Splunk Search

Discussions

Thread Info

can lookup be used to match default value in .csv table

I have a csv lookup table with 3 columns, eg: input1,input2,output 240,789,303456 240,330,303457 240,default,303458 2...

by New Member in

How to write a search to extract URLs crawled by Googlebot

Which field should be extracted for this relevant use-case? index={wxxx} googlebot | fields URIs | stats count by ...

by New Member in

Sort based on first count generated by xyseries dynamically

I want to sort based on the 2nd column generated dynamically post using xyseries command index="aof_mywizard_deploy_...

by Communicator in

Use subsearch with stats command to dynamically search for list of events

|inputlookup test_results |where build == [|inputlookup test|stats first(build)] I'm trying to do something like t...

by Path Finder in

1 column have mutli

i have a table record is date, product, price 20171015, ABC,10 20171015, CDE,9 20171016, ABC,8 20171017, CDE,10 an...

by New Member in

Build Chart (Score Sheet) that shows all assignments (even missing)

So I have score information for a variety of challenges completed by a number of people. I want to build a chart show...

by Explorer in

What should be added to my search to convert all the results to be lower case?

I have a Splunk query as follows | inputlookup hosts.csv | rename Hostname as my_hostname |rex mode=sed field=my_...

by Builder in

How do you specify x-axis intervals on ChartView (type column)?

Hi all, I am using the object ChartView (type column) however I am not able to set the intervals (units) in axis X...

by Communicator in

How to extract password field in the events with regex? (Password is a string of numbers)

How to extract password field in the events? I need to extract " 123456-222245-666565-151063-123456-222365-333111-...

by Builder in

How to regex events with "==========================" as event breaker?

How to break the events with using regex with "==========================" as event breaker? event: PS C:\tetst...

by Builder in

How to create a table depending on quarters and intervals?

Hi Team, I have data of several years sorted by specific dates and numbers. And I would like to display them on q...

by New Member in

How can I search for all domains for "All Time" and limit results by second criteria -- First seen date of today or yesterday?

Hey All, Sorry if this is a duplicate, or already been answered, but I've tried numerous ideas from posts, and the...

by Explorer in

How do you write rex to extract unstructured field?

I have the below log. I want to extract the sixth column as a field, in that column I have different types values. So...

by New Member in

How can I create a visual progress bar/ tracker in Splunk? Use case: to show various phases of onboarding process.

Hi ,For my current project i need to implement a Tracker functionality which basically shows various phases of Onboar...

by Path Finder in

Use other events fields as a field for your search

Hi, I need to use events on a data source as a reference for other events Example: ID . | Name . |Type . | I...

by New Member in

Search data for All Time but only graph a specified time range

Hello, I am charting IT help desk tickets and I need to make a chart showing how many tickets are opened and close...

by New Member in

Why Raw events table (populated using tokens) displays raw events for some events but not the others?

Hi, Would really appreciate if someone could help me with this issue: I have a Table that displays Host and "Er...

by New Member in

Need to make a new field with values of new made fields from two indexes

Hi, Maybe a simple question, but im struggling with it. I would like to make a new field with eval which consist o...

by New Member in

How to filter out the list of hosts that are in the lookup but not in my search result?

I have a query as follows which displays the list of hosts and their host details as follows host field_A fi...

by Builder in

streamstats and exclude field values that changed their state to a particular value

Hi All, I am hoping you can help me out with the following : I am preparing a report from the logs of our moni...

by Path Finder in

How can I create a table with the currently logged in VPN users?

Hi, I wanted to display in a form of a table the current logged in VPN users. my search command is this hos...

by Explorer in

eval wildcards

I have a search that uses some wildcards: sourcetype="EPPWEB" source="/opt/log/*/web_server/info.log" WAT | rex f...

by Builder in

Combining unique field values

I have the following problem I would like to solve Numbers1 Numbers 2 1 6 2 7 3 8 4 9 5 10 I want to concatena...

by Path Finder in

My count is double. Can I use field from search to search lookup table?

1) I have got a query whose output are events that contains a field called CV4_TExCd. The base query looks like this:...

by Explorer in

Linechart with multiple lines of data on one chart?

Dummy question. I have a CSV file that contains three columns (fields) <date>, <value>,<group> 2017-01-01, 10...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

can lookup be used to match default value in .csv table

How to write a search to extract URLs crawled by Googlebot

Sort based on first count generated by xyseries dynamically

Use subsearch with stats command to dynamically search for list of events

1 column have mutli

Build Chart (Score Sheet) that shows all assignments (even missing)

What should be added to my search to convert all the results to be lower case?

How do you specify x-axis intervals on ChartView (type column)?

How to extract password field in the events with regex? (Password is a string of numbers)

How to regex events with "==========================" as event breaker?

How to create a table depending on quarters and intervals?

How can I search for all domains for "All Time" and limit results by second criteria -- First seen date of today or yesterday?

How do you write rex to extract unstructured field?

How can I create a visual progress bar/ tracker in Splunk? Use case: to show various phases of onboarding process.

Use other events fields as a field for your search

Search data for All Time but only graph a specified time range

Why Raw events table (populated using tokens) displays raw events for some events but not the others?

Need to make a new field with values of new made fields from two indexes

How to filter out the list of hosts that are in the lookup but not in my search result?

streamstats and exclude field values that changed their state to a particular value

How can I create a table with the currently logged in VPN users?

eval wildcards

Combining unique field values

My count is double. Can I use field from search to search lookup table?

Linechart with multiple lines of data on one chart?

.conf25 Community Recap

Splunk App Developers | .conf25 Recap & What’s Next

Congratulations to the 2025-2026 SplunkTrust!

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions