Splunk Search

Discussions

Thread Info

Is it possible to create a view showing all events coming from an IP and/user name?

I'd like to create a dashboard where I could easily search for events coming from a specific IP address or username. ...

by New Member in

Like function overview?

I am new to Splunk, Can someone please explain me what below query is doing and what does 1 mean at the end of Source...

by Explorer in

How can I change the order of the fields in my piechart?

I have the following search: ....| eval "cs"=case(CallRate<=250,"Under 250 kps", CallRate<=500,"Under 500 kps", Ca...

by Contributor in

Regex for Dell Quest TPAM logs ?

Has anyone done any work with Dell/Quest TPAM logs? Not enough experience with regex to know where to start. As an...

by Explorer in

How to create a graph or table for the following query according to the Status Code ?? Please refer the result below.

{"StatusCode":200,"ReasonPhrase":"OK","Method":"POST","PathAndQuery":"} {"StatusCode":404,"ReasonPhrase":"Not Found",...

by Path Finder in

95% percentile of the transaction duration

Hello I'd like to display the 95% percentile of the transaction duration. Any hint how I can do this? This is my ...

by New Member in

How can I show segments of user login counts sorted by groups of ten per segment (in a pie chart)?

Hi, I am trying to get a pie chart which shows the Top 10 users logon count as a single slice, then the next 10 fo...

by Explorer in

Creating a table from a single event with multivalue field

I have an event that has disk information like: there are hosts that have more mountpoints or less mountpoints. So I ...

by Path Finder in

Connect to a non-default instance of MS SQL server

How would I connect to a non-default instance of MS SQL server? I don’t see any fields in the GUI or database.conf.sp...

by Splunk Employee in

Display Input Lookup Data

Hi Team, How to display lookup fields along with search fields. search Query index=AA* host=ABC source=/tmp/pro...

by Path Finder in

Conditional Sum to find 99% average of total data

Is there a way to using conditions to find all the values (SUM and COUNT) above a certain value to be used as part of...

by Path Finder in

Can I dynamically filter on the table?

Let's say I create the following table from my search index= x .... | stats sum(x) by y y sum(x) Counter1 ...

by Motivator in

What syntax can I use to run a search that sorts varying runtimes?

I have data for 1 day where I want to sort it with activity like following manner, total number of records took 0-3 s...

by Path Finder in

How can I change the time output from this timechart to show time when there is no event?

This is my code, the data includes a field labeled "callId" (for this particular search there are 3 distinct callId) ...

by Explorer in

Is there a meta command to find old lookup files?

hi, I created a lookup file a long time ago but I don't remember where it is, is there a meta command that can ...

by Path Finder in

How to specify the time range chosen on a chart's y-axis?

For a timechart such as " .. | timechart count", there will be an arbitrary bucket size selected depending on certain...

by Explorer in

Optimisation: Search counting DNS Connections over 30d and 24hrs. Alert when 24hrs is 3* greater than daily "average".

Hi All, TL;DR: I could use some assistance with search string optimization, or help re-writing the search string t...

by Communicator in

How to filter Windows Events from one host using Regex?

Hi, How to filter out the events with EventCodes (4624, 4672, 4634) and Account _svc_abd with Security Id "S-1-5-2...

by Builder in

How can I search for hex encoded strings without a wildcard(*)?

I am trying to do a search for a number of strings that are hex encoded. For example, http would be stored as 6874747...

by New Member in

Why do I lose data when comparing daily results with previous weeks, same day, using appendcols?

Hi, My goal is to compare today's count, say Monday, to the previous Monday. Also, compare the previous week's Mon...

by New Member in

Dynamically changing the x-axis values

Hi all, I have this search: index="attenuation" |dedup CONCATENATE_Z |eval TRATTA=NODO_A."->".NODO_Z |lookup eol...

by Path Finder in

Pie chart displaying "other(n)" and "OTHER" fields.

Hi, I am creating a pie chart which shows the top logon count but unfortunatelly the system is showing two differe...

by Explorer in

How to break single event(JSON response) to multi events?

Hello guys, I have some problem with breaking the json event. Where i made some REST API get request to get the da...

by New Member in

How do I extract a field from my raw data using rex command?

Hi, Can someone able to help me please. I'm very new to using Splunk and most certainly to the rex command and ...

by New Member in

How can I compare the count of two hosts?

How to compare the two host events ? index=test| stats count by host | stats list(count) as count by host my re...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Is it possible to create a view showing all events coming from an IP and/user name?

Like function overview?

How can I change the order of the fields in my piechart?

Regex for Dell Quest TPAM logs ?

How to create a graph or table for the following query according to the Status Code ?? Please refer the result below.

95% percentile of the transaction duration

How can I show segments of user login counts sorted by groups of ten per segment (in a pie chart)?

Creating a table from a single event with multivalue field

Connect to a non-default instance of MS SQL server

Display Input Lookup Data

Conditional Sum to find 99% average of total data

Can I dynamically filter on the table?

What syntax can I use to run a search that sorts varying runtimes?

How can I change the time output from this timechart to show time when there is no event?

Is there a meta command to find old lookup files?

How to specify the time range chosen on a chart's y-axis?

Optimisation: Search counting DNS Connections over 30d and 24hrs. Alert when 24hrs is 3* greater than daily "average".

How to filter Windows Events from one host using Regex?

How can I search for hex encoded strings without a wildcard(*)?

Why do I lose data when comparing daily results with previous weeks, same day, using appendcols?

Dynamically changing the x-axis values

Pie chart displaying "other(n)" and "OTHER" fields.

How to break single event(JSON response) to multi events?

How do I extract a field from my raw data using rex command?

How can I compare the count of two hosts?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...