Splunk Search

Discussions

Thread Info

how to create dashboard app

I have a dashboard and i want to make that dashboard as an app so that i can push it to other search heads . But my q...

by Path Finder in

Search query and calcs for dashboard presentation

I need to be able to query two values called Success and Failed (different criteria for each), and then do some quick...

by New Member in

Does tstats use datamodels the same way Pivot does?

After reading through the Splunk documentation on pivot a few times, I noticed that it describes how it works with re...

by Communicator in

retreiving current logged in user and using in search

I tried below command to retrieve current logged in user | rest /services/authentication/current-context | table u...

by Explorer in

Collect bins time?

OK, this is driving me crazy. I have a normal time in _time (displayed as yyyy-mm-dd HH:MM:SS). I collect it into an ...

by Explorer in

How to calculate the percentage of the Top 10 products sold over monthly total value per product

Hello everybody, I need to calculate the total sales value by product over month and calculate the percentage in r...

by New Member in

Resources used by each saved search

Hi. I wanted to find out if Splunk is able to show the CPU and memory usages from each savedsearch. Thanks.

by Communicator in

Any way to align a long field value?

When I insert my search query, both fields solution, and description, are displayed in a very long string, where the ...

by Path Finder in

How to reduce the cisco ASA logs using regex?

Hi, Is there a way to ignore a event containing the message before indexing using regex in props.conf and transfor...

by Builder in

static set of values for query

Hi How can I pass a static set of values to the query. For example an array of computer names to a query that list a...

by Path Finder in

Getting count of field instead of a list of them

Hello, I am getting a stack of CVE field values, I just wanted to display the number of them (count). Here is my c...

by Path Finder in

Timechart - Use with other time values in event not _time

I currently have a feed that indexes fine, however within the message there are various other timestamps that I'd lik...

by Engager in

Why do standard navigation menu items disappear on custom dashboards?

In the latest versions of Splunk 6.2+, the navigation menu items disappear on any custom dashboard. Only the first "S...

by Communicator in

How to exclude condition from search depending on variable?

Hi! On my dashboard there is the dropdown list. I want to exlude its token criteria from search query if default v...

by Path Finder in

how to search events with a common value

Hi to all, I need to find if a user performs a login and a logout in 15 seconds performed by the same user (same c...

by Explorer in

regex for selecting all fields except specified fields

Hi, Could you please help me to select all the fields except specified fields. My data is pipe separated. My Data:...

by Path Finder in

How to append the field by matching two different data source

I have one Source =”ABC.csv” and a lookup “a_alert”. ABS.csv contains fields such as ID, Description (200 free cha...

by Path Finder in

how to do search median

Hi Ihave a question this is input date item field_1 field_2 field_3 2016/01/01 x 1 ...

by New Member in

earliest - latest question

I'm a newby so forgive my ignorance with Splunk. I'm running this real time and only want it to run from 6:30am to 10...

by New Member in

How to generate an IIS search for how many transactions have hit a single server?

New to Splunk and am having trouble writing a search that would tell me how many IIS transactions have hit a single s...

by New Member in

Formatting axis lables on a time based chart

I have a search that uses timechart to show a count of certain events per day for a one month period. Nothing fancy: ...

by Path Finder in

How do I troubleshoot why Splunk has stopped indexing data and searching "index=_internal" produces no results?

Hi everyone, I have a big issue. Since Friday, my single node Splunk instance stopped indexing data. I was in the ...

by Communicator in

Foreign key

by Path Finder in

How to search in scheduled report

Hi, Is it possible to search in a scheduled report? I scheduled a request in a report because this request takes s...

by Engager in

How do you combine two or more values from search results into one?

I need to produce a report that shows average use of an app over a certain period of time. I noticed in the log the a...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

how to create dashboard app

Search query and calcs for dashboard presentation

Does tstats use datamodels the same way Pivot does?

retreiving current logged in user and using in search

Collect bins time?

How to calculate the percentage of the Top 10 products sold over monthly total value per product

Resources used by each saved search

Any way to align a long field value?

How to reduce the cisco ASA logs using regex?

static set of values for query

Getting count of field instead of a list of them

Timechart - Use with other time values in event not _time

Why do standard navigation menu items disappear on custom dashboards?

How to exclude condition from search depending on variable?

how to search events with a common value

regex for selecting all fields except specified fields

How to append the field by matching two different data source

how to do search median

earliest - latest question

How to generate an IIS search for how many transactions have hit a single server?

Formatting axis lables on a time based chart

How do I troubleshoot why Splunk has stopped indexing data and searching "index=_internal" produces no results?

Foreign key

How to search in scheduled report

How do you combine two or more values from search results into one?

Fun with Regular Expression - multiples of nine

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

What’s New & Next in Splunk SOAR

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions