Splunk Search

Discussions

Thread Info

Create a table that shows last 5 days and timestamps of found events each day

Hello, I want to create a search that looks for events that contain a value for a field, and then show the timesta...

by Communicator in

How to accommodate dashboard in a screen? Is there a way to automatically adjust the chart display properties according to screen size?

I have developed few dashboards having multiple reports (Couple of pie charts ,and 2 trend line report) are part of d...

by New Member in

pipeline as first character in search query

Hi all, I would like to ask what is the meaning of using pipeline as first character in search query. I saw some v...

by New Member in

Hi i want to join a field from log file and lookup table

for eg in a.log file i have data as dept_id Name Leave_count 1 xx 9 2 yy 8 3 zz 4 and have a b.csv lookup table f...

by New Member in

How to display the time in _time?

I need to display the maximum count of users logged in per day (at what time). I am able to get the max user count...

by Engager in

How compare variable URLs in a log against a lookup table of significant, matching substrings?

I have large variable URLs being logged that may include a unique substring somewhere within that is significant. How...

by Explorer in

stacked bar chart with my data- is it possible?

Hi I have a search which gives data similar to: Name, X1, X2, Y1, Y2, Z1, Z3 name1, A, , A , ,...

by Path Finder in

Splunk DB Connect: Is there a way to stop the dboutput command from restricting the result set to 50,000 rows?

Hello, I’m trying to send data to a SQL database using the dboutput command and my result set is being restricted to ...

by Explorer in

How to add fields to already indexed events?

Suppose I have "request event" and "response event" They are linked together by the same value of the field id Fie...

by Explorer in

How to build a trend chart that compares today's result with previous day, week, and month for the same time frame?

I have a search result having a column line_count, which gets incremented every 5 min on the basis of my events comin...

by Path Finder in

Return sources with event absent

I am trying to create a search to return the source name for applications that have not been restarted in the last 30...

by Path Finder in

gaps in line graph

I have an advanced xml view set up with some line graphs, but it seems that on the graphs that do not have a large da...

by Builder in

How to group URLs in my sample data while ignoring "/{id}" AND OR "/logs" or "/messages/" segments?

below example : matching employee with 100 and 800 are accessing comments url localhost/employees/100/comments local...

by New Member in

I have developed a good search, but need to notify a recovery or alert depending on the output of the search. The difference between the two outcomes is just a couple of lines that I have not been able to configure in a single search

Snippet of search SEARCH | eval runmacro = if(deltadif="NO","TurnTimeRecovered","TurnTimeWarning") runmacro comme...

by New Member in

How to change the color for a datavalue text in column chart

I've created a column chart and displayed datavaule on the column, but the color datavalue text are very light and di...

by New Member in

No results using earliest and latest

Hello, I'm trying to complete a simple request such as : earliest="04/12/2017:08:24:24" lastest="04/12/2017:09:...

by Explorer in

Masking data using regex during Indexing

Hi All I am trying to mask account numbers at indexing. So I have the respective entries in props.conf and transfo...

by Path Finder in

How to change colors of different columns in a Column chart.

I am executing a query and basis of that column chart is being build under visualization. Each column denotes a diffe...

by Path Finder in

Timechart with events/h and average events per hour

Hello, I want to create a timechart that shows the amount of events per hour in the last 24 hours, and a line in ...

by Communicator in

Convert splunk time format to epoc time.

Hi, Can we convert splunk specific time to epoc time ? For example: -4h@h I am using a search query in whi...

by Builder in

streamed search execute failed because " error in "litsearch" command Your Splunk license expired or you have exceeded your license limit too many times

Hi, https://answers.splunk.com/answers/452895/error-in-litsearch-command-your-splunk-license-exp-1.html But i a...

by Path Finder in

Splunk Alerts & Dashboard Panels

Hi All, I have configured an alert to trigger based on when a the tcpout queue size breaches 80% - as per the SPL ...

by Path Finder in

How To Join Results From Multiple Searches

I'm trying to create a simple control chart (where I show a line 3 standard deviations away from the mean). I just ne...

by Explorer in

How to write a regular expression for extracting OS version number from User Agent in my sample data?

How do we write a regular expression to extract a OS version from the User Agent considering the fact that UserAgent ...

by Explorer in

How to increase the results for append/appendcols?

Hi, In my query, i'm using append command to add the sub search with main search. But I'm getting max. of 50,000 even...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Create a table that shows last 5 days and timestamps of found events each day

How to accommodate dashboard in a screen? Is there a way to automatically adjust the chart display properties according to screen size?

pipeline as first character in search query

Hi i want to join a field from log file and lookup table

How to display the time in _time?

How compare variable URLs in a log against a lookup table of significant, matching substrings?

stacked bar chart with my data- is it possible?

Splunk DB Connect: Is there a way to stop the dboutput command from restricting the result set to 50,000 rows?

How to add fields to already indexed events?

How to build a trend chart that compares today's result with previous day, week, and month for the same time frame?

Return sources with event absent

gaps in line graph

How to group URLs in my sample data while ignoring "/{id}" AND OR "/logs" or "/messages/" segments?

I have developed a good search, but need to notify a recovery or alert depending on the output of the search. The difference between the two outcomes is just a couple of lines that I have not been able to configure in a single search

How to change the color for a datavalue text in column chart

No results using earliest and latest

Masking data using regex during Indexing

How to change colors of different columns in a Column chart.

Timechart with events/h and average events per hour

Convert splunk time format to epoc time.

streamed search execute failed because " error in "litsearch" command Your Splunk license expired or you have exceeded your license limit too many times

Splunk Alerts & Dashboard Panels

How To Join Results From Multiple Searches

How to write a regular expression for extracting OS version number from User Agent in my sample data?

How to increase the results for append/appendcols?

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions