Splunk Search

Discussions

Thread Info

How to remove all identical events and keep the latest event for each different timestamp in a transaction search?

We tried this search below: index=test | eval dup=_raw | convert ctime(_time) as T1 | transaction dup mvlist=t ...

by Observer in

query is reaching memory limit and auto-finalizing, is there a way to optimize the query and prevent this from happening?

Query : index=INDEXA earliest=-7d@d latest=@d sourcetype=GHI "service=randomservice" (api_name=API1 OR api_name=API2 ...

by Explorer in

How to use the Rex command with text copied from Field Extractor?

Hello all, I've used the field extractor to pull out the following field, but because the permissions are a little...

by Explorer in

Stats Count not returning expected Results - Difference in count over single date and span covering same date

HI Guys, Just noticed something a little strange, I am running a query to cont the number of a certain transactio...

by Path Finder in

How to edit my search to list jobs in a table per user, per day?

Hello, One of my co-workers is using a search to make a table listing the days the events of interest took place, ...

by Path Finder in

How to get a Line Chart with 3 Split by Clauses?

I have a set of lab samples that have a Percent value measured in 3 different locations across the sample, identified...

by Path Finder in

How to find and stop real time searches running on indexers?

Hi there, I am seeing some real time searches running on indexers. Can I please know how real time searches are ru...

by Path Finder in

How to add the duration of the last event in a transaction to the total duration?

I am trying to use the transaction command to group events within 5 minutes of each other, and have set up fields to ...

by New Member in

How to set a Variable from an Eval match?

I am trying to set a new variable for each event, by using the eval command. Maybe I should a different command? I...

by Path Finder in

Variable in eval for URL

I'm sure this is fairly simple to do, just can't seem to find the right way to do this. Let's say that I have a se...

by New Member in

Timechart - Replace "No Results Found" with "No Activity for Today"

Hello (again), To go along with my previous question regarding using span=10 minutes using the following search: i...

by Communicator in

Timechart on field other than _time

Hello, I'm working on a time chart that needs to chart based on the time retrieved from the database. So far, the ...

by Path Finder in

Introspection search_group assignment

We're monitoring our splunk environment through the DMC as well as a hand built dashboard consisting of data from the...

by Contributor in

How to show a percentage of the total events in a pie chart

I feel dumb for asking something so simple, but I can't make this work. I'm trying to show a percentage I've calculat...

by Path Finder in

timechart x-axis tick marks every month

I want my timechart to show system logins for the last 12 months my search is sourcetype="logins" | timechart dc(U...

by SplunkTrust in

How to sum of distinct count of different fields?

I need to sum of distinct count(emal_id) if event_name=email and distinct_count(person_id) if event_name=push. And su...

by New Member in

timechart - Trying to bucket by 10 minutes - Displaying every minute

Hi, I am doing the following: index=wineventlog user="*.ad" TaskCategory="Security Group Management" |bucket _time...

by Communicator in

Set Sort Order in Splunk Panel

I have made a dashboard with a few panels on it, each of which contains a _time field and an environment field that t...

by New Member in

Need query of sum of distinct count.

I need sum of distinct count for following condition : distinct_count(email_id) where event_name=email and distin...

by New Member in

Searchmanager cannot reuse in for loop in HTML dashboard

Currently, my dashboard is basic on the number of the source and generate the number of chart or table. The struct...

by Path Finder in

Another regex issue

I'm trying to collate groups of Windows EventIDs into categories and use regex to filter a range of them. I cannot ge...

by Engager in

Rex query

For below input I tried search query as index=myindex "Notification"|rex "(MQ) (?\d+) = (?\w+)"|stats count(Notifi...

by Explorer in

Account Creation And Deletion within a given time

Hello, I'm trying to create a query to monitor when users create accounts and then within a given time window delete ...

by Contributor in

Avoid chart skipping every other day label on X-axis

How do I change a chart's X-axis to avoid skipping every other day label like this: Thu Oct 11 ...

by Explorer in

Key value pair extraction

My Sample data is below: 2017-07-17 23:59:43,156 ERROR------------webserver logs from servers------------ Attribut...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to remove all identical events and keep the latest event for each different timestamp in a transaction search?

query is reaching memory limit and auto-finalizing, is there a way to optimize the query and prevent this from happening?

How to use the Rex command with text copied from Field Extractor?

Stats Count not returning expected Results - Difference in count over single date and span covering same date

How to edit my search to list jobs in a table per user, per day?

How to get a Line Chart with 3 Split by Clauses?

How to find and stop real time searches running on indexers?

How to add the duration of the last event in a transaction to the total duration?

How to set a Variable from an Eval match?

Variable in eval for URL

Timechart - Replace "No Results Found" with "No Activity for Today"

Timechart on field other than _time

Introspection search_group assignment

How to show a percentage of the total events in a pie chart

timechart x-axis tick marks every month

How to sum of distinct count of different fields?

timechart - Trying to bucket by 10 minutes - Displaying every minute

Set Sort Order in Splunk Panel

Need query of sum of distinct count.

Searchmanager cannot reuse in for loop in HTML dashboard

Another regex issue

Rex query

Account Creation And Deletion within a given time

Avoid chart skipping every other day label on X-axis

Key value pair extraction

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Product of a Column

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...