Splunk Search

Discussions

Thread Info

Help with Dashboarding

Hello, Here is the whole context and question: https://community.splunk.com/t5/Splunk-Search/Aggregate-query-help...

by Engager in

specifying field in Field Extraction

in search, w/ rex command I can specify which field I want to apply the Regex as following example| rex field=event "...

by New Member in

Search a two messages from 6 hosts and show top 6 results

Hi I am trying to search two strings in message like "Stopped successfully" and "connected" from 6 host names. Pl...

by New Member in

How do I implement multiple rename commands based on user input

I have a single algorithm with 2 methods. Each method produces the same type of data but with different fields names ...

by Explorer in

Multiple Rows into one row with primary key

Hi, I have data that looks like this (as you can see user_id 9 has filled numerous rows). This is just a csv inges...

by Engager in

Dynamically Change panel background color based on returned value (no js possible)

Hi. First, I've been using this forum for a few months now as I'm new to Splunk. Thanks to all the contributors ...

by Engager in

Combine two stacked bar charts side by side

Hi All, I have a use case to align two stacked graphs side by side. So, there are 4 columns with values for any pa...

by New Member in

Firewall logs

sourcetype=cp_log action!=Drop OR action!=Reject OR action!=dropped I am socked ,when i am searching with above q...

by Engager in

csv lookup for search query based on continuity and 7-day condition

Hi Splunk Experts, I wonder if you could help me putting the below logic in to a search query? Here the link ref...

by Explorer in

how to set limit

Hello Experts, I am new to Splunk and trying to build basic queries in Splunk to build use cases. Currently I am wo...

by Explorer in

How can I display values of a common field occurring in two different event ID's?

There are various event codes like eventID = "123" , eventID ="456", eventID = "789" . There are some "appID" field...

by New Member in

Aggregate query help

Hi Team - I am trying to first search and then aggregate results from following Splunk logs: Raw format: "build...

by Engager in

How do I get Spunk to parse the events returned by a custom generating command?

I have a custom generating command that returns events to Splunk, however those events are not parsed, so the kv data...

by Path Finder in

Splunk dashboard : Text input token is caching the previously entered value.

I have a dashboard with multiple inputs. These inputs are like filters on top of basic search. I want 1. if phone m...

by Explorer in

Field extraction with multiple matches per line

Hi all, I'm trying to pull out the MAC addresses from a series of records which is mostly working using the follow...

by Explorer in

How to join 2 indexes

Hi All, I want to join two indexes and get a result. Search Query -1 index=Microsoft| eval Event_Date=mvindex(...

by Communicator in

How to edit my search to omit results of a subsearch from the main search using NOT?

Hello Splunkers, I've been trying to solve this problem for a while now but I am still not able to NOT the contents o...

by Contributor in

Transaction not grouping results with startswith and endswith filter

I am doing the labs for Fundamentals Part 2 and I am not understanding something I have to use the startswith and end...

by Observer in

How to skip/ignore one letter character from filtered log

Hello Team, rex field=_raw "string_list=%25(?<new_field1>\w+)%25" Above condition will get a word bet...

by Explorer in

How to get data from log and count event values

Hello Team, I'm very new to splunk, I have below two logs "message": "api.main REQ user1 10.10.44.76 \"GET /api/v...

by Explorer in

Splunk Search

Discussions

Help with Dashboarding

specifying field in Field Extraction

Search a two messages from 6 hosts and show top 6 results

How do I implement multiple rename commands based on user input

Multiple Rows into one row with primary key

Dynamically Change panel background color based on returned value (no js possible)

Combine two stacked bar charts side by side

Firewall logs

csv lookup for search query based on continuity and 7-day condition

how to set limit

How can I display values of a common field occurring in two different event ID's?

Aggregate query help

How do I get Spunk to parse the events returned by a custom generating command?

Splunk dashboard : Text input token is caching the previously entered value.

Field extraction with multiple matches per line

How to join 2 indexes

How to edit my search to omit results of a subsearch from the main search using NOT?

Transaction not grouping results with startswith and endswith filter

How to skip/ignore one letter character from filtered log

How to get data from log and count event values

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.

Learn More or Register Now >

Help with Dashboarding

How do I implement multiple rename commands based ...

How do I get Spunk to parse the events returned by...

How to search for last 6 months for event indexed ...

How to insert Bar Graph Chart with patterns?

Splunk Search

Discussions

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20. Learn More or Register Now >

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.

Learn More or Register Now >