Splunk Search

Discussions

Thread Info

How to chart multiple field values on the y-axis with a single value on the x-axis?

I have hosts with multiple sql id and elapsed time. I have to chart, per host, sql ids against elapsed time. Can anyo...

by Explorer in

stats conditional count

I want to count the number of times that the following event is true, bool = ((field1 <> field2) AND (field3 < 8)), f...

by Motivator in

how to add a threat_score in splunk search

Hi I have to creat a total_threat_score field which will be the total of all other score fields like if act...

by New Member in

Merge multipel events

Hi, I have something like this. ID date(month) avgValue1 avgValue2 avgValue3 ... 111 2016-06 ...

by Engager in

Search for license violation history all time

Hi! How can i find all the violations in the past? I have tried using this search and change time to all time but onl...

by New Member in

how to get domain name, domain user name from active directory logs

how to get domain name, domain user name from active directory logs 11/22/2016 04:15:20 PM LogName=Security Sourc...

by New Member in

calculate duration on a custom time stamp

my time stamps are in %H:%M format. one of which is a custom time stamp from my json file. is there a way i can calc...

by New Member in

Searching EventCodes for logon and logoff events, LOGON_ID includes 0x0 before actual LOGON_ID. How do I exclude the 0x0?

I am trying to build a report that shows how long a user was logged on. To do this, I am trying to match LOGON_IDs fo...

by Path Finder in

How to create a regular expression for a field in a log file?

Hi, first of all thanks for help me. I have this log file: 2016-11-21T16:29:25.690+0100 INFO 2867 com.l7tech...

by New Member in

!= in splunk

i have two fields uderid and serial number. i need to find all the machines whose userid is not equal to serial numbe...

by New Member in

Replace/enhance informations inside searched data with (additional) text-file informations

Hello, i hope you understand what i want to do... (normally: german ;-)) I want to add additional data into my indexe...

by New Member in

How to use the time picker $earliest$ and $latest$ time set by the user in my custom Python search command?

Hi, I'm trying to use the $earliest$ and $latest$ time set by the user time picker in my custom search command. I'...

by Engager in

How to edit search to find the amount time an event is in multi states?

I have an index with 30+ fields. One of the field is state. I want to find amount of time an event is in a particular...

by New Member in

How to use eval with Pivot?

I need to generate a calculated field in Pivot with no luck. I tried this: | pivot Statistics HTTP sum(eval(cou...

by New Member in

How to display 2 fields as a single field in Splunk with the greater value first?

I have a string in my search as below which combines the two fields A and B eval big_and_small=A."and".B Now ...

by Builder in

How to search for user details, the search query that was run, and the URL of users running real time searches?

I want to display the user details, search query that was run, and url of the user who are running the real time sear...

by Communicator in

Rex for extracting OS types

Can someone please help me extract all different OS types from my logs. is there anyway Single rex query i can write ...

by Explorer in

Display a timechart count as positive and negative values.

I've a standard time chart, counting up HTTP error codes. It's all fine, however I'd like to separate out the error-t...

by New Member in

How to search for critical nessus findings and correlate remediation

I have my nessus data in splunk, and in my example below I would like to search for all critical findings, and for ea...

by Engager in

How to enable the Search Assistant in 6.5.0?

I am using 6.5.0 of Splunk with the Free license install. When in the Search and Reporting screen, I get no Search As...

by Path Finder in

How to compare the last 7 days' average with yesterday's average?

I have a Splunk search as below: earliest=-1d@d latest=@d index="abc" sourcetype="def" | stats earliest(date_hour)...

by Builder in

How do I assign an extracted field from a subsearch to be the source in an outer search?

I have a search from which I extracted field A. In the second search, how do I assign A to be the source of the secon...

by Explorer in

How to assign the field value from a subsearch to outer search?

Query I am using is : index=anyvalue host=anyvalue keyword [search index=anyvalue host=anyvalue source=y/y/y/y| field...

by Explorer in

How to calculate respose time between two events

I have a table as below. I need to calculate the time difference between the below two events. request_pid _time M...

by New Member in

How do I bin counts per day then show a distribution of count per day?

So if I have over the past 30 days various counts per day I want to display the following in a stats table showing th...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to chart multiple field values on the y-axis with a single value on the x-axis?

stats conditional count

how to add a threat_score in splunk search

Merge multipel events

Search for license violation history all time

how to get domain name, domain user name from active directory logs

calculate duration on a custom time stamp

Searching EventCodes for logon and logoff events, LOGON_ID includes 0x0 before actual LOGON_ID. How do I exclude the 0x0?

How to create a regular expression for a field in a log file?

!= in splunk

Replace/enhance informations inside searched data with (additional) text-file informations

How to use the time picker $earliest$ and $latest$ time set by the user in my custom Python search command?

How to edit search to find the amount time an event is in multi states?

How to use eval with Pivot?

How to display 2 fields as a single field in Splunk with the greater value first?

How to search for user details, the search query that was run, and the URL of users running real time searches?

Rex for extracting OS types

Display a timechart count as positive and negative values.

How to search for critical nessus findings and correlate remediation

How to enable the Search Assistant in 6.5.0?

How to compare the last 7 days' average with yesterday's average?

How do I assign an extracted field from a subsearch to be the source in an outer search?

How to assign the field value from a subsearch to outer search?

How to calculate respose time between two events

How do I bin counts per day then show a distribution of count per day?

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions