Splunk Search

Discussions

Thread Info

Help with temp tables and variables

New to splunk and been struggling manipulating search results into a final result that I am looking for. In powershel...

by Explorer in

SPL: How to calculate the average user events per unique user, per day over a 14 day period (exclude weekends)?

All, I need some help on a problem I am trying to solve. Problem: I need to calculate the average user events p...

by New Member in

Compare results from two separat search results

I have two separate searches that provides me the same data field in two different fieldds. I want to identify the co...

by Explorer in

How to find number of events, size (in GB), and frequencies of ingestion?

Hello, are there any queries we can use to find the Total Number of Events, Total Size/Volume (in GB) of Data, Fre...

by Motivator in

How to add hyperlinks for column values in table?

If col A contains a b c d e f, I want a separate link to be opened for each value. E.g If the user click on "a", it s...

by New Member in

Conditional regex help: How to capture two groups if they have an "exclusion type"?

hi everyone, i'm trying to parse json inline. i'm using kv mode= json already but i'm trying to achieve selective...

by Loves-to-Learn in

How to capture in chart?

Hello I have a table I want this I am not sure which tool (chart, table anything else) and a...

by Explorer in

Why is my alert report only showing the first result of every row?

I have this table and I'm trying to send it as a report/alert every morning to our teams chat group T...

by Communicator in

help to change the chart label size

Hi I use this CSS code in order to enlarge the size of the data values in the bars chart Now I also need to enlar...

by Motivator in

How to get stats max count of a field by another field?

Hi There, I am looking to produce an output where the field with maximum count is display based on another field. ...

by Communicator in

How to create a Splunk query to more easily narrow down the exact page where a device ID reset occurred?

Here is the SPL: index=name reqHost="host" | rex field=cookie "care_did=(?<care_did>[a-z0-9-]+)" | rex fi...

by Explorer in

help to solve a different syntax field between a lookup and a main search

hi I use a lookup with a field corresponding to a site name | inputlookup site.csv | search site=*paris* ...

by Motivator in

How to access a lookup created in one app in another?

Hi All, Splunk Enterprise 8.2.4 Clustered I have an issue where I have an existing app with a lookup listing al...

by Path Finder in

Is there anyway to create a file with a list of IP's that i can use in the search field?

is there anyway to create a file with a list of IP's that i can use in the search field? i am trying to search for IP...

by Engager in

Why is my chart that is grouped by values not showing up in visualization?

Hi Experts, my SPL query, ...| eval elapse_range=case(TOTAL_ELAPSE>0 AND TOTAL_ELAPSE<4, "Green",TOTAL_ELAPSE>4...

by Explorer in

How to display min and max in a timechart?

hello I use this timechart index=tutu sourcetype=titi | timechart span=15min dc(s) as "Uniq" ...

by Motivator in

Comparing fields of different events in the same log file

Hello all, I'd like to compare events in the same log files, amusing the format of the events are the same. For exa...

by New Member in

Tranpose the output result

Hi There, I have got some results in after running the below command my search | | bucket _time span=1h| stats co...

by Communicator in

How to pass a user ID to a new query?

I'm attempting to build a search around Okta authentication logs. I want to run a query to check for any Multi facto...

by Explorer in

how to search for event matching lookup table

hi, i a total newbie i need to do a search in splunk matching the domain in my lookup table (master_lookup.csv) m...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Help with temp tables and variables

SPL: How to calculate the average user events per unique user, per day over a 14 day period (exclude weekends)?

Compare results from two separat search results

How to find number of events, size (in GB), and frequencies of ingestion?

How to add hyperlinks for column values in table?

Conditional regex help: How to capture two groups if they have an "exclusion type"?

How to capture in chart?

Why is my alert report only showing the first result of every row?

help to change the chart label size

How to get stats max count of a field by another field?

How to create a Splunk query to more easily narrow down the exact page where a device ID reset occurred?

help to solve a different syntax field between a lookup and a main search

How to access a lookup created in one app in another?

Is there anyway to create a file with a list of IP's that i can use in the search field?

Why is my chart that is grouped by values not showing up in visualization?

How to display min and max in a timechart?

Comparing fields of different events in the same log file

Tranpose the output result

How to pass a user ID to a new query?

how to search for event matching lookup table

Security Highlights: September 2022 Newsletter

Platform Highlights | September 2022 Newsletter

Observability Highlights | September 2022 Newsletter

Why the error "sh: /opt/container_artifact/splunk-...

Why the error "sudo: unable to send audit message:...

Is it possible to turn 8 product charts into one t...

What's the meaning and mechanism of form.multisele...

In dashboard studio, how do I change time format?