Splunk Search

Discussions

Thread Info

Remove top from results

I want to remove the top results from my final results. Essentially, removing outliers.

by New Member in

Can I use a where statement to show subsearches that meet two sets of criteria?

I am trying to only show values within a report if both subsearches have a result. I am trying to show reporting on u...

by Contributor in

How to extract multiple values (IP addresses) into one field?

Hi to everyone, If I have this data, a lot of IPs, how can I extract multiple values for a field? (For a config fi...

by Communicator in

Help with regex to Extract HTTP reponse codes

Hello all, I have the below sample events 8 Aug 2017 14:45:54 [WARN ] http_srv: Total latency exceeded threshol...

by Builder in

How to filter Windows Event 4663 at indexing time?

Hello, How to filter out wineventlog with "EventCode 4663" and "Accesses: ReadData (or ListDirectory)", using prop...

by Builder in

How to make X axis display the name of each field?

I have the following query: index=msahc sourcetype=msahc_raw | rex "(?<json_field>{[^}]+})" | mvexpand json_field ...

by New Member in

How to change default color charts

Hi all, I know there is a lot of questions for this matter, but I couldn't find a solution that worked for me. I d...

by Contributor in

How can I create a graph with this table to my simple specifications?

Hello, Using search query, I am able to create a table having two columns as shown below. Col_1 Col_2...

by New Member in

Unable to eval correct epoch time

host=*****| eval Time="17:00:00"|eval Time2="13:00:00" |eval Time=strptime(Time,"%H:%M:%S") |eval Time2=strptime(Ti...

by Explorer in

How to do "Date offset". Query giving output between "Thursday to Thursday", Instead I want it from "Monday to Sunday"

I am using below query to get the data on weekly basis, It is giving me the output on weekly basis but the date that ...

by Path Finder in

Is it possible to add a legend to a pie chart?

I read splunk document on adding legend for pie chart. But I don't see that option for pie chart. This is my search: ...

by Contributor in

Create Columns for Count of Events by Field Value

I am having a bit of trouble figuring out how I can get what I am looking for when it comes to separating out success...

by Explorer in

How to edit my search to display the trend line on a single value visualization?

Hi Fellow Splunkers, I have a search that is using lookup tables to show how many of our hosts are reporting. Whe...

by Explorer in

How to do a host list lookup in a Splunk dashboard, including hosts with no hits?

Hi, I've been asked to make dashboard where one can search for a list of hosts, and get an output with all the hos...

by Builder in

After running a search for a certain time range in Splunk, how can I view the same search results again?

I have searched splunk with one query and also applied some datetime range. Now, I want to see the same search result...

by New Member in

Why am I getting different results for this field extraction?

All, When I search and use rex I get the ports from the Apache logs as expected. Getting all ports 80 and 443 and...

by Builder in

How can I see the total GB used for each server by sourceype?

Can someone help me how to modify the below query for different servers. For example, i have 10 servers like dbm1,dbm...

by Path Finder in

How to search and report when a user logs in and out from a keyboard 'Login Type 2'?

I need to search my index to determine when a user physically logs on to our network. Event 4624 queries result in al...

by New Member in

Heat map using a zip code

Hi, I have the below data in a csv file. I'd like to create a heat map with the count(zip_code) number inside the ...

by Motivator in

How to extract fields containing spaces within quotes in a space-delimited file?

I have a file that is space-delimited. It contains two fields that contain spaces. These fields are surrounded by quo...

by New Member in

How to search for IPs on our network that have not logged in within a 30 day period against a lookup table of IPs?

I have a requirement to find which IPs on our network are not logging in, no activity for a 30 day period. I can run ...

by New Member in

How to convert results of Eval Function

Hello, Looking for some help with my search. The convert works fine for Last and First Occurrence but not sure why no...

by Explorer in

Prediction Question

So I have this data from the previous device release (old model). Date / # subscribers Old Model Data Month 1: 100...

by Explorer in

How to calculate the license usage for specific sourcetype

Can i please know how to calculate license usage of a particular sourcetype from a specific host before indexing ? Fo...

by Path Finder in

What to do if i want to snap out data for some specific days?

for example: if it is saturday and i just want to see events of tuesday and wednesday. How to list event of these two...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Remove top from results

Can I use a where statement to show subsearches that meet two sets of criteria?

How to extract multiple values (IP addresses) into one field?

Help with regex to Extract HTTP reponse codes

How to filter Windows Event 4663 at indexing time?

How to make X axis display the name of each field?

How to change default color charts

How can I create a graph with this table to my simple specifications?

Unable to eval correct epoch time

How to do "Date offset". Query giving output between "Thursday to Thursday", Instead I want it from "Monday to Sunday"

Is it possible to add a legend to a pie chart?

Create Columns for Count of Events by Field Value

How to edit my search to display the trend line on a single value visualization?

How to do a host list lookup in a Splunk dashboard, including hosts with no hits?

After running a search for a certain time range in Splunk, how can I view the same search results again?

Why am I getting different results for this field extraction?

How can I see the total GB used for each server by sourceype?

How to search and report when a user logs in and out from a keyboard 'Login Type 2'?

Heat map using a zip code

How to extract fields containing spaces within quotes in a space-delimited file?

How to search for IPs on our network that have not logged in within a 30 day period against a lookup table of IPs?

How to convert results of Eval Function

Prediction Question

How to calculate the license usage for specific sourcetype

What to do if i want to snap out data for some specific days?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!