pro...

by Builder in

Why is sort order skewed with use of table command?

Any idea why the sort order (of time) is skewed with use of the table command? Seems like, to reduce repetitive s...

by Builder in

How to convert hex timestamp value to index in Splunk

Hi , I have the below data to index into splunk Can you advice how can i decode the hex timestamp below (5A814...

by Explorer in

joining tables miss some values

hi, i have 2 tables to join and when i am using outer join, i am able t join 2 tables but not able to join all the va...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Is it possible to search a word existing in all the searches of Splunk just like we do in other IDEs?

Lookup - How to compare and remove events from the search?

Events older then 30 days

What is the order that executes in query when I use both AND, OR in splunk query?

How to extract the last underscore part of a field?

Can you cache report results and use them towards another search?

search showing times when raw events were 0

Deployment architecture

How can I look back 7 days from when an event occurred?

How does Hunk search data from Hadoop?

Converting smiv1 to smiv2 , cant find module

How can I get the graph that only displays percentage when using timechart?

Why do I see a count difference running a saved search via Splunk REST API call and running the search manually?

Compare daily search results against expected table

Keep specific events and discard the rest

Tstats - What factors come into play when deciding to put a field in the beginning or after the GROUPBY section?

I have a problem in creating regex for below expression?

csv file size limit for inputs

Create output[Site Down] by comparing two hosts that match a field down

How to get the event details between two different dates?

how to re-arrange the column values to corresponding rows in table

Feels like "return" command should support argument of 0 (all). Thoughts?

Why is sort order skewed with use of table command?

How to convert hex timestamp value to index in Splunk

joining tables miss some values

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions