Splunk Search

Discussions

Thread Info

Dedup on data model aftet tstats shows the older event, not the newest

I have a tstats query that pulls its data from an accelerated data model. I need to grab only the most up to date hos...

by Builder in

Why do my post-process timecharts display bad results

Hi I need to use a post process search for displaying a timechart Here is my id configuration <search ...

by Builder in

Warning in internal log: unable to parse site_label

I recently noticed a huge amount of warnings in the _internal logs for our search heads. events are all like this: ...

by Explorer in

Search time field extractions with backslash not showing up

Hello Splunk Wizards, I know there are plenty of people who've had similar issues, but I haven't been able to use t...

by Engager in

Best Way To Storing Predicted Values

I want to use predicted values in my search and apply them to a time chart. What would be the best way to store these...

by Contributor in

find value of fields after performing a regex to split a existing field delimited by a pipe

i have a field value with the following numbers = 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 |12 i would like to...

by Path Finder in

How to join search and use join ?

First Event INFO | 2021-10-18 05:17 AM | BUSINESS RULE | Payload for ID#: 40658606156551247672591634534230307 with ...

by Explorer in

Read error when exporting to CSV file

Hey all, I hope this is the correct board for this question, but I am having an issue when I try to export a search...

by Engager in

How to add tooltip for radio buttons?

Hi, I have a radio button with 3 choice values. When any of the radio button is clicked or hovered it should show m...

by Contributor in

help to write the request correctly

Hello guys!! help to write the request correctly. otherwise I don't understand how to do it right file.csv user...

by Path Finder in

Find change in installed antivirus software version

Starting our journey into Splunk and need some help. I am trying to send and alert when a new version of antivirus ...

by Engager in

Display all the results of two searches.

Hi Experts, I am running two searches by combining them with appendcols.But the final result is the common fields o...

by Explorer in

Forcing Results Into a Pie Chart and Calculating Percentages In a Table - From the Same Query

I have a video player that logs the following: Video Starts - When a user clicks play and the first frame of the v...

by Explorer in

Slow search when using field "host"

Hi everyone, I have strange Splunk behavior regarding one of the indexes but first a little bit of background: En...

by Observer in

Aggregate only some results

I'll probably find my solution finally but if someone has something at hand, I'd be grateful for sharing  I ha...

by Motivator in

help on base search

hello I try to use a base search between two single panel the first single panel is on the last 24 h and the seco...

by Builder in

How to get subsearch to return a result which is NOT EQUAL to the returned value?

Hi there, currently I am comparing data from two data sources and have achieved some great comparisons in which my su...

by Communicator in

Extract Log Data

Hi Team, I am pulling hair to figure out a query to extract data into a table with following information. stoppi...

by Engager in

Search query for showing Connection attempts per user to same Destination

Hello All,I have a query that searches the Windows Security Logs and shows results in the following format using a st...

by Path Finder in

extract data from xml input file

Hi all, I have a xml file as below. <?xml version="1.0" encoding="UTF-8"?> <suite name="abc" timestamp="20.08.202...

by Path Finder in

Splunk Search

Discussions

Dedup on data model aftet tstats shows the older event, not the newest

Why do my post-process timecharts display bad results

Warning in internal log: unable to parse site_label

Search time field extractions with backslash not showing up

Best Way To Storing Predicted Values

find value of fields after performing a regex to split a existing field delimited by a pipe

How to join search and use join ?

Read error when exporting to CSV file

How to add tooltip for radio buttons?

help to write the request correctly

Find change in installed antivirus software version

Display all the results of two searches.

Forcing Results Into a Pie Chart and Calculating Percentages In a Table - From the Same Query

Slow search when using field "host"

Aggregate only some results

help on base search

How to get subsearch to return a result which is NOT EQUAL to the returned value?

Extract Log Data

Search query for showing Connection attempts per user to same Destination

extract data from xml input file

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!

Learn More or Register Now >

Best Way To Storing Predicted Values

extract data from xml input file

Saved Search: Could not find variable in Argument ...

Install MS SQL TA to convert and Ingest SQL trc b...

tstats with count() works but dc() produces 0 resu...

Splunk Search

Discussions

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too! Learn More or Register Now >

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!

Learn More or Register Now >