Splunk Search

Ask a Question

Discussions

Thread Info

Bar color based on value on chart

Hi everbody i want to create color bar chart which color change based value. i see different example for stats but...

by Path Finder in

Splunk Health Check (Warning, Info and N/A)

Hi Guys, Good Day! Regarding on our Splunk servers, we've performed a health check and we found some warning, i...

by New Member in

Wildcard in Field Value for where clause

I am currently running this search to populate a table in a dashboard: dedup clientcert sortby "-date" | where cli...

by New Member in

Multiple Login Failure Attempts

How can I search for 10 failed logon attempts within a 5 minute timeframe?I could try timechart, but a 24 hour period...

by Path Finder in

Return fields based on boolean value

Hi, I have a saved search used by a dashboard which should return different fields based on the boolean value of a...

by Explorer in

Any difference between NULL and null() in eval?

In an eval expression, is there any difference between using NULL and null()? Use case: I want to return null in a...

by Builder in

Why when I use "\\" it shows results with only one "\"

I'm currently creating a search and in my search I entered the following source="FileName.csv" \ OR SMS In the...

by Engager in

How can I show all x-axis labels , even result is zero with timechart command

I want data for the last ten months, but few months doesn't have data,I am using | timechart span=1mon count then I a...

by Communicator in

Is there an inverse to the IN Command?

Hi Everyone, I recently found the IN command IP IN (10.72.168.*, 10.94.102.*, 10.80.134.*) I was curious...

by New Member in

Conditional Search items

I'm trying to create a conditional which will search using one of two search terms based on an IF statement. A sim...

by Engager in

How to draw a Chart with Duration field in HH:MM:SS format.

I have duration field in seconds. I can draw graph using that field. However, I want graph using duration field in HH...

by New Member in

How to keep Distinct fields correlated after merging with Stats command?

Quick explanation of my Data format: Sourcetype "A" Field_ID, Field_Name Sourcetype "B" Field_ID, Interesting_F...

by Explorer in

How to pull the event or logs from Trend micro deep security for splunk

Hi Team, we have installed the Trend micro deep security for splunk and not getting any logs form trend micro. Co...

by Explorer in

How to append a total row for a column chart?

Hi, so I currently have a column chart that has two bars for each day of the week, one bar is reanalysis and one is r...

by Path Finder in

Why is my search not returning any results?

Can anyone tell me why I am not returning any results? index=nessus cve=* | eval CVSS_SCORE = cvss_base_score + cv...

by Path Finder in

Is it possible to use wildcards to search by the last letter of a string?

I am looking for specific usernames in my data set that end in "a". What would the syntax be to search the username f...

by New Member in

How to create a table listing users and unique values for other associated fields as HostName or Access?

I have the following fields: User HostName Access User A machine A SSH User A machine A VPN User A machine B SSH U...

by Influencer in

How can I select the index to search dynamically?

I want to say | eval my_index=(something, probably using if) | append [index=(whatever my_index is)] How can I...

by Path Finder in

How handle case-sensitive results from a subsearch?

I have created a dashboard that allows me to search my sendmail logs for some component of a mail transaction (e.g. m...

by Engager in

two action against source IP

I have top 5 source IP dashboard, I want to perform two action 1- when i select source IP it shoud go to external...

by Communicator in

I need to display all the values in the below search

index="index1" PROJECTNAME="*" ( OBJECT_TYPE="*" OR OBJECT_TYPE="*" ) | dedup PROJECTNAME OBJECT_TYPE NAME |map [sea...

by Explorer in

'rex' command in 6.6.2 Splunk

I am trying to use the 'rex' command in one of our searches but not successful, the same search was working 1 month b...

by Path Finder in

Search Factory: Unknown search command 'vt'.

Hi Team, We have installed Virus Total Checker app as well as Enterprise Security Suite App in our Search Head ser...

by Path Finder in

show data as in the order defined in query

I have a chart shows counts of Policies under different Policy Amount ranges (eg: 10000-50000). Query: index|rena...

by Communicator in

How to merge rows in a table column if the value is repeating?

I need to merge rows in a column if the value is repeating. My search output gives me a table containing Subsystem...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Bar color based on value on chart

Splunk Health Check (Warning, Info and N/A)

Wildcard in Field Value for where clause

Multiple Login Failure Attempts

Return fields based on boolean value

Any difference between NULL and null() in eval?

Why when I use "\\" it shows results with only one "\"

How can I show all x-axis labels , even result is zero with timechart command

Is there an inverse to the IN Command?

Conditional Search items

How to draw a Chart with Duration field in HH:MM:SS format.

How to keep Distinct fields correlated after merging with Stats command?

How to pull the event or logs from Trend micro deep security for splunk

How to append a total row for a column chart?

Why is my search not returning any results?

Is it possible to use wildcards to search by the last letter of a string?

How to create a table listing users and unique values for other associated fields as HostName or Access?

How can I select the index to search dynamically?

How handle case-sensitive results from a subsearch?

two action against source IP

I need to display all the values in the below search

'rex' command in 6.6.2 Splunk

Search Factory: Unknown search command 'vt'.

show data as in the order defined in query

How to merge rows in a table column if the value is repeating?

Data Persistence in the OpenTelemetry Collector

Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever

Community Content Calendar, September edition

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions