Splunk Search

Discussions

Thread Info

Mapping two searches to the same chart element at different times?

Hi, I am on runtime trying to change the search in the same chart element. As in the chart element refers to one s...

by Communicator in

Min/Max of Time Axis on Timechart Does Not Always Reflect Query Time Range

If you perform a query that returns events that do not hit the left or right "edge" of your specified time range, and...

by Explorer in

How to edit my search to get an average of the total count for the last X days?

I am getting a total count by using index=aap_prod sourcetype="ECS:PROD:CATALINA" (ECSSearchType=autocomplete OR E...

by Communicator in

How to search for part of a string matching a certain regex for an ID in a text field and replace it with "id"?

Hello everyone. I need to substitute text "id" in text fields where I have ids now: like 123123123, 312asda-adas2 ...

by Communicator in

default interval for data sending

I am using Universal forwarder to send data to main Splunk instance to monitor files/directories. What is default ...

by Builder in

How to change the default behavior for checkboxes so it searches with OR for multiple selections, not AND?

Hi All, The default behavior when building a dashboard with checkboxes is that the checkboxes equal an AND search....

by Path Finder in

Sort based on Specific Value Within Field

Hi all My question has to do with sorting , and basically my field looks like this where I want it sorted by the last...

by Path Finder in

count list host count by sourcetype, sourcetype by index

Hi, This seems like it would be simple, but I can't figure it out for the life of me. I really like the stats list la...

by Communicator in

How to create a stacked column chart with count(_time) split by index (_internal, main) for each host?

I don't understand why this should be so difficult....okay, here is my search: host=* index=_internal OR index=mai...

by Engager in

Removing events with duplicate fields from transaction command

Hi all, I am writing a query to detect brute force attempts, where the username is different in each request. index...

by Explorer in

Why are the search and query tags in my dashboard XML failing?

Hi, I wonder whether someone may be able to help me please. I've put together the following in the Dashboard X...

by Motivator in

Query to get daily amount of data in GB per index

I am trying to figure out a search to get the amount of data in GB coming into Splunk per index. When we have huge sp...

by New Member in

How to call an external lookup from the master search head, but execute it in a specific search peer?

I have an external lookup that is working fine, but due to firewall restrictions, I need to force the external lookup...

by Motivator in

Bucketing by day for a table of result with eventstats

We've got summary index working great, but we need to back fill in some data from before we started the automated rep...

by Path Finder in

How to combine or join 2 sources (.csv format) with exactly the same extracted fields?

How is it possible to combine or join 2 sources (.csv format) with excactly the same extracted fields? source1: co...

by Explorer in

Is it possible to do faceted search with Splunk, similarly to what we do with Solr?

I'm new to Splunk and I have been searching for a way to do faceted search, similarly to what I have been doing with ...

by Explorer in

How do I edit my search to get a total sum of list(count)?

I've got this search working to show me allowed (!=blocked) network activity that lists the dest_ip, and dest_port, g...

by Path Finder in

How to create a chart overlay of last weeks CPU utilization with this week's CPU utilization?

I am attempting to overlay last weeks CPU with this weeks CPU utilization, to give a side by side contrast. Curre...

by Motivator in

How do I edit my search to add a second field (value) to my chart?

I have this string and want to add second value " accountNumber" to the chart. How I can do that? Current string: ...

by Communicator in

How to pre-calculate a value per day and store it in a lookup to find averages in later searches?

Currently we have a search: index="ecom" eventName | eventstats dc(sessionId) as totalnumberofsessions | search ev...

by Path Finder in

Splunk Search

Discussions

Mapping two searches to the same chart element at different times?

Min/Max of Time Axis on Timechart Does Not Always Reflect Query Time Range

How to edit my search to get an average of the total count for the last X days?

How to search for part of a string matching a certain regex for an ID in a text field and replace it with "id"?

default interval for data sending

How to change the default behavior for checkboxes so it searches with OR for multiple selections, not AND?

Sort based on Specific Value Within Field

count list host count by sourcetype, sourcetype by index

How to create a stacked column chart with count(_time) split by index (_internal, main) for each host?

Removing events with duplicate fields from transaction command

Why are the search and query tags in my dashboard XML failing?

Query to get daily amount of data in GB per index

How to call an external lookup from the master search head, but execute it in a specific search peer?

Bucketing by day for a table of result with eventstats

How to combine or join 2 sources (.csv format) with exactly the same extracted fields?

Is it possible to do faceted search with Splunk, similarly to what we do with Solr?

How do I edit my search to get a total sum of list(count)?

How to create a chart overlay of last weeks CPU utilization with this week's CPU utilization?

How do I edit my search to add a second field (value) to my chart?

How to pre-calculate a value per day and store it in a lookup to find averages in later searches?

Could not load lookup=LOOKUP-splunk_security_essen...

CIDR match not working on Splunk 8.X

Splunk App for Windows - Missing Task Category, Ty...

Jump multiple links at the same time

How are AWS logs get ingested into Splunk Enterpri...