Splunk Search

Discussions

Thread Info

How to search for failed logins of a specific Active Directory group?

Greetings. I am looking to search failed logins for a particular Active Directory group(s). I was thinking I'd have t...

by Path Finder in

"Failed to properly initialize the key-value parser for transform_name 'REPORT-wf'. You must define least one delimiter."

I extract various fields using the other delimiter " , Only the admin user can see the fields, but all users are supp...

by Communicator in

Yet another regex question

Hi, I have data that looks like this 127.0.0.1 - dancase@icontrol.com [16/Sep/2016:15:34:57.025 +0000] "GET /en...

by Motivator in

how to fill the missing values to nearest previous non-zero value in streamstat result

Hello, I am using streamstats to produce hourly category accumulate total to date by : ... | bucket _time ...

by Explorer in

How to edit my search to match fields from indexed data with a field in a CSV file to output another corresponding field?

I am trying to match the fields countrycode (An eval field extracted from indexed data) with a field "Code" in a CSV ...

by Communicator in

Why am I getting no results found when creating and searching my field lookups?

I used this document to create my lookup table and define fields http://docs.splunk.com/Documentation/Splunk/6.4.3/Se...

by Communicator in

How do I extract top values by a specific field and have them display along with corresponding fields in a table command?

index=* sourcetype=* host=* | search Event=176 | top limit=20 User| table Location, Event, User, Address, Time I...

by New Member in

Why am I getting no results returned using the Splunk Python SDK to search our Splunk instance?

I'm using the Splunk Python SDK search our Splunk instance. However, I'm not getting any results. Below is the co...

by New Member in

What is the best way to extract URL information from logs?

What would be the fastest way to grab the URLs out of logs in Splunk? I am thinking a regex expression would work, bu...

by New Member in

How to get count of events for each field?

In the following query, I'm trying to display the count of events for each field (bar) from a single field (foo). ...

by Communicator in

How to edit my search to add commas to the numbers and rename the row names?

Hello, I have two questions. 1) In my search below, I am trying to add Commas to the numbers, but the Totals fi...

by New Member in

How to check a value of a field in a subsequent event?

I was wondering if it is possible to check what's the value of a field in the next event. Say I have an index with a ...

by Explorer in

How to use the C# SDK to return a large search result set (5,000,000 rows)?

Hi I have a "Saved Report" (Named- GetIP), which finds unique IP passed through firewall for th Last 30 days. It r...

by Explorer in

Remove duplicate values from a multivalue field

I have an mvfield like contract="C53124 C53124 C67943" and I want to end up with unique values like contract="C53124 ...

by Explorer in

What command should I use to get the average of my entries by hour?

Hi I am new to Splunk so this little operation that would be simple in SQL seems to be real puzzling to me. I g...

by Engager in

Lookups to files larger than max_memtable_bytes report file only contains a header row

With Splunk v5 and v6, I have not been able to get lookups to work with CSV files that are larger than max_memtable_b...

by Path Finder in

How to display the result in a graph format with timechart as y-axis and field_1, field_2 on x-axis?

The following were some events :- [30706/3663031152][Mon Sep 05 2016 03:55:01][CServer.efpp:4719][INFO][sm-Server-...

by Builder in

Why am I unable to find a summary index in search when using index=summary?

I have a saved search in the default summary index and when I use the index=summary in my search box, I cannot find t...

by Explorer in

Why am I getting strange results with the fillnull command when I input a lookup table?

I have a search that looks like: multisearch [search a] [search b] | table field1, field2, field3 | fillnull value...

by Builder in

How to multiply the x-axis values by the y-axis values and display the result on the y-axis in the chart?

I got a project where I have a csv file with one particular field. Each bar ranges from 200-700 in value. I need to b...

by New Member in

Not able to use Fields, Rename, Table command after Fieldformat command

Hi, I am trying to convert some values with combination of Alphabets, Special Characters and numbers but still wan...

by Communicator in

How do I pass multiple values from a chart as input into another chart?

Hi, I have a chart the displays the performance of all servers. When the user clicks two of the servers, I want ...

by Path Finder in

How do I get the time span (span=X) in a search to automatically adjust depending on the time picker value chosen?

Hi, I want the time span in a search to adjust based upon the time picker value. i.e. time picker is day, t...

by Path Finder in

How to search the duration between the time a user logged in to a host and the time another user logged in to the same host?

I'm having a hard time wrapping my head around this, and after a few false-starts, I'm hoping the community can point...

by New Member in

How do I construct a regular expression with wildcard matching?

Hi, I have data that looks like this ####<Sep 15, 2016 9:35:27 AM CDT> <Debug> <ucontrol> <betamax-cpe1> <manag...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to search for failed logins of a specific Active Directory group?

"Failed to properly initialize the key-value parser for transform_name 'REPORT-wf'. You must define least one delimiter."

Yet another regex question

how to fill the missing values to nearest previous non-zero value in streamstat result

How to edit my search to match fields from indexed data with a field in a CSV file to output another corresponding field?

Why am I getting no results found when creating and searching my field lookups?

How do I extract top values by a specific field and have them display along with corresponding fields in a table command?

Why am I getting no results returned using the Splunk Python SDK to search our Splunk instance?

What is the best way to extract URL information from logs?

How to get count of events for each field?

How to edit my search to add commas to the numbers and rename the row names?

How to check a value of a field in a subsequent event?

How to use the C# SDK to return a large search result set (5,000,000 rows)?

Remove duplicate values from a multivalue field

What command should I use to get the average of my entries by hour?

Lookups to files larger than max_memtable_bytes report file only contains a header row

How to display the result in a graph format with timechart as y-axis and field_1, field_2 on x-axis?

Why am I unable to find a summary index in search when using index=summary?

Why am I getting strange results with the fillnull command when I input a lookup table?

How to multiply the x-axis values by the y-axis values and display the result on the y-axis in the chart?

Not able to use Fields, Rename, Table command after Fieldformat command

How do I pass multiple values from a chart as input into another chart?

How do I get the time span (span=X) in a search to automatically adjust depending on the time picker value chosen?

How to search the duration between the time a user logged in to a host and the time another user logged in to the same host?

How do I construct a regular expression with wildcard matching?

Can’t make it to .conf25? Join us online!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!