Splunk Search

Community Activity

What is the regular expression for my sample events? HI, i am trying to extract the last field using field extractor but its not working. can anyone help me to write rege... by rajgowd1 Communicator in Splunk Search 11-16-2016 0 2	0	2
How to create a search that will use values from a table to calculate the percentage? I have a search that outputs a number of log lines in following table format: package \| lineCount ____... by pahilw Explorer in Splunk Search 11-16-2016 1 2	1	2
How to search the count of IDs processed for multiple response time ranges? hi i have two fields: IDs and response time in seconds. so by using the response time, i need to break down events 0-... by prashanthberam Explorer in Splunk Search 11-16-2016 0 3	0	3
How do Accelerated Searches work with retention policies? I'm trying to plan out retention policies, and I'm unsure about how they play alongside searches that I've marked as ... by Ricapar Communicator in Splunk Search 11-16-2016 2 3	2	3
How to create single value chart based on user form inputs to display average response time, a previous time comparison, and a trending arrow? I would like to create a chart that looks like the mockup in the screenshot. EXPLANATION: I provide 2 user inputs to... by namrithadeepak Path Finder in Splunk Search 11-16-2016 0 1	0	1
How to build a line graph to compare the results of a search with its inverse results? I must apologize as I have found partial examples of what I am looking for, but I'm not well-versed enough to merge t... by posava Explorer in Splunk Search 11-16-2016 0 4	0	4
How to edit my search to find the distinct count by each field value in a list? Trying to count "violation type" for each program (in regards to AV program, stack pivot, overwrite code, etc etc) an... by cm22486 Path Finder in Splunk Search 11-16-2016 0 2	0	2
What does the coalesce command mean in this Splunk search? What does the below coalesce command mean in this Splunk search? Any explanation would be appreciated eval fieldA=co... by pavanae Builder in Splunk Search 11-16-2016 0 3	0	3
How to display a count in the labels on my pie chart? hi guys... I want to display the count in the labels in the pie chart, and in the title, I want to display another c... by prashanthberam Explorer in Splunk Search 11-16-2016 0 2	0	2
How do I make this into a table? How do I make this in a table? I have cranial vapor lock this morning. by lycollicott Motivator in Splunk Search 11-16-2016 0 2	0	2
Transforms are working on a local Splunk instance, but why are fields not extracted correctly when deployed to my search head cluster? Having a strange issue. I am trying to set up a transform to automatically extract key/value pairs from a non standar... by paimonsoror Builder in Splunk Search 11-16-2016 0 4	0	4
Splunk 6.5.0: How to edit my dashboard to set an in-page contextual drilldown with multiple conditions from a table? Hi fellow Splunkers  I have a table containing various fields such as sourcetype and username etc. I want to enable... by jwahlgren Engager in Splunk Search 11-16-2016 0 2	0	2
transforms.conf: matching two files in regex Hello, I am trying to match using regex where the filenames Svc.chk and edb.chk are in Object_Name. The following d... by keyivr New Member in Splunk Search 11-16-2016 0 3	0	3
How do I format Search Processing Language to align the pipes on the left side of the search bar? How do I format Search Processing Language (SPL) to align the pipes on the left side of the search bar (v 6.5.0)? ha... by Kyle_Jackson Explorer in Splunk Search 11-16-2016 0 2	0	2
get count of field group by another This should be so simple but I cannot get it to work. I am trying to create a panel that will display a table with th... by jdepp Path Finder in Splunk Search 11-16-2016 0 4	0	4
Why am I unable to pull any events, even though I receive a success message from cURL? Hi , I am not able to pull events , even I got success message from cURL .Here is my command. curl ... by mdeep Explorer in Splunk Search 11-16-2016 0 4	0	4
Can you use transpose to eval fields for column totals? Please help! Using transpose in my search so that each row becomes a column. Then I'd like to count the number of... by dcroteau Splunk Employee in Splunk Search 11-16-2016 1 6	1	6
How to see the top 10 categories in each span of a timechart, not for the entire duration of the chart? i have stacked columns chart that covers 24h w. 1h spans i use timechart's default limit=10 and get 10 categories + O... by tomer Explorer in Splunk Search 11-16-2016 2 10	2	10
How to create a timechart for indexes with Cisco ASA data, with each row representing each index and a column with an action status? So I was trying to create an alert for blocked Cisco ASA traffic when there is an increase of 50% or more in today's ... by donaldwayne1975 Path Finder in Splunk Search 11-16-2016 0 2	0	2
Is there a logging or debug tool to identify all props and transforms that are applied to a particular sourcetype to isolate rogue field extractions? Hi All, This has happened to myself and other colleagues on more than one occasion. We go to resolve some issues wit... by phoenixdigital Builder in Splunk Search 11-16-2016 1 4	1	4
How do I edit my search on usernames to also table associated passwords? I am getting Username and User id Fields while search using username, then I pipe it and search user ID to get the pa... by mohanmk1905 New Member in Splunk Search 11-15-2016 0 5	0	5
How to delete data points with null values by host to produce a continuous linear graph? Hello, I want to delete the time point if there is the one or more host max(time)>avg(time)+5 at that point in time.... by serenalin New Member in Splunk Search 11-15-2016 0 1	0	1
How to edit my search to prevent getting duplicate results with mvexpand? I have a set of ticket data and trying to match the words with the description to track issues. My current search is ... by smudge797 Path Finder in Splunk Search 11-15-2016 0 1	0	1
DB Connect configuration: Unable to save database inputs and slow search query Trying to get our freshly working DB Connect configured. I am finding a problem in that I cannot save some new datab... by wegscd Contributor in Splunk Search 11-15-2016 0 7	0	7
How to edit my search to calculate the average count of a field over the last 30 days in summary indexing? Hi, I saved one report and enabled summary indexing. This is the saved search: index=Test \|stats count(ip) as Coun... by uhkc777 Explorer in Splunk Search 11-15-2016 0 15	0	15

Get Updates on the Splunk Community!

Index This | What has goals but no motivation?

June 2026 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious! We’re back with this ...

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

AI is one of the biggest topics in the market today, and for security teams, its value goes far beyond the ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Splunk Search

What is the regular expression for my sample events?

How to create a search that will use values from a table to calculate the percentage?

How to search the count of IDs processed for multiple response time ranges?

How do Accelerated Searches work with retention policies?

How to create single value chart based on user form inputs to display average response time, a previous time comparison, and a trending arrow?

How to build a line graph to compare the results of a search with its inverse results?

How to edit my search to find the distinct count by each field value in a list?

What does the coalesce command mean in this Splunk search?

How to display a count in the labels on my pie chart?

How do I make this into a table?

Transforms are working on a local Splunk instance, but why are fields not extracted correctly when deployed to my search head cluster?

Splunk 6.5.0: How to edit my dashboard to set an in-page contextual drilldown with multiple conditions from a table?

transforms.conf: matching two files in regex

How do I format Search Processing Language to align the pipes on the left side of the search bar?

get count of field group by another

Why am I unable to pull any events, even though I receive a success message from cURL?

Can you use transpose to eval fields for column totals?

How to see the top 10 categories in each span of a timechart, not for the entire duration of the chart?

How to create a timechart for indexes with Cisco ASA data, with each row representing each index and a column with an action status?

Is there a logging or debug tool to identify all props and transforms that are applied to a particular sourcetype to isolate rogue field extractions?

How do I edit my search on usernames to also table associated passwords?

How to delete data points with null values by host to produce a continuous linear graph?

How to edit my search to prevent getting duplicate results with mvexpand?

DB Connect configuration: Unable to save database inputs and slow search query

How to edit my search to calculate the average count of a field over the last 30 days in summary indexing?

Index This | What has goals but no motivation?

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

Announcing Modern Navigation: A New Era of Splunk User Experience

How to get an extract of threshold values set in s...

how to query OCI Audit logs from Datasafe

SPLUNK ES 8.2.3 Drill Down not appearing

Using Splunk to Analyze Web Traffic & Machine-Gene...

How can i export a list of all services in APM

Splunk Search

Join the Conversation