Splunk Search

Discussions

Thread Info

Is there a way to use default.meta to lock down write access to field extractions?

We are considering locking down access to share field extractions. Is anyone aware of a way to do this easily? We wan...

by Champion in

Regex searching using a csv list vs inline RegEx

My search results return a list of FQDN domain names. I need to replace that domain name with an app name when a port...

by Explorer in

Is it possible to set a variable as the x-axis in a table?

Hello, I don't specifically have anything down yet, I was just wondering if it would be possible to set a variabl...

by Engager in

Daily Report for Windows Security Logs

What would be the best search string for to do a Daily Report For Windows Security Logs for a 24 hour period? Is t...

by New Member in

How do I modify the label for x-axis?

I have a lookup table similar to the following: Week Status Number 13 May 17...

by Builder in

How to edit my search to return a chart which counts failed and successful service executions and group by service name?

Hey Splunk community. i want to create a search that returns a chart which counts the failed and successful servic...

by New Member in

How to write a search for continuous day count?

I have a scenario that when i write a search, i will get count for each day. But if there is no count that day, the r...

by Explorer in

Search a keyword in log file

I have a log file with suppose keyword "Completed". Now first thing I want to do in the search is , search for thi...

by Explorer in

How to convert the date which is in text format (YYYY-MM-DD HH:MM:SS) to a new field called "month_name" (MMM)

Hello, I have a field name called "opened_at" where the date in this field is in text format (YYYY-MM-DD HH:MM:SS)...

by New Member in

limit timechart average values to two places

I'm attempting to look at average free memory in GB on a number of servers (named server01, server02, etc) over time....

by Path Finder in

Tracking failed logins followed by successful logins using the transaction command, how can I make the search more efficient?

I've been fooling around with the transaction command as I try and track failed logins followed by successful logins ...

by Influencer in

Ignore Empty valued bars in Bar Chart

I have a report which shows top 3 errors by month,error. i am trying to plot this on a bar chart (Not timechart), so ...

by Communicator in

calculating ratio of fields, grouping and plotting over time - cannot handle 'no results' searches

Hi All, We are using splunk to periodically index (every 5 mins) some CSV files containing the following type of data...

by New Member in

How can I go geoip lookup and plot data on splunk 6 native map?

Hi, I have been using Google Map app mainly for lookup the locations of ipaddress. With Splunk6, I can use native ...

by Motivator in

Keep Greatest 5 Counts by Date

I'm counting exceptions over a 24 hour period. My search looks like this: index=exceptionsindex | bin _time span...

by Communicator in

Urldecode _raw at index time

Hi, I am aware that it can be done at search-time via props.conf: [sourcetype] EVAL-_raw = urldecode(_raw) Is i...

by Motivator in

How to edit my search to find percentage of duplicate events?

Hey Folks, Any suggestions on how to report on the total percent of my events that are duplicates? I can find m...

by Explorer in

How to generate a search to find delta between totals from yesterday and today?

I have a log for a documents database. It gives me a daily report of total documents in each collection (each collect...

by Communicator in

what command will remove status the field from the returned events

what command is used to remove the status field from the returned events

by New Member in

Seeing duplicate events in Search Results ?

I have a source as ///application.log in my inputs.conf.On the servers the application.log will be rolled when it fil...

by New Member in

Duplicate rex field extraction results

In my log files there is a field (path = info.message) that has a certain string. I want to extract a part of that st...

by Explorer in

Rename values extracted into field

Can you rename values extracted into fields? Example - Here is a field i have called "filename" and some examples ...

by Builder in

How many CPU cores required for handling concurrent searches

no . of search head -1 (8 cores) no. of indexers - 4 (24-cores each) So, my system-wide concurrent searches limit ...

by Motivator in

Calculations on fields with multiplier abbriviations

Any ideas on how to handle this - I am imaging a horrible if/string statement, but any other ideas? i have a field...

by Ultra Champion in

how to extract the below words from a log

Hi, I have following sample log string , May 13 14:20:32 pcpsd1sb.smart.net 318324: May 13 14:20:31.282 EDT: %C...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Is there a way to use default.meta to lock down write access to field extractions?

Regex searching using a csv list vs inline RegEx

Is it possible to set a variable as the x-axis in a table?

Daily Report for Windows Security Logs

How do I modify the label for x-axis?

How to edit my search to return a chart which counts failed and successful service executions and group by service name?

How to write a search for continuous day count?

Search a keyword in log file

How to convert the date which is in text format (YYYY-MM-DD HH:MM:SS) to a new field called "month_name" (MMM)

limit timechart average values to two places

Tracking failed logins followed by successful logins using the transaction command, how can I make the search more efficient?

Ignore Empty valued bars in Bar Chart

calculating ratio of fields, grouping and plotting over time - cannot handle 'no results' searches

How can I go geoip lookup and plot data on splunk 6 native map?

Keep Greatest 5 Counts by Date

Urldecode _raw at index time

How to edit my search to find percentage of duplicate events?

How to generate a search to find delta between totals from yesterday and today?

what command will remove status the field from the returned events

Seeing duplicate events in Search Results ?

Duplicate rex field extraction results

Rename values extracted into field

How many CPU cores required for handling concurrent searches

Calculations on fields with multiplier abbriviations

how to extract the below words from a log

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Stay Connected: Your Guide to October Tech Talks, Office Hours, and Webinars!

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions