Splunk Search

Discussions

Thread Info

'rex' command in 6.6.2 Splunk

I am trying to use the 'rex' command in one of our searches but not successful, the same search was working 1 month b...

by Path Finder in

Search Factory: Unknown search command 'vt'.

Hi Team, We have installed Virus Total Checker app as well as Enterprise Security Suite App in our Search Head ser...

by Path Finder in

show data as in the order defined in query

I have a chart shows counts of Policies under different Policy Amount ranges (eg: 10000-50000). Query: index|rena...

by Communicator in

How to merge rows in a table column if the value is repeating?

I need to merge rows in a column if the value is repeating. My search output gives me a table containing Subsystem...

by Path Finder in

How to remove all identical events and keep the latest event for each different timestamp in a transaction search?

We tried this search below: index=test | eval dup=_raw | convert ctime(_time) as T1 | transaction dup mvlist=t ...

by Observer in

query is reaching memory limit and auto-finalizing, is there a way to optimize the query and prevent this from happening?

Query : index=INDEXA earliest=-7d@d latest=@d sourcetype=GHI "service=randomservice" (api_name=API1 OR api_name=API2 ...

by Explorer in

How to use the Rex command with text copied from Field Extractor?

Hello all, I've used the field extractor to pull out the following field, but because the permissions are a little...

by Explorer in

Stats Count not returning expected Results - Difference in count over single date and span covering same date

HI Guys, Just noticed something a little strange, I am running a query to cont the number of a certain transactio...

by Path Finder in

How to edit my search to list jobs in a table per user, per day?

Hello, One of my co-workers is using a search to make a table listing the days the events of interest took place, ...

by Path Finder in

How to get a Line Chart with 3 Split by Clauses?

I have a set of lab samples that have a Percent value measured in 3 different locations across the sample, identified...

by Path Finder in

How to find and stop real time searches running on indexers?

Hi there, I am seeing some real time searches running on indexers. Can I please know how real time searches are ru...

by Path Finder in

How to add the duration of the last event in a transaction to the total duration?

I am trying to use the transaction command to group events within 5 minutes of each other, and have set up fields to ...

by New Member in

How to set a Variable from an Eval match?

I am trying to set a new variable for each event, by using the eval command. Maybe I should a different command? I...

by Path Finder in

Variable in eval for URL

I'm sure this is fairly simple to do, just can't seem to find the right way to do this. Let's say that I have a se...

by New Member in

Timechart - Replace "No Results Found" with "No Activity for Today"

Hello (again), To go along with my previous question regarding using span=10 minutes using the following search: i...

by Communicator in

Timechart on field other than _time

Hello, I'm working on a time chart that needs to chart based on the time retrieved from the database. So far, the ...

by Path Finder in

Introspection search_group assignment

We're monitoring our splunk environment through the DMC as well as a hand built dashboard consisting of data from the...

by Contributor in

How to show a percentage of the total events in a pie chart

I feel dumb for asking something so simple, but I can't make this work. I'm trying to show a percentage I've calculat...

by Path Finder in

timechart x-axis tick marks every month

I want my timechart to show system logins for the last 12 months my search is sourcetype="logins" | timechart dc(U...

by SplunkTrust in

How to sum of distinct count of different fields?

I need to sum of distinct count(emal_id) if event_name=email and distinct_count(person_id) if event_name=push. And su...

by New Member in

timechart - Trying to bucket by 10 minutes - Displaying every minute

Hi, I am doing the following: index=wineventlog user="*.ad" TaskCategory="Security Group Management" |bucket _time...

by Communicator in

Set Sort Order in Splunk Panel

I have made a dashboard with a few panels on it, each of which contains a _time field and an environment field that t...

by New Member in

Need query of sum of distinct count.

I need sum of distinct count for following condition : distinct_count(email_id) where event_name=email and distin...

by New Member in

Searchmanager cannot reuse in for loop in HTML dashboard

Currently, my dashboard is basic on the number of the source and generate the number of chart or table. The struct...

by Path Finder in

Another regex issue

I'm trying to collate groups of Windows EventIDs into categories and use regex to filter a range of them. I cannot ge...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

'rex' command in 6.6.2 Splunk

Search Factory: Unknown search command 'vt'.

show data as in the order defined in query

How to merge rows in a table column if the value is repeating?

How to remove all identical events and keep the latest event for each different timestamp in a transaction search?

query is reaching memory limit and auto-finalizing, is there a way to optimize the query and prevent this from happening?

How to use the Rex command with text copied from Field Extractor?

Stats Count not returning expected Results - Difference in count over single date and span covering same date

How to edit my search to list jobs in a table per user, per day?

How to get a Line Chart with 3 Split by Clauses?

How to find and stop real time searches running on indexers?

How to add the duration of the last event in a transaction to the total duration?

How to set a Variable from an Eval match?

Variable in eval for URL

Timechart - Replace "No Results Found" with "No Activity for Today"

Timechart on field other than _time

Introspection search_group assignment

How to show a percentage of the total events in a pie chart

timechart x-axis tick marks every month

How to sum of distinct count of different fields?

timechart - Trying to bucket by 10 minutes - Displaying every minute

Set Sort Order in Splunk Panel

Need query of sum of distinct count.

Searchmanager cannot reuse in for loop in HTML dashboard

Another regex issue

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions