Splunk Search

Discussions

Thread Info

How to figure out the exact regex to capture the hostname value from the event logs for transforms.conf?

Hi, I'm sure this is really simple but I've been unable to figure out the exact regex to capture the hostname value f...

by Motivator in

How can I view daily/monthly job query search average times?

Given an initial search query, I'm trying to view daily and monthly job search query runtimes, then average the times...

by New Member in

Sorting column header is based on ASCII and its not based on case senstitve

Hi, I have a saved search with the below code snippet to sort irrespective of case. index=indexname | eval so...

by Communicator in

Why is the sum of all events on transaction giving the wrong value?

I'm calculating sum of all the events in the transaction but the sum displayed is different from actual sum. What am ...

by New Member in

サブサーチで何もヒットしない時、メインサーチのソースで全検索されてしまいます。　If subsearch is no result, Mainsearch execute Full Search

source="logA" [search source="logB" "valueA" | return fieldA] 上記のように検索する時、もしサブサーチ内でvalueAの検索結果が無い時、サブサーチで何も値が返されない...

by New Member in

How do I formulate a regex so that I can search different types of events?

event 1: 31.138.204.1 | ssh | o*1N0HIQQx434x12481145x1 | ZI53713 | 2018-05-28 07:14:47,848 | SSH - piv-receive-pa...

by Contributor in

How to get max value from each columns that are created dynamicly based on time range

search query | timechart span=1m count by A1 the above query gives me below output: _time column1 column2 colum...

by Path Finder in

How can I compare two fields that I get from my search result?

I want to compare the two columns that I get dynamically from my search result. I want to compare both fields. Sou...

by Explorer in

rex Named extraction for acronyms that have 4 letters and are all capital letters

Hello, I'm trying to create a named extraction and want to use regex to find all instance of 4 letter acronyms th...

by Communicator in

How to expand the dates between two dates?

I want to display the date between two date range EX. 3/11 -3/19 Field : SDate= 3/11/2018 EDate=3/19/2018 I nee...

by New Member in

rex sed strings different length

Hi! Can somebody please explain me WTF is happening here? My question is quite simple. I want to substitute [áéíóú...

by Path Finder in

How can I integrate D3/Google Charts in my Splunk Dashboards?

I have seen the splunk document to integrate D3 sankey visualization into splunk and to be honest, not being a javasc...

by Contributor in

How to apply the predict function for the most varying field?

I'm trying to do something like from my output I just need to apply predict function on most varying field. For examp...

by Super Champion in

how to sub headding in table column in dashboard

Column1 | Day1 | Day 2 | --------- | Shift1 | Shift2 | Shift1 | Shift2 | ABCD | X | N | Y | X | XYZA | X | N | Y | ...

by Explorer in

How to run R script on data from a Splunk search?

I wrote a R script that I'd like to run on data from a search in Splunk. Unfortunately, the only examples of R scrip...

by Engager in

Heatmap table

Hi all, I would like to know if Splunk have a custom heat map visualization like this aside from Heatmap - Custom ...

by Communicator in

How to build stats on JSON data?

Hi, I would like to get help on applying stats on the following JSON data: { "ts":1527498793267, "version...

by New Member in

How to display count of related events in a column?

I am trying to get the following query to show the related_vulnerabilities as a count column, instead of showing all ...

by Path Finder in

In D3 force directed graph use recursive search query.

I have to use recursive search concept to interchange source and target field in D3 force directed graph so that we c...

by Explorer in

Chart logon session duration:hour of day as x axis and day of the month as y axis, duration of session as a line segment

Hi, I have a couple of logs showing user login and logout sessions. I'm trying to display each session of a specif...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to figure out the exact regex to capture the hostname value from the event logs for transforms.conf?

How can I view daily/monthly job query search average times?

Sorting column header is based on ASCII and its not based on case senstitve

Why is the sum of all events on transaction giving the wrong value?

サブサーチで何もヒットしない時、メインサーチのソースで全検索されてしまいます。　If subsearch is no result, Mainsearch execute Full Search

How do I formulate a regex so that I can search different types of events?

How to get max value from each columns that are created dynamicly based on time range

How can I compare two fields that I get from my search result?

rex Named extraction for acronyms that have 4 letters and are all capital letters

How to expand the dates between two dates?

rex sed strings different length

How can I integrate D3/Google Charts in my Splunk Dashboards?

How to apply the predict function for the most varying field?

how to sub headding in table column in dashboard

How to run R script on data from a Splunk search?

Heatmap table

How to build stats on JSON data?

How to display count of related events in a column?

In D3 force directed graph use recursive search query.

Chart logon session duration:hour of day as x axis and day of the month as y axis, duration of session as a line segment

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Unify Your SecOps with Splunk Mission Control

Data Preparation Made Easy: SPL2 for Edge Processor

Migration Qradar data to Splunk

Running multiple query based on condition

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...