Splunk Search

Discussions

Thread Info

How to highlight a cell in a table

I have a table and one of the column is for URLs. I want to highlight the URLs in blue color. Please let me know how ...

by New Member in

Are data model summaries linked to the original events? Can tstats access them?

With tstats, I can't seem to get access to the original events. Even in "verbose" mode, the "Events" tab contains onl...

by Contributor in

How to change the font color in Simple XML for each line series in a timechart?

I have a timechart with 3 line series: A,B and C Now, I have used series colors in Simple XML to change the colors...

by Champion in

How to get a field from a lookup

ok, here is my dilemma I have a lookup table like this: _raw,sourcetype,alertMessage,severity *Reloading repos...

by Contributor in

Join not working for two different searches

Hi, I'm doing two searches with custom rex extraction of fields. For both searches, I have named all the fields I ext...

by Communicator in

How to find the number of times a specific field value has been present over time

I'm trying to find the average time (in weeks) it takes to patch specific network vulnerabilities. I take in data fro...

by New Member in

How can I do timechart (or something similar) starting from a specific minute?

I have an alert that runs every hour at the half hour mark. So at 1:30, 2:30, etc... When I run the timechart command...

by Communicator in

How do I create a field that contains only specific values to disregards events that could be considered a match?

I am trying to create new fields to search across multiple sources. I have two problems: When searching for data o...

by New Member in

How to match match IP addresses with a lookup table that only contains IP subnets?

Dear Team, What i am trying to achieve is like this: I have a lookup table with many subnets. I am trying to match...

by Explorer in

need help editing my search to find users who have failed to log in more than 3 times in 10 minutes, then successfully logged in

Hello, I'm working on a search for blackboard that will return users who have failed to log in more than 3 times i...

by Path Finder in

How to edit my search to create a field using eval?

Currently working on an integration betweek Splunk and RSA Archer eGRC. We are working with the security operations m...

by New Member in

How to get rangemap to change the color of bars based on evaluated heap percentage used?

how do I change the colors of my bar chart to red, yellow, and green? Here is my query: index=xyxy env=PROD profil...

by Path Finder in

How to customize a drilldown so users can only click on the field name in a table, not the sparkline or percentage?

Hi, I have a table with 3 fields in it MSO (a name field) Trend (a Sparkline) Percentage (numeric) When a us...

by Motivator in

How can I optimize and improve the performance of my search?

index=bigfix sourcetype=software | eval Hashes_allow_or_deny = if((sha256_allow_or_deny=="*deny*") OR (md5_allow_or_d...

by Explorer in

How do I use results from a search in my custom command?

I'm trying to use data from a search in a custom command. source | scrapy url=uri This gives me the following ...

by Explorer in

How do I write a search to filter out certain values for a field?

Hey Fellow Splunkers I have an issue when searching for similar events that are only unique by one character. ...

by Path Finder in

Using "stats count by" after "case eval", why am I not getting any results?

Hello, I'm trying to change a value of a field using eval case then do a stats count based on that field. I'm gett...

by Explorer in

How to create an alert to trigger based on a current value, and if that value increases over a threshold within a set time?

I want to alert based off a current value and if that value increases over a threshold within a set time. I want t...

by Contributor in

How to rename a field name with curly braces to compare it to a field in a lookup?

How can I rename a field name with curly braces attached to it e.g. cxy{} and then compare to a field within a lookup...

by Explorer in

How to search and trigger an alert if the same value repeats more than once in a certain field for that particular event?

For example: :Report=99,10,99 In this case value 99 occurred twice in this field, so I need to pick this event...

by Explorer in

How to find events which have a certain field which occurs more than once?

I have some events which have a field which is named variable. So the event will be like.. field1="a" field2="b" v...

by Engager in

How to edit my regular expression to extract values from a logfile that begin with "FNR" and are 10 alphanumeric characters long?

I'm trying to use a regular expression to grab words out of a logfile that begin with "FNR" and are exactly 10 alphan...

by New Member in

How to have lookup iplocation fields added to all events at index time?

I would like to have iplocation fields added to all events when they're ingested and have verified the lookup works i...

by New Member in

How to convert epoch timestamp to readable date format?

Hi, I am browsing information on one of our ticketing server databases, however, when I try to show table contents...

by Engager in

Converting String to date

I am trying to convert the string "08/04/16 09:40:41.690" to a date in splunk. I think that I am supposed to use some...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to highlight a cell in a table

Are data model summaries linked to the original events? Can tstats access them?

How to change the font color in Simple XML for each line series in a timechart?

How to get a field from a lookup

Join not working for two different searches

How to find the number of times a specific field value has been present over time

How can I do timechart (or something similar) starting from a specific minute?

How do I create a field that contains only specific values to disregards events that could be considered a match?

How to match match IP addresses with a lookup table that only contains IP subnets?

need help editing my search to find users who have failed to log in more than 3 times in 10 minutes, then successfully logged in

How to edit my search to create a field using eval?

How to get rangemap to change the color of bars based on evaluated heap percentage used?

How to customize a drilldown so users can only click on the field name in a table, not the sparkline or percentage?

How can I optimize and improve the performance of my search?

How do I use results from a search in my custom command?

How do I write a search to filter out certain values for a field?

Using "stats count by" after "case eval", why am I not getting any results?

How to create an alert to trigger based on a current value, and if that value increases over a threshold within a set time?

How to rename a field name with curly braces to compare it to a field in a lookup?

How to search and trigger an alert if the same value repeats more than once in a certain field for that particular event?

How to find events which have a certain field which occurs more than once?

How to edit my regular expression to extract values from a logfile that begin with "FNR" and are 10 alphanumeric characters long?

How to have lookup iplocation fields added to all events at index time?

How to convert epoch timestamp to readable date format?

Converting String to date

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

Video | Tom’s Smartness Journey Continues

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...