Splunk Search

Discussions

Thread Info

How to shorten the length of a value in a table column?

I have a search that produces a table of results. Some of the text values for the first column are too long and it pu...

by Path Finder in

Why is Splunk combining several log lines into one event, and how do I search within these multiline events to get accurate count results?

We're trying to count the number of times a particular call is made to a service. To do that, we're logging a log lin...

by New Member in

Join two searches together and create a table

I have two searches that I want to combine into one: index=calfile CALFileRequest.TPID=* CALFileRequest.SSN=* CALF...

by Communicator in

How to write a search and alert if any indexers are down?

Hi, We have 4 indexers and we need to write a search and set up an alert if any of the indexers is down. Can so...

by Path Finder in

How to use the average of a field as a search parameter to filter results?

Hey guys. I want to search not standard hosts from witch users login at server. For example: user1 - 20 logins ...

by Communicator in

Field Extraction help!!

Hi , We have sample data like below and need to extract these fields: "GB*2" with field value as "NC-MEDICAL" and ...

by Path Finder in

How to write the regex to extract this IP from my data?

Hello Team, I have the below log details and I need to extract only the IP that comes after /. Id remains same for...

by New Member in

How to search for any source IP addresses that have more than one result and sourcetype within a 5 minute period?

I'm trying to run a search on search results. The first search would bring back various logs and sourcetypes. I want ...

by New Member in

Clustered search heads not seeing data from clustered indexers

We are building a single-site pilot environment with the following layout: 1 x Deployment and License Manager 3 x ...

by Path Finder in

Why is the timechart avg function showing the value from last event instead of average for the selected time range from the time picker?

Hello all, I have another issue with timechart, stats, and timepicker. I have the search below that needs to pull ...

by Path Finder in

capturing ping results

Hi, my requirement is to write a script which can execute ping command and check the results on Splunk search Can I c...

by Explorer in

How to edit my search to return events where Field2 has both values 'foo' AND 'bar' in multivalue Field1?

I have events in which Field1 contains multiple values, but I only need to look for two values (foo AND bar) and tie ...

by Influencer in

How to extract the timestamp for events from the file name?

Hi all, May I know please if it possible to poll events timestamp from File name, and if it's, possible how to do ...

by Explorer in

Why is some data not displayed when the search time range is greater than 30 days?

If I'm looking at Last 30 Days of data for one event and doing a timechart, a couple of days come up with 0 as result...

by Super Champion in

Can I perform a lookup on 1 lookup field AS 2 existing fields?

Hello, I have two existing fields: mailto, mailfrom. I also have a lookup with 2 fields: Mail and Country I wou...

by Contributor in

How to search for data per month, but only within a certain time frame (07:30 - 12:00)?

I would like to extract data per month, but only within a certain time frame. Say: Extract all data from January,...

by New Member in

How to create a timechart using a root search with data models and pivots?

According to the documentation here, http://docs.splunk.com/Documentation/Splunk/6.0.2/Knowledge/Designdatamodelobjec...

by Builder in

Help with props.conf changes

link textHello Experts, Attached is the sample JSON file which I am trying to upload to Splunk.I have uploaded it ...

by Builder in

How to insert rows with eval calculated fields in a time series table?

I have a set of time series data that looks like this: Date Type Data ================== 12 A 1 12 B 2 1...

by Communicator in

Splunk Java SDK: Why does "Export Search" return significantly fewer results than an identical search in Splunk Web?

I've been experimenting with a number of different settings, but here are my current search args: JobExportArgs se...

by New Member in

How to configure Splunk to extract event timestamps from 3 different fields in each log?

Hello everyone, I have a problem with my timestamp fields. Splunk doesn't recognize the timestamp because it comes...

by Explorer in

Sort table in a specific order? Sample from Splunk does not work?

Sample given from Splunk: ... | eval wd=lower(Day) | eval sort_field=case(wd=="monday",1, wd=="tuesday",2, wd==...

by Path Finder in

How to sort a time field in a 12hr time format (AM/PM)?

How do I sort a column of time in 12 hour format with AM / PM on the end? I have tried using eval with the _time fiel...

by Explorer in

How to replace a value in a multivalue field?

I am trying to report on user web activity to a particular category as well as list the URLs in that category. I have...

by Explorer in

How do I edit my search to get the sum for an eval calculated field?

I am trying to add to the search below so that I can get a cumulative total of the elapsed time calculation. I want o...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to shorten the length of a value in a table column?

Why is Splunk combining several log lines into one event, and how do I search within these multiline events to get accurate count results?

Join two searches together and create a table

How to write a search and alert if any indexers are down?

How to use the average of a field as a search parameter to filter results?

Field Extraction help!!

How to write the regex to extract this IP from my data?

How to search for any source IP addresses that have more than one result and sourcetype within a 5 minute period?

Clustered search heads not seeing data from clustered indexers

Why is the timechart avg function showing the value from last event instead of average for the selected time range from the time picker?

capturing ping results

How to edit my search to return events where Field2 has both values 'foo' AND 'bar' in multivalue Field1?

How to extract the timestamp for events from the file name?

Why is some data not displayed when the search time range is greater than 30 days?

Can I perform a lookup on 1 lookup field AS 2 existing fields?

How to search for data per month, but only within a certain time frame (07:30 - 12:00)?

How to create a timechart using a root search with data models and pivots?

Help with props.conf changes

How to insert rows with eval calculated fields in a time series table?

Splunk Java SDK: Why does "Export Search" return significantly fewer results than an identical search in Splunk Web?

How to configure Splunk to extract event timestamps from 3 different fields in each log?

Sort table in a specific order? Sample from Splunk does not work?

How to sort a time field in a 12hr time format (AM/PM)?

How to replace a value in a multivalue field?

How do I edit my search to get the sum for an eval calculated field?

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Splunk App Dev Community Updates – What’s New and What’s Next

The Latest Cisco Integrations With Splunk Platform!

MLTK - What algorithm should I use?

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions