Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to map index in active directory to splunk instance?

Hello guys I have an index, stored in active directory. Is there a possibility to make my splunk instance extract ...

by Explorer in

How to create a rex for search?

I have the below log line: Slow GraphQL query [8447ms] How can I grab only the value "8447"?

by New Member in

Search from web UI not working

We are in a process of setting up new splunk env on CentOS 7. As part of it we have configured 1 search head and 1 in...

by Explorer in

How to extract one field from the data listed?

How would I go about performing a field extraction when the data is structured as follows: ->Message.[some random ...

by Path Finder in

In PDF generation why are the bar columns too small?

When I generate a pdf of a dashboard, the columns on the chart are too narrow. The values that are shown on each bar ...

by Path Finder in

Specify More Than One Host?

Hey everyone! I have a pretty simple question. Below is a sample search string: index=os sourcetype=df mount="/etc...

by New Member in

How to get stats based on multiple values for a single source?

I have 3 sources source1, source2, source3 and 5 sourcetypes sourcetype1, sourcetype2, sourcetype3, sourcetype4, sour...

by Explorer in

Why is [REGEX] Transforms.conf not able to apply a global flag?

Hi Splunkies, I have configured a transforms.conf below: [ABCD] REGEX = (?m)^(.*)("ABCD":")(\w+(\w{4}["].*)) FO...

by New Member in

How to display field values in a dropdown?

I have a field extracted called "IP" , I want to display the values of IP in a dropdown . But I want to do it based o...

by New Member in

How to read middle events from the event list?

I am having n number of events but want to read 3 and 4th record. Eg: 2018-02-09 ABCD 1234 5678 2018-02-09 EFGH 13...

by Engager in

Calculating utilization of nodes connected in Tree network topology

I have been busting my brain on this for a few weeks with no clear solution, turning to the brainiacs in the Splunk c...

by Path Finder in

How to create a new field using eval by eventtype?

Hi guys, I am trying to create an evaluated field, action, that will contain different values from different field...

by Explorer in

Can you do a data model search based on tstats and macros?

Can you do a data model search based on a macro? Trying but Splunk is not liking it. It yells about the wildcards *, ...

by Path Finder in

Timechartで、10個以上のデータがOtherに丸められてしまう。

Timechartで10種類以上のデータを同時に表示・プロットしたいのですが、Othersに丸められてしまいます。 15種類など、より多く設定するにはどうすればよいでしょうか。

by Splunk Employee in

How to match an IP to CIDR Range to get Criticality for ES?

I'm trying to write a search for an asset lookup that I'm able to query to take a list of IPs and bring back the corr...

by Explorer in

Can you have cascading automatic lookups?

In some of my sourcetypes, I am using automatic CSV lookups to add some data to Splunk (as explained in the docs here...

by Path Finder in

Training a list of models in the ML Toolkit

Hello, Using the ML Toolkit, I am looking to train and and apply the OneclassSVM algorithm on a list of models. Ba...

by New Member in

Overlaying a previous years data on chart

I am displaying some data by Month for 2018/2019 (i.e. 01-2018, 02-2018) on a barchart. Search Query: ( sourcetype...

by Explorer in

How to get percentage from customer of different reports?

Hi community! I would like to make the number inside the red circle to be a percentage based on the total customer...

by Explorer in

How to search for a field value with a wildcard and a variable?

index="test_index" |table Calendar, Job, Status |eval dayNow=strftime(now(),"%A") |search Calendar= ??? My 'Calen...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to map index in active directory to splunk instance?

How to create a rex for search?

Search from web UI not working

How to extract one field from the data listed?

In PDF generation why are the bar columns too small?

Specify More Than One Host?

How to get stats based on multiple values for a single source?

Why is [REGEX] Transforms.conf not able to apply a global flag?

How to display field values in a dropdown?

How to read middle events from the event list?

Calculating utilization of nodes connected in Tree network topology

How to create a new field using eval by eventtype?

Can you do a data model search based on tstats and macros?

Timechartで、10個以上のデータがOtherに丸められてしまう。

How to match an IP to CIDR Range to get Criticality for ES?

Can you have cascading automatic lookups?

Training a list of models in the ML Toolkit

Overlaying a previous years data on chart

How to get percentage from customer of different reports?

How to search for a field value with a wildcard and a variable?

There's No Place Like Chrome and the Splunk Platform

The Great Resilience Quest: 5th Leaderboard Update

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

Need custom time for PDF schedule report

Using comparison function within mstats

splunk search statement using keyword from input b...

Ex Cisco - run a report for all DFS users who logg...

Splunk query to list all the queries that time out