Splunk Search

Ask a Question

Discussions

Thread Info

Compare two columns in two lookup files

Hello. I have two lookup files: Firecall.csvPrivileged.csv Both files contain a column with the same name; A...

by Explorer in

Compare two values from extracted fields - if match increment counter

Hi all, Having read a few similar threads I realised they do not quite ask what I need so decided to post a new th...

by Explorer in

How to convert string date format to other date format?

I have string like this 08Aug2017 10:12:55 CDT" I want date format like = 08-Aug-2017 10:12:55 CDT

by Engager in

Not able to get all results to show stats when all field and value events are present with search. What am i missing?

Using the tutorialdata.zip tutorial dataset but cant seem to get the results I want using index=main ("categoryId=*"...

by New Member in

Showing the latest time per single unique value in multiple fields

Hello, my question is linked to the below answer. https://answers.splunk.com/answers/222406/search-to-group-by-countr...

by Explorer in

Can you search a lookup table without specifying a particular field?

Is something like this possible? Basically a freetext search of a lookup table to return the associated rows? |inp...

by Builder in

Dashboard single value sentence including time

Hi all, I'm currently working on a dashboard in Splunk that I am trying to take a count value and include it in a ...

by Path Finder in

What is strptime format for 2017-08-01T11:48:15.000+0000

I want to load a json into splunk. The time stamp of each event is in the format 2017-08-01T11:48:15.000+0000. I used...

by New Member in

How do I use the reverse command to change the order of my table?

Hello, I currently have a table that is ordered by time, ascending. It looks like this: Date | Action 9pm | Or...

by Communicator in

Query including multiple CSV and Rex

Hello everyone, it's been a long long time that I've not used splunk. I would need some help to do a query or two ple...

by New Member in

Filter by URL

How do we filter by URL? I use the search criteria below, however, I'm trying to figure out how will I filter the res...

by New Member in

Floating column chart using simple xml

Hi Experts I am trying to build floating bars in a column chart. The y axis is fixed from 0-24. I want to start the b...

by Communicator in

Expanded stacked column chart

Is it possible to create a column chart that is stacked, but where each part of the stack still occupies its own colu...

by New Member in

Splunk ES detecting changes to OS auth files

Hi All We have a request to generate a notable event in Splunk ES for any changes made in the linux OS to /etc/passwd...

by Contributor in

Tips on using sort and count: It is possible to generate a: "* |stats values(y) count by x | sort -x" but where each value of y is count separately and also sorted?

I'm trying to generate a table where the output is something like this: ValueY ValueX 　　Count ValueY1 V...

by Explorer in

How to get earliest and latest time for the last one hour and compare it with the same hour last week?

How to get earliest and latest time for the last one hour to compare with the same hour last week for which I don't k...

by New Member in

Map fields from two sourcetypes based on a certain time range

Hello, A project I'm working on requires that I monitor who is logging into an application. As it is, the logs of ...

by Path Finder in

Regex formating help

Can anyone help me format a regular expression for Splunk? I can create the regular expression using regexr.com and ...

by Explorer in

Streamstats count

I want a cumulative count of a field that has multiple values. Somehow this isn't working: base search| streamstat...

by Path Finder in

Separate values in stacked bars

How can I still have a separation between 'xls' and 'xlsx' in the bar that says 'Excel'? eval ExtTyp = case(extens...

by Path Finder in

Real-time alert is skipped.

Hello, I have the following message in the scheduler activity window on DMC, that states I have reached the limit ...

by Communicator in

How to show the percentage of unique values

Hi, I have a simple search that uses top to get the top 10 countries: search ........ | top Country It w...

by Path Finder in

How to display dates of month in columns

Hi Team, I have a scenario to display dates of selected month in columns. For Example , if i select August month i...

by Explorer in

Splunk Admin Role- unable to change app visibility.

Hello community, I have splunk admin role on splunk GUI, I access Splunk from web which is hosted on remote machi...

by New Member in

KMZ file with markers on map - How can I add more details to the map?

Hello, I am using a geospatial lookup with a kmz file, it works and shows the polygons on the map, but I need more...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Compare two columns in two lookup files

Compare two values from extracted fields - if match increment counter

How to convert string date format to other date format?

Not able to get all results to show stats when all field and value events are present with search. What am i missing?

Showing the latest time per single unique value in multiple fields

Can you search a lookup table without specifying a particular field?

Dashboard single value sentence including time

What is strptime format for 2017-08-01T11:48:15.000+0000

How do I use the reverse command to change the order of my table?

Query including multiple CSV and Rex

Filter by URL

Floating column chart using simple xml

Expanded stacked column chart

Splunk ES detecting changes to OS auth files

Tips on using sort and count: It is possible to generate a: "* |stats values(y) count by x | sort -x" but where each value of y is count separately and also sorted?

How to get earliest and latest time for the last one hour and compare it with the same hour last week?

Map fields from two sourcetypes based on a certain time range

Regex formating help

Streamstats count

Separate values in stacked bars

Real-time alert is skipped.

How to show the percentage of unique values

How to display dates of month in columns

Splunk Admin Role- unable to change app visibility.

KMZ file with markers on map - How can I add more details to the map?

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!