Splunk Search

Ask a Question

Discussions

Thread Info

Regex Help!

How can I change the format of the filed values using regex. what it is now: 0xBCDDADAF7BSS What I need: remove...

by Builder in

erex command not working for URL fields

I am using Splunk 6.4. I am able to extract many fields from my data using erex comand. However, for URL fields, the...

by Path Finder in

chart time based

Hi , I want a chart exactly like the image attached. My data is input lookup csv file . My time filed name is ...

by Communicator in

pie chart color with eval condition

Am using query "index=level3 host=Test | stats count by Age | sort Age" and visualizing it in a pie chart. Now my...

by Communicator in

Why was the maximum number of real time concurrent searches not increased?

Hi fellow splunkers, I have multiple search heads on which I want to increase the maximum number of (historical an...

by Path Finder in

groupby and ends with value andcount

I have one field with values xyz_onprem abc_onprem gghf_onprem abc_aws gfd_aws I want to see the count of values e...

by Explorer in

What is the rex command to extract the last value from a source field?

Hi .. I need to extract back123 from the source field. pls provide the entire rex command needed to fetch back123 to ...

by Path Finder in

How to display search DEBUG messages in Job Inspector UI?

Looking to how to enable the message block starting with "The following messages were returned by the search subsyste...

by Path Finder in

How to develop a table based on my CSV log format?

I have the following log format and I'm trying to create a table that will have the following format: "Device","Ob...

by Engager in

AND | OR Rex field

Hello. I have a few servers: a,b,c and 1,2,3 Servers a,b,c work with this - base search | rex field=cs_uri_stem "...

by New Member in

Making a where statement that checks run time?

I have this query index=nitro_prod earliest=-30d ESK** (job_class=* OR NOT job_class=*) compl_code=* | fields ap...

by Contributor in

Lookup of DNS from proxy logs to enrich firewall traffic search

I'm looking to enrich a search of firewall IP data with DNS host data from proxy logs. To be clear, I don't want to d...

by Explorer in

How to rename multiple fields in a chart?

When i run the following query, my legend has the values as values(fieldname): index=main source=daily_report sou...

by Path Finder in

How can I end a long running search job using the Splunk API?

If I make a POST request to "services/search/jobs", it will return a job-id. Let's say the job is taking too long, an...

by Engager in

How to get a count of daily active users in the last 3 days?

Hi All, I'm new to Splunk and new to get a count of the daily active users in the last 3 days. Users in our system...

by Engager in

Search generated too much data...

Has anyone run into this message? "Search generated too much data for the current display configuration, results h...

by Path Finder in

How to consolidate events into one event by using a multi-value field to lookup values?

Trying to take a multi-value field using that to lookup values then placing the return information into the correct f...

by New Member in

How to increase truncation limit to display all results in a chart?

Hello Splunkers, These results may be truncated. This visualization is configured to display a maximum of 1000 res...

by Contributor in

How to prevent my timechart search results from being truncated to display all data points?

I am attempting to generate an area chart for the past 15 days using the following search: index=test sourcetype=a...

by Path Finder in

Undocumented Search Operator TERM()

It seems that the undocumented TERM() operator can give quite a performance boost to searches. E.g. I ran a search...

by SplunkTrust in

How to modify my search to get result shown in a visualization chart?

Am using this search index=level3 host=Test | chart count over "Opened" by "Assignment group" I am getting th...

by Communicator in

Stats count with lookups

Hello, I have to get the individual count of three lookups A,B,C. How can I show the count of each lookup n Dashbo...

by Builder in

How to modify my search to find IP addresses that hit exactly one URL?

I'm trying to find IP addresses that hit a specific url and no other. I tried to use set diff but it's not returning ...

by Explorer in

How to assign index of an app to another.

Hi, I have an app called ngcdn and an index (we_accesslog_extsqu) for that app which is looking to a directory. No...

by Contributor in

How to merge a search result with multiple fields and a dbquery with multiple columns matching on one (or more) fields or columns?

I have a table in Oracle that monitors user logins to web apps. When a user accesses the webpage, I see the following...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Regex Help!

erex command not working for URL fields

chart time based

pie chart color with eval condition

Why was the maximum number of real time concurrent searches not increased?

groupby and ends with value andcount

What is the rex command to extract the last value from a source field?

How to display search DEBUG messages in Job Inspector UI?

How to develop a table based on my CSV log format?

AND | OR Rex field

Making a where statement that checks run time?

Lookup of DNS from proxy logs to enrich firewall traffic search

How to rename multiple fields in a chart?

How can I end a long running search job using the Splunk API?

How to get a count of daily active users in the last 3 days?

Search generated too much data...

How to consolidate events into one event by using a multi-value field to lookup values?

How to increase truncation limit to display all results in a chart?

How to prevent my timechart search results from being truncated to display all data points?

Undocumented Search Operator TERM()

How to modify my search to get result shown in a visualization chart?

Stats count with lookups

How to modify my search to find IP addresses that hit exactly one URL?

How to assign index of an app to another.

How to merge a search result with multiple fields and a dbquery with multiple columns matching on one (or more) fields or columns?

Monitoring Amazon Elastic Kubernetes Service (EKS)

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

Explore the Latest Educational Offerings from Splunk (November Releases)

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6