Splunk Search

Discussions

Thread Info

How to extract the file name from a file path using rex in a search?

I am getting the file path in my search result. When I am displaying it in dashboard with chart, I need to only extra...

by Communicator in

How to find missing values from two different indexes?

dears i want to compare two indexes to find the values in index 1 and not in index 2 index 1 have field called accoun...

by Explorer in

Why is my search adding 18 hours to the value of my response time field?

Hi, I am running a search to find out the response time using the below query: mysearch | |eval diffResponse= a...

by New Member in

How to write stats to find max value of dynamic host and field

by Path Finder in

In Cisco firewall data, how do I check for "top talkers" by event type from a specific host?

Hi, I can see that there is a firewall that has started to send huge amount of traffic. how can I see which event typ...

by New Member in

combine searches in one timechart

I would like to combine the following two searches in one timechart: host="appserv" OAuth participants POST | rege...

by Path Finder in

how can i match 2 conditions while setting token

Hi - I have 2 drop-downs: Year lists down all the years, Month list down all the months. Now i would need to pass...

by New Member in

How to get a column chart to show all x-axis labels?

Hi I want to show score distribution by column chart. The score ranges from 0 to 100 I have the below search and i...

by Explorer in

How to create a search to see what is currently forwarding logs to Splunk?

We're going to be migrating our Splunk to a central instance. I need to start pulling some information which I think ...

by Explorer in

Why am I not able to use the regular expression value of my main search in subsearch rex?

I tried to use the value of main search regex in subsearch rex . Main search |rex "(?regular expression)"|append ...

by New Member in

How to calculate a rolling percentage of growth between two values?

I have a linechart with values that increase each day. Is there a way to calculate and display the percentage of grow...

by Communicator in

Appendcols failing

EDIT: It appears subsearch is what's broken, not appendcols. The follow fails on 5.0.2 search heads, but not 4.3.4 se...

by Influencer in

How to create a bar chart count by specific field values

I am new to Splunk I need to know how to create bar chart count only by certain tags For example event has tag=t1,t2,...

by New Member in

What is the rex command to extract my field?

what is the rex command to extract the below highlighted field. 2015-12-22 22:40:13 ID="87602", Data_Name="sap01 "DDC...

by Explorer in

How to configure Splunk 6.4.2 to extract this field within double quotes from my sample data as one field, not six separate fields?

Hello, I have Message-Tracking Logs from Exchange 2016 servers where the fields are comma separated, but in some l...

by Path Finder in

Can I do string search inside case() func?

I have multiple queries for same index and therefore trying to avoid subsearches. Looking for right syntax, trying to...

by Path Finder in

Why are all events in one record and I am unable to extract fields?

We have CSV files dropping in the Windows folder and the CSV file contains users data but it was not parsing correctl...

by Explorer in

How to generate a search that will correlate users' status in different target systems?

We get 3 csv files from 3 different target systems T1, T2, T3 with user details. We have users present in all the tar...

by Path Finder in

Why is stats count not working correctly in my search?

Hi all, below is the search that I'm working with index=main source=mysql-pipe sourcetype=pipeline_logs AND (messa...

by Path Finder in

how to assign boolean result within eval?

hi, I worked last week with Splunk 6.3.3 and upgraded to the latest version 6.5. I detected a problem with a se...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to extract the file name from a file path using rex in a search?

How to find missing values from two different indexes?

Why is my search adding 18 hours to the value of my response time field?

How to write stats to find max value of dynamic host and field

In Cisco firewall data, how do I check for "top talkers" by event type from a specific host?

combine searches in one timechart

how can i match 2 conditions while setting token

How to get a column chart to show all x-axis labels?

How to create a search to see what is currently forwarding logs to Splunk?

Why am I not able to use the regular expression value of my main search in subsearch rex?

How to calculate a rolling percentage of growth between two values?

Appendcols failing

How to create a bar chart count by specific field values

What is the rex command to extract my field?

How to configure Splunk 6.4.2 to extract this field within double quotes from my sample data as one field, not six separate fields?

Can I do string search inside case() func?

Why are all events in one record and I am unable to extract fields?

How to generate a search that will correlate users' status in different target systems?

Why is stats count not working correctly in my search?

how to assign boolean result within eval?

Observability Highlights | January 2023 Newsletter

Security Highlights | January 2023 Newsletter

Platform Highlights | January 2023 Newsletter

Not receiving data from particular source

How to use MLTK to tune DNS Query Length Outliers ...

Optimizing metrics based searches?

How to use fit command together with foreach?

How to detect T1036.002: Masquerading (Right-to-Le...