Splunk Search

Community Activity

How to display one row table in a pie chart? How to display one row table in a pie chart?Thank you for your help.index=test---- Score calculation -----\| table Sco... by LearningGuy Motivator in Splunk Search 11-16-2023 0 3	0	3
Line graph by instance and time Hello, I have the below Splunk search and I want to put the results into a line graph so I can compare all of the dis... by danroberts Explorer in Splunk Search 11-15-2023 0 1	0	1
optimize lookup search I have a lookup file with 50,000 records. When I want to do a search, it takes a lot of time to find my results. Is t... by badoomi New Member in Splunk Search 11-15-2023 0 5	0	5
Automatic lookup during data ingestiont (Splunk cloud) Hi folksI've a KVstore containing the following values: hostname, IP address.This KVstore is updated every hour to en... by pslacik Splunk Employee in Splunk Search 11-15-2023 0 0	0	0
How to extend Splunk log retention to forever? We use splunk for data analysing and monitoring. We have the Service Now add in to collect CMDB data. It goes back an... by johnrbhancock Engager in Splunk Search 11-15-2023 0 3	0	3
Joining two events and compare to needed result Hi , I am trying to find the list of ids that fail from my logs. Say I have 2023-11-14T10:30:30,118 INFO Operation fa... by dharbhm New Member in Splunk Search 11-15-2023 0 6	0	6
inputlookup - count of values including Null Hello,I have a lookup file and I would like to use it to search a dataset and return a table showing each entry in th... by warren Explorer in Splunk Search 11-15-2023 0 4	0	4
Remote desktop user Hi,The code is likeindex=main host=server10 (EventCode=4624 OR EventCode=4634) Logon_Type=3 NOT user="*$" NOT user "... by gjhaaland Explorer in Splunk Search 11-15-2023 0 2	0	2
Alternative/Compliment to stats first() \| makeresults \| eval _raw="id;x;y;z;k a;1;;; a;;1;; a;;;1; a;2;;; a;;2;; a;;;;1 b;1;;; b;;1;; b;;;1; b;2;;; b;;2;; b... by duesser Path Finder in Splunk Search 11-15-2023 0 3	0	3
Join 2 searches which has common fields as 2 different field name with same value Hi, My main goal is to find user id.Index=A sourcetype=signlogs outcome=failureThe above search has a field name call... by Dharani Path Finder in Splunk Search 11-15-2023 0 3	0	3
How do i use if/case functions using lookup table search? Hello,I have a use case where I have a bunch of email alerts that I need to determine the system name for.Examples, l... by umithchada Explorer in Splunk Search 11-14-2023 0 5	0	5
How to find the most recent log event for each user ? Here is what I am attempting to write SPL to show. I will have users logged into several hosts all using a web appli... by sjringo Contributor in Splunk Search 11-14-2023 0 2	0	2
Add description to field value Hello, I have a system log which contains different DNS error messages (in the 'Message' field) and I am looking for ... by phildefer Explorer in Splunk Search 11-14-2023 0 1	0	1
Extract text from message field I need to extract a string from a message body, and make a new field for it. <Junk_Message> #body \| Thing1 \| Stuff2... by codedtech Path Finder in Splunk Search 11-14-2023 0 1	0	1
How do I find all duplicate events? I suspect that I may have duplicate events indexed by Splunk. The cause may be my originating files having dupes OR m... by maverick Splunk Employee in Splunk Search 11-14-2023 17 14	17	14
Join data from 2 indexes Hi All, i have 2 indexes having below 2 queries host,hostname are common for both, want to add sourceIp using 2nd s... by sekhar463 Path Finder in Splunk Search 11-14-2023 0 6	0	6
How to group messages based on substring Hello community. I'm trying to extract information from a string type field and make a graph on a dashboard. In the g... by chimuru84 Path Finder in Splunk Search 11-14-2023 0 12	0	12
How to calculate individual fail time? I have following data:02:00:00 Item=A Result=success 02:00:05 Item=B Result=success 02:05:00 Item=A Result=fail 02:05... by WK Loves-to-Learn in Splunk Search 11-13-2023 0 4	0	4
How to show results if 2 values are true Im trying to get specific results if two values in the same field are true but I keep failingI want to count the numb... by Dallastek1 Path Finder in Splunk Search 11-13-2023 0 3	0	3
Brute Force Attack false alert we had a vendor setup a Splunk instance for us a while ago and one of the things they did was setup a Brute Force att... by MalcolmC New Member in Splunk Search 11-13-2023 0 1	0	1
Dashboard Studio : DataSource gets results. MultiSelect token used in Chain search. Spaces in DS result no go. Good Day Ladies, Gentlemen!It's my first Dashboard Studio experience, and one (1) space boggles me.I have a datasourc... by GEO Engager in Splunk Search 11-13-2023 0 1	0	1
Using a Lookup with wildcard to check on logging status Hello all, I have a lookup with a single column that lists source file names and paths. I want to search an index an... by alferone Explorer in Splunk Search 11-13-2023 0 4	0	4
How to filter row if some fields are empty? Hello,How to filter all row if some fields are empty, but do not filter if one of the field has value? I appreciate... by LearningGuy Motivator in Splunk Search 11-13-2023 0 10	0	10
Help with Rex Field Extraction I am trying to write a rex command that extracts the field "registrar" from the below four event examples. The below ... by scout29 Path Finder in Splunk Search 11-13-2023 0 3	0	3
How does Splunk components and infrastructure work under scheduled search? Hello All,I have a SPL which is scheduled to run each minute for a span of 1 hour.On each execution the search runs f... by Taruchit Contributor in Splunk Search 11-13-2023 0 6	0	6