Splunk Search

Discussions

Thread Info

Creating a timeline showing when someone log out and login?

Hi, I'm quite new to splunk, but I'm able to create the needed fields and make basic reports. Timelines I don't know ...

by Explorer in

what is the best addon / app to use with [iplocation] for a geographical visual dashboard?

I am looking to build a map of IP locations for remote vpn logins. Does anyone have any suggestions?

by Contributor in

custom command logging error

I've followed this tutorial: http://blogs.splunk.com/2014/04/14/building-custom-search-commands-in-python-part-i-a-si...

by Explorer in

How to edit my rex to receive values for Start Date and End Date?

Rex expression used : startDate= (?.*) endDate= (?.*) Data format : &startDate=10/02/2016&endDate=10/02/2016& D...

by New Member in

How to edit my search to calculate the difference between two timestamps in the same event?

Hello, I am trying to determine the time difference between the two timeStamp columns in my events. I tried to use...

by Path Finder in

How to update only the last row of a table lookup dynamically

Hello community, I have a lookup cn two fields, _time and count per day. I need to update each time the record of ...

by Path Finder in

How to write a search to show events immediately before and after a certain field value changes?

Hi, I'm searching through logs and I need to see the events that occur when one field value changes. Example: H...

by Motivator in

What alternative can be used for the join command in my search to avoid the subsearch limit?

I am basically doing two searches where the results of the 1st search serves as input for the 2nd search. There ar...

by Communicator in

Help with Regex...?

I'm trying to extract the following from this regex...somehow i am not able to get the browser agent and status... ...

by Builder in

How to create a dashboard search with the condition "If status is not success, show error code, type, and message on the same row"?

I want to create a dashboard with a table listing integration name and execution status with the following condition:...

by Explorer in

I would like to use field value * as regex to match all values in my search

Hello, I have dashboard with drop-down button. Token for button is named Area. Values are: Name - Value: All Area...

by New Member in

How to remove clients with more than one hits?

I have data in this format: client=green value=house client=yellow value=appartement client=black value=bungalow ...

by Builder in

How to avoid displaying duplicate logs in search results?

I am trying to search /var/log/messages log with keywords like shutdown or Error and storing it in message.log and...

by Communicator in

How to get all possible entries from two lookups?

How to get all possible entries from two lookups? For instance, lookup_1 and lookup_2 lookup_1 application ...

by Communicator in

How to edit my eventstats search to return a count of failed authentications greater than ten within a ten minute window?

Been working on a report to show the best data on authentications failed more than ten times in a time span of 10 min...

by New Member in

Unable to do timechart for a field which has varying values

I am extracting a field using regular expression, it looks like below, These are top 5 processes which is consuming h...

by Communicator in

How to use the _time field from the results of one search to run another search on another host and sourcetype?

I am looking to take the results of the following search: sourcetype="cisco:asa" AND dest_ip=10.3.10.12 AND dest_...

by Path Finder in

In a pie chart, how to convert an numerical value of an enum to a string?

The slices on my pie chart are currently displaying the numerical value of an enum, which isn't too useful. Instead o...

by New Member in

Why do my field extractions disappear from the left Fields Sidebar when more parameters are added to the search?

I lose my field extractions when I add a search parameter to my search: THIS WORKS: (I see fields on the left hand...

by New Member in

How do I add a new field extraction using transforms?

How do I add a new field extraction using the field transformations I've configured? We're using Splunk Light Clou...

by Explorer in

Using "stats max(foo)", is it possible to get the whole line of the log that contains the max value of foo?

When I use | stats max(foo) I get the largest value of foo. Is it possible to get the whole line of the log which ...

by Path Finder in

How to figure out what fields our Splunk users are searching for in their reports or dashboards?

Hi, I need to figure out what fields our Splunk users are searching for, either in their reports or dashboards. I...

by Path Finder in

How to write a search to alert if indexers are not receiving data from forwarders?

Hi Team, How do I write a search to alert me when one of the critical indexers is not receiving the data from the...

by Path Finder in

Can anyone explain what is a Splunk Base Search?

Hello Splunkers Can anyone explain in simple terms what is a Splunk Base Search?

by Explorer in

Top N results in table

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Creating a timeline showing when someone log out and login?

what is the best addon / app to use with [iplocation] for a geographical visual dashboard?

custom command logging error

How to edit my rex to receive values for Start Date and End Date?

How to edit my search to calculate the difference between two timestamps in the same event?

How to update only the last row of a table lookup dynamically

How to write a search to show events immediately before and after a certain field value changes?

What alternative can be used for the join command in my search to avoid the subsearch limit?

Help with Regex...?

How to create a dashboard search with the condition "If status is not success, show error code, type, and message on the same row"?

I would like to use field value * as regex to match all values in my search

How to remove clients with more than one hits?

How to avoid displaying duplicate logs in search results?

How to get all possible entries from two lookups?

How to edit my eventstats search to return a count of failed authentications greater than ten within a ten minute window?

Unable to do timechart for a field which has varying values

How to use the _time field from the results of one search to run another search on another host and sourcetype?

In a pie chart, how to convert an numerical value of an enum to a string?

Why do my field extractions disappear from the left Fields Sidebar when more parameters are added to the search?

How do I add a new field extraction using transforms?

Using "stats max(foo)", is it possible to get the whole line of the log that contains the max value of foo?

How to figure out what fields our Splunk users are searching for in their reports or dashboards?

How to write a search to alert if indexers are not receiving data from forwarders?

Can anyone explain what is a Splunk Base Search?

Top N results in table

Introduction to Splunk AI

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Maximizing the Value of Splunk ES 8.x

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions