Splunk Search

Discussions

Thread Info

How do I use a timerange picker in conjunction with a saved search on a dashboard?

I have some dashboards that have many panels. What I would like to do is convert these panels to saved searches and t...

by Builder in

In a chart overlay, how to force a line graph to the edges of a column chart?

Created a column visualization, use chart overlay, and overlay a line or two. Look at my chart and see that the lines...

by Motivator in

How to edit my "rex" search in order to extract the User ID in my sample data?

Another regular expression/rex field extraction question: How do I get USERID between timestamp and '@JavaClient' ? ...

by Explorer in

Is there a way to enable DNS caching in Splunk in order to not overwhelm a DNS server with repetitive lookups?

by Motivator in

How to edit my search to display individual event counts for each sourcetype?

I have the following search and it works pretty well, however I need to see the event counts for each of the sourcety...

by Path Finder in

How to make a "rex" search a permanent field extraction in props.conf and transforms.conf?

Hi all, I have this expression to extract the character part of one string: ... | rex field=Equipment "^(?<TEST...

by Builder in

How do I get Splunk to use meaningful variable name labels?

I'm a Newish Splunk Power-user. I have indexed results from analyzed emails from the publicly available Enron /maildi...

by Explorer in

Why does Splunk Cloud Instance URL return "Error 500"?

My Splunk Cloud trial URL returns "Error 500". How do I recover and complete the eval? URL is https://prd-p-wls4v9...

by New Member in

Is there a way to to further extractions from an existing search time extraction using props.conf or transforms.conf?

Currently I'm doing an extraction on a log file like so: [AUDIT_PARSE] REGEX = \x5b[^\x5d]+\x5d\s+(\w+)\s+(?:\x7b(...

by Explorer in

Mixed column and line chart

Is it possible to create a mixed column and line chart? Ideally, I'd like to create a chart with a couple of stacked ...

by Communicator in

How to troubleshoot why users get 404 not found error when querying the REST endpoints?

One of our clients is trying to use REST API services. He is working on a Web/mobile team which is considering an inn...

by Explorer in

How to edit my search to find the amount of license usage per Active Directory event code?

how would i search to see how the amount of license usage per Active Directory (AD) event code? looking to add it to...

by Contributor in

How to compose a search to compare the difference between hosts?

I am trying to build an alert off based of a search that shows me only hosts that have not logged the following strin...

by New Member in

How to use an existing saved search/report as a subsearch?

I'd like to prevent code / search syntax duplication; but often times I want to use the results of a saved search to ...

by Communicator in

Save value into a variable

Hi, I use Talend Open Studio to collect data on Gitlab (via Gitlab API) and send them to Splunk. As Gitlab cont...

by New Member in

How to make combine multiple string searches and count all combinations

I am logging some settings and whether they are enabled or disabled. I want to make a table combining some of the opt...

by Engager in

extract field using rex

Hello All I have used below rex to get 585315 into field Username (?<=User\.\.\.\.\.\.\............).*?(?=\s) ...

by Path Finder in

How to edit my search to improve the performance?

One of our searches is too slow, it takes more than few minutes to execute results. We have indexed lookup data (firs...

by Explorer in

Count table value pair

I have a table like this derive from search I need to have it formatted like this. Like counting the username-de...

by New Member in

How to edit my search to calculate the average number of tickets per week based on categories?

I am trying to determine the average number of tickets per week based on the unique number of categories for the tick...

by Explorer in

How to search for all events for a transaction if there is no unique ID?

Hi everybody ... i have these kind of logs in my environment. every transaction has these 4 log messages but there is...

by Explorer in

How do I insert a label into a field using the stats command?

Good day I have been trying to create a summary row for columns of a table. I started using the addcoltotals comma...

by Explorer in

How do I pull data from a subsearch?

So I have the following search: search host="MY_IP_LIST" index="test" earliest="1/5/2017:00:00:01" latest="1/5/2017:1...

by Explorer in

How to create a new internal IP field, at search time, from src and dest IP fields?

I'd like to create a field at search time, we'll call it internal_ip. I can already filter by CIDR block and get the ...

by Communicator in

How to force a scripted input to be run at search time, in order to use remote data?

I'm writing a health check dashboard and I want to invoke one of my normal input scripts, on demand, at the time the ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do I use a timerange picker in conjunction with a saved search on a dashboard?

In a chart overlay, how to force a line graph to the edges of a column chart?

How to edit my "rex" search in order to extract the User ID in my sample data?

Is there a way to enable DNS caching in Splunk in order to not overwhelm a DNS server with repetitive lookups?

How to edit my search to display individual event counts for each sourcetype?

How to make a "rex" search a permanent field extraction in props.conf and transforms.conf?

How do I get Splunk to use meaningful variable name labels?

Why does Splunk Cloud Instance URL return "Error 500"?

Is there a way to to further extractions from an existing search time extraction using props.conf or transforms.conf?

Mixed column and line chart

How to troubleshoot why users get 404 not found error when querying the REST endpoints?

How to edit my search to find the amount of license usage per Active Directory event code?

How to compose a search to compare the difference between hosts?

How to use an existing saved search/report as a subsearch?

Save value into a variable

How to make combine multiple string searches and count all combinations

extract field using rex

How to edit my search to improve the performance?

Count table value pair

How to edit my search to calculate the average number of tickets per week based on categories?

How to search for all events for a transaction if there is no unique ID?

How do I insert a label into a field using the stats command?

How do I pull data from a subsearch?

How to create a new internal IP field, at search time, from src and dest IP fields?

How to force a scripted input to be run at search time, in order to use remote data?

Can’t make it to .conf25? Join us online!

What Is Splunk? Here’s What You Can Do with Splunk

Level Up Your .conf25: Splunk Arcade Comes to Boston

Manual Instrumentation with Splunk Observability Cloud: How to Instrument Frontend ...

User could not act as admin in splunk

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!