Splunk Search

Ask a Question

Discussions

Thread Info

Append * to the end of values in a multivalue input

I have created a multivalue parser from suggestions in the Splunk answers in the following form: [stats count | ev...

by Explorer in

Tried to add a search peer: Error while sending public key to search peer: Connection closed by peer

(attempting 1 Indexer, +1 SH setup) Tried the Following the Instructions from Splunk 1. Log into Splunk Web on the...

by Builder in

Search to see which forwarders reported in the previous 24 hours or if there is a delay in logs?

Hi there, is there any query to find out the forwarders which are reporting for last 1 day or f there is a delay i...

by Path Finder in

How do I dynamically set earliest from subsearch?

Hi folks, been all over this site and google, not finding a working solution. I'm trying to perform a search using...

by Path Finder in

Creating a transposed table in conjunction with stats command

(index=geniachip AND (geniaComplete.flag OR "DVT ready" OR "transfer complete for all banks" OR "lz4.complete*" OR "O...

by Path Finder in

How do you set a default maximum data transfer rate?

Dear Splunkers, is there a maximum KB/s of traffic a forwarder sends to the indexer? I mean is there a limit you c...

by Path Finder in

How to get earliest datetime

I have a field which contains first_found_date and due to some reason it keeps on changing for some of the assets. ...

by Path Finder in

Is there a forensic-type report that handles AD user account properties for PCI and SSAE compliance?

Hello, I'm looking for a way to track total property changes within an AD user's account. As an example, per PCI and...

by Path Finder in

Search help -- my search is inaccurately showing if hosts have been online in the past 24 hours.

I have a query as follows | inputlookup ABCD | search Forward="Yes" | table Region,IPHost, ip_address | rename ...

by Builder in

How to preserve order of json array in search results?

We are on Splunk 6.2.1 We have logging raw json including 'stack_trace' as a json array like this: {"exception_...

by Path Finder in

How to rearrange table by values in a column

So I have the following data as output statistics from a search: User Group Number Andy A ...

by Explorer in

Average of web requests blocked - span of 10 minutes

Hi mates, I'm trying to get the most 10 IP addresses with blocked web requests during a month, but the threshold s...

by New Member in

How do time based lookups apply user time zone?

I have a time based lookup set up with a lookup file containing time values of full days, such as 2017-08-14 (with a ...

by SplunkTrust in

Stats values Into timechart -- I can't get timechart to work

Hi, I wonder whether someone could help me please. I've put together this query: | multisearch [ search `fronte...

by Motivator in

Trying to extract these three fields from XML using regex

Hi! I can not extract three fields from xml using regex. Please tell me how it can be done <VULN number="MP-413771...

by Explorer in

How can I rearrange the columns of my search in this specific order?

I want my to rearrange the columns of my query in a particular order as shown below ,but due to dates (01-jun-2017) ,...

by New Member in

How can I create the same fields with different values within the same event?

I need to extract cveid, cvss, vulnerability number, etc.. here is my log: ...... cveid="1234" cvss= "abcd" ......

by Explorer in

Search to check whether keys are matching

I have the below expression and which is a keys and i want to check whether the same keys are matching so help me in ...

by Builder in

Change color of pie chart based on percentage automatically

I want to change color of slices of pie chart based on the percentage values. slice that have highest percentage shou...

by Path Finder in

Set zero value if there is nothing found in the search

Hi, I'm running Splunk 6.6 and I like to set something like a "default" value in the case that there was nothing f...

by Path Finder in

Regex to extract from start until a specific character

I have a test field in a CSV called description: Completed changes are not shown as complete in channels for a while ...

by Champion in

How to calculate the percentages of the field values (yes/no) in a field?

Hi I have a Splunk search as follows: My search | table host_name, last_seen_in_24hours which displays the res...

by Builder in

How do I make fields with a replacement for an argument work inside a saved search with the map command?

I'm sure there's a really easy answer, but it isn't coming to me so I'd greatly appreciate some help. If I define ...

by Communicator in

'outputlookup' command: Could not write to file

I'm trying to use outputlookup to generate a lookup table based on search results and I'm running into the following ...

by Super Champion in

chart over multiple fields

hello splunkers, We are trying to get the chart over for multiple fields sample as below , we are not able to get ...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Append * to the end of values in a multivalue input

Tried to add a search peer: Error while sending public key to search peer: Connection closed by peer

Search to see which forwarders reported in the previous 24 hours or if there is a delay in logs?

How do I dynamically set earliest from subsearch?

Creating a transposed table in conjunction with stats command

How do you set a default maximum data transfer rate?

How to get earliest datetime

Is there a forensic-type report that handles AD user account properties for PCI and SSAE compliance?

Search help -- my search is inaccurately showing if hosts have been online in the past 24 hours.

How to preserve order of json array in search results?

How to rearrange table by values in a column

Average of web requests blocked - span of 10 minutes

How do time based lookups apply user time zone?

Stats values Into timechart -- I can't get timechart to work

Trying to extract these three fields from XML using regex

How can I rearrange the columns of my search in this specific order?

How can I create the same fields with different values within the same event?

Search to check whether keys are matching

Change color of pie chart based on percentage automatically

Set zero value if there is nothing found in the search

Regex to extract from start until a specific character

How to calculate the percentages of the field values (yes/no) in a field?

How do I make fields with a replacement for an argument work inside a saved search with the map command?

'outputlookup' command: Could not write to file

chart over multiple fields

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services

How to check MQ reconnects after a connection is d...

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown