Splunk Search

Discussions

Thread Info

Average command vs count and average command

Maybe im just bad in mathematics. but why does splunk docs always take the count of events and then the avg of events...

by Communicator in

Add a blank row in the table

I have a search which would give me a table of results and at the end the total count of columns. I want a blank line...

by Path Finder in

Source Workstation shows random IP

Hi there, I'm looking into why one of our users is getting locked out, but when I run a search to try to find out the...

by New Member in

how to Configure positional timestamp extraction in log using RegEx?

hi All, Am trying to extract the time stamp inside event as index time. We have similar sourcetype of logs from 4 ...

by Explorer in

Help with ending search for rex expression

Hi All - I am using the below query index=ABC "XYZ"| rex field=_raw "\"code\":\"(?.*)\"" | stats count by errorcod...

by Explorer in

Calculate totals and then sort based on a field and separate out results

accountId: 12345678 action: Test publishId: 123 or 456 tile: Tile1 How can I get this result: [accountID that has...

by New Member in

Insert a heading between rows and customise it.?

How can I add a heading between two rows , my each row on dashboard has three panels . and can i customize it ?

by New Member in

Mimecast for Splunk not showing Target Threat Protection Data

Hello, We've had the Mimecast for Splunk v2 running in our environment for almost a year now and most of the data ...

by Communicator in

Separate out results based on wildcard field

...search | stats count(tile) as launches by tile publishId | sort -"launches" accountExId: 12345678 publishId: 63...

by New Member in

Calculating distinct counts with multiple conditions

I am trying to compute distinct counts of a field based on multiple conditions. Can anyone please help with the calc ...

by Explorer in

how to get the list of non matching values of lookup with search?

I have a search which will give list of a values for field A and I have a look up which has values for the same Field...

by Builder in

Searches running in Batches and needs to be triggered once the previous search is completed

i am creating various reports which are schedule on cron expression but i wanted to see if there is any possibilites ...

by Path Finder in

Timechart /chart

I'm looking to have line chart, which shows AccountID , Username and duration, how would put this with timechart char...

by New Member in

substr result

Hi, I'm trying to use substr to extract the first 4 characters of my result (perc_err_test1 & perc_err_test2), bu...

by New Member in

sort csv by current dates

I want to sort out a csv but it not working tried ......| fields Date,count | stats by Date,count | eval Date=str...

by Explorer in

Splunk show duplicate event but there is only one

Hello I'm monitoring a directory with splunk when i search for those events it shows me by example the field id wi...

by Explorer in

Bring the last source of the index

good morning Currently, for monitoring purposes, it is necessary to validate the states of certain indexes, and...

by Path Finder in

Mathematical calculations on rows based on grouping

This is my table that I have extracted with the help of this query: index=auto_adv_txn_preprod source=cap ( alfaws...

by New Member in

System eventtypes "internal_search_terms", "splunkd-access", "splunkd-log"

Hello, I want to limit the access for some external users to all eventtypes. There are 3 system-default-eventtypes...

by New Member in

Using list in query fails to return records

Hi All I have data in the below fomat Market=UK, Question=Where do you live, Answer=London Market=USA, Questio...

by Path Finder in

Filter values in timechart for eval method

Hi, This is related to the question asked earlier link: [https://answers.splunk.com/answers/643007/timechart-query-wi...

by Path Finder in

Help with events data!

I have this code bellow and i want to just keep with lines of when my Virtual Machine changed Cluster ou VMhost. O...

by Path Finder in

Conceptual sourcetype renaming

Hi Experts, I am looking for best practices on how to conceptually, systematically and with minimum efforts and r...

by Contributor in

Transpose and Timechart

Hi, I wonder whether someone may be able to help me please. I've put together the following query which works but ...

by Motivator in

Renaming field name having #

How can I rename a field name starting with # in Splunk search tab? For example: field name I have "#client Name" an...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Average command vs count and average command

Add a blank row in the table

Source Workstation shows random IP

how to Configure positional timestamp extraction in log using RegEx?

Help with ending search for rex expression

Calculate totals and then sort based on a field and separate out results

Insert a heading between rows and customise it.?

Mimecast for Splunk not showing Target Threat Protection Data

Separate out results based on wildcard field

Calculating distinct counts with multiple conditions

how to get the list of non matching values of lookup with search?

Searches running in Batches and needs to be triggered once the previous search is completed

Timechart /chart

substr result

sort csv by current dates

Splunk show duplicate event but there is only one

Bring the last source of the index

Mathematical calculations on rows based on grouping

System eventtypes "internal_search_terms", "splunkd-access", "splunkd-log"

Using list in query fails to return records

Filter values in timechart for eval method

Help with events data!

Conceptual sourcetype renaming

Transpose and Timechart

Renaming field name having #

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions