Splunk Search

Discussions

Thread Info

How to convert field date into week values?

Good Day all, I have a query, I am uploading a CSV regularly onto splunk. Since its uploaded in a random time, splunk...

by Communicator in

How to display the time field?

In one of the search queries, I am displaying the Latest and Oldest value of a field. Please refer the below sample q...

by Communicator in

Question regarding brute force query

Please see this query for brute force detection- index="wineventlog" sourcetype=wineventlog:security | search (EventC...

by Loves-to-Learn in

How to search a matching string using lookup?

I have a query like this, which prints the number of message matches and an abbreviation: sourcetype=source1 | rex...

by Explorer in

How to rearrange columns in a timechart result?

Hi, I have a timechart result with two columns as shown in the 1st screenshot. Hour column contain a count for ea...

by Explorer in

Would like timechart (count) to show a legend with overall % next to each item

I've been looking at some similar questions .. (for instance, this showed how to have timechart display % each day in...

by New Member in

How do you restore the local.meta if it has been corrupted

The local.meta file on our splunk 5.0.4 version on the Search Head/Deployer server has had data removed (assuming acc...

by Path Finder in

How to group by object's keys?

I would like to create stats from the data whose structure looks like mentioned below: { data: { ...

by New Member in

search to find users that worked most events

i want to know who worked the most splunk events per day. We have corelation searches that fire on specific use cases...

by Explorer in

How to Eval urldecode and then regex?

I have some URL encoded logs. ...| eval decoded_raw = urldecode(_raw) how would I write a rex to find any deco...

by Builder in

subtraction of timestamp from two search

i would like to calculate response time by extracting timestamp from two different search then subtracting Response=S...

by New Member in

How to calculate concurrent operations on a server in a timechart?

Hi, I'm trying to show the concurrent number of 2 operations(eg, data 'export', and data 'import') on a server in ...

by New Member in

How to count the number of alerts with various time ranges and displays, together?

I want to create a visualization that shows the number of sales in the last 1, 2, and 7 days all within the same visu...

by Builder in

Unable to use regex to index logs

Hi, I wish to configure splunk forwarder to pick logs from a directory that match any of the below patterns. Essentia...

by New Member in

How to populate a column that generates time difference for the results which are generated from a stats command?

I have this query. index=azure Operation=UserLoggedIn user!=Unknown|sort - _time | iplocation ClientIP | eval T...

by New Member in

TimeChart implemention over two grouping

i have log file as below need to calculate Execution time for each events and dispay data by grouping with Errorcode ...

by New Member in

Splunk freezing for other users when doing large base search.

Hi Other users are unable to open splunk screens for up to 1 minute while one user is running a large base search?...

by Motivator in

Process end with load job

I have modified the xml of my dashboard in order to load some data directly form the results of the process related t...

by New Member in

item and time column lookup help

I have several rows of a CSV lookup Name,00:00,00:15,00:30 test1,A,A,A test2,A,N,N I want to matchup _time with th...

by Builder in

How to write a query to show the top performer (Single Value)?

Hello All, I want to write something that shows a single value with the below data Customer M 5 Units Customer N 15 U...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to convert field date into week values?

How to display the time field?

Question regarding brute force query

How to search a matching string using lookup?

How to rearrange columns in a timechart result?

Would like timechart (count) to show a legend with overall % next to each item

How do you restore the local.meta if it has been corrupted

How to group by object's keys?

search to find users that worked most events

How to Eval urldecode and then regex?

subtraction of timestamp from two search

How to calculate concurrent operations on a server in a timechart?

How to count the number of alerts with various time ranges and displays, together?

Unable to use regex to index logs

How to populate a column that generates time difference for the results which are generated from a stats command?

TimeChart implemention over two grouping

Splunk freezing for other users when doing large base search.

Process end with load job

item and time column lookup help

How to write a query to show the top performer (Single Value)?

Introducing Edge Processor: Next Gen Data Transformation

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Using Machine Learning for Hunting Security Threats

How can I build a use case scenario for MFA login ...

Will Splunk searches using lookup get affected if ...

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?