Splunk Search

Ask a Question

Discussions

Thread Info

How to edit my search to aggregate the resulting counts by host type?

Hi there, I want to know if this is possible: I have a simple search: index=myindex host=myhost* | stats cou...

by New Member in

How to insert a search box in large table of data that is derived from a search on a dashboard?

Hello, We are using a search which displays data in a table format on a dashboard. As result, the table is too lar...

by Builder in

How to use rex to extract JSON format to 2 keyValue pairs?

2016/11/14 17:27:35:449||DeviceID=12C95D85-AC78-499A-A018-E8ADB1CC6D0E||LogLevel=Info||AppVersion=v1.0.4.8(1.0)||OSTy...

by New Member in

What is the regular expression for my sample events?

HI, i am trying to extract the last field using field extractor but its not working. can anyone help me to write rege...

by Communicator in

How to create a search that will use values from a table to calculate the percentage?

I have a search that outputs a number of log lines in following table format: package | lineCount __...

by Explorer in

How to search the count of IDs processed for multiple response time ranges?

hi i have two fields: IDs and response time in seconds. so by using the response time, i need to break down events 0-...

by Explorer in

How do Accelerated Searches work with retention policies?

I'm trying to plan out retention policies, and I'm unsure about how they play alongside searches that I've marked as ...

by Communicator in

How to create single value chart based on user form inputs to display average response time, a previous time comparison, and a trending arrow?

I would like to create a chart that looks like the mockup in the screenshot. EXPLANATION: I provide 2 user inputs ...

by Path Finder in

How to build a line graph to compare the results of a search with its inverse results?

I must apologize as I have found partial examples of what I am looking for, but I'm not well-versed enough to merge t...

by Explorer in

How to edit my search to find the distinct count by each field value in a list?

Trying to count "violation type" for each program (in regards to AV program, stack pivot, overwrite code, etc etc) an...

by Path Finder in

What does the coalesce command mean in this Splunk search?

What does the below coalesce command mean in this Splunk search? Any explanation would be appreciated eval fieldA=...

by Builder in

How to display a count in the labels on my pie chart?

hi guys... I want to display the count in the labels in the pie chart, and in the title, I want to display another...

by Explorer in

How do I make this into a table?

How do I make this in a table? I have cranial vapor lock this morning.

by Motivator in

Transforms are working on a local Splunk instance, but why are fields not extracted correctly when deployed to my search head cluster?

Having a strange issue. I am trying to set up a transform to automatically extract key/value pairs from a non standar...

by Builder in

Splunk 6.5.0: How to edit my dashboard to set an in-page contextual drilldown with multiple conditions from a table?

Hi fellow Splunkers  I have a table containing various fields such as sourcetype and username etc. I want to enab...

by Engager in

transforms.conf: matching two files in regex

Hello, I am trying to match using regex where the filenames Svc.chk and edb.chk are in Object_Name. The followi...

by New Member in

How do I format Search Processing Language to align the pipes on the left side of the search bar?

How do I format Search Processing Language (SPL) to align the pipes on the left side of the search bar (v 6.5.0)? ...

by Explorer in

get count of field group by another

This should be so simple but I cannot get it to work. I am trying to create a panel that will display a table with th...

by Path Finder in

Why am I unable to pull any events, even though I receive a success message from cURL?

Hi , I am not able to pull events , even I got success message from cURL .Here is my command. c...

by Explorer in

Can you use transpose to eval fields for column totals?

Please help! Using transpose in my search so that each row becomes a column. Then I'd like to count the number of...

by Splunk Employee in

How to see the top 10 categories in each span of a timechart, not for the entire duration of the chart?

i have stacked columns chart that covers 24h w. 1h spans i use timechart's default limit=10 and get 10 categories + O...

by Explorer in

How to create a timechart for indexes with Cisco ASA data, with each row representing each index and a column with an action status?

So I was trying to create an alert for blocked Cisco ASA traffic when there is an increase of 50% or more in today's ...

by Path Finder in

Is there a logging or debug tool to identify all props and transforms that are applied to a particular sourcetype to isolate rogue field extractions?

Hi All, This has happened to myself and other colleagues on more than one occasion. We go to resolve some issues w...

by Builder in

How do I edit my search on usernames to also table associated passwords?

I am getting Username and User id Fields while search using username, then I pipe it and search user ID to get the pa...

by New Member in

How to delete data points with null values by host to produce a continuous linear graph?

Hello, I want to delete the time point if there is the one or more host max(time)>avg(time)+5 at that point in tim...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to edit my search to aggregate the resulting counts by host type?

How to insert a search box in large table of data that is derived from a search on a dashboard?

How to use rex to extract JSON format to 2 keyValue pairs?

What is the regular expression for my sample events?

How to create a search that will use values from a table to calculate the percentage?

How to search the count of IDs processed for multiple response time ranges?

How do Accelerated Searches work with retention policies?

How to create single value chart based on user form inputs to display average response time, a previous time comparison, and a trending arrow?

How to build a line graph to compare the results of a search with its inverse results?

How to edit my search to find the distinct count by each field value in a list?

What does the coalesce command mean in this Splunk search?

How to display a count in the labels on my pie chart?

How do I make this into a table?

Transforms are working on a local Splunk instance, but why are fields not extracted correctly when deployed to my search head cluster?

Splunk 6.5.0: How to edit my dashboard to set an in-page contextual drilldown with multiple conditions from a table?

transforms.conf: matching two files in regex

How do I format Search Processing Language to align the pipes on the left side of the search bar?

get count of field group by another

Why am I unable to pull any events, even though I receive a success message from cURL?

Can you use transpose to eval fields for column totals?

How to see the top 10 categories in each span of a timechart, not for the entire duration of the chart?

How to create a timechart for indexes with Cisco ASA data, with each row representing each index and a column with an action status?

Is there a logging or debug tool to identify all props and transforms that are applied to a particular sourcetype to isolate rogue field extractions?

How do I edit my search on usernames to also table associated passwords?

How to delete data points with null values by host to produce a continuous linear graph?

What's New in Splunk Cloud Platform 9.3.2411?

Buttercup Games: Further Dashboarding Techniques (Part 6)

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

bandwidth utilization percentage

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static