Splunk Search

Ask a Question

Discussions

Thread Info

TimeChart not working properly

hi, index=msexchange sourcetype="MSExchange:2013:HttpProxy" host="ftlpex02cas01.citrite.net" RpcHttp AND "/rpc/rpc...

by Explorer in

Splunk Search - Select Top 10 results by non-unique field

Hi all, I have gathered into Splunk sales information of store branches across the US. The data is in the format: ...

by Path Finder in

Searching for possible spam

Hi, I'm trying to come up with a search that would help identify spam. It would have to look at sender domain an...

by Engager in

Splunk and OpenLDAP: Is there a setting in authentication.conf or another configuration file to allow custom filtering?

I am working to connect Splunk with my Active Directory using LDAP, and during the process, I have enabled DEBUG on b...

by Explorer in

How to use a running total/accumulated value as a starting input for a timechart, but not display this data point?

I have a reqquirement as follows: I have a time chart with 3 fields A,B,C C=A-B+previous value of C in row immedia...

by Champion in

How to display multiple fields on the x-axis of a chart?

Displaying the multiple fields on X-axis of chart. Below is my current search: index=home | eval Value=substr(Name...

by Path Finder in

How to display and group events in a timechart that are continuous for 10 minutes?

Hi , I have a timechart with different columns. I want to display those events from a time chart which are contin...

by Communicator in

How do I combine these two charts into one chart?

I have the following 2 charts <panel> <chart> <title>HDB Resale index By Year</title> <search> <qu...

by New Member in

Instead of a Home Page showing up with three different URLs, is there a way to combine all variations to one URL string?

Is there anyway to treat all loaded home pages for a given URL path to be the same? For example the home page can sho...

by Contributor in

"Error in 'tstats' command: This command is not supported in a real-time search"

I currently have a working tstats search, but when I use real-time, it returns the following error: Error in 'tst...

by Contributor in

How does Splunk assign processor cores to execute a job (running a scrips, scheduled search, ad hoc search, etc)?

How does Splunk assign processor cores to execute a job like running script, scheduled search, ad hoc search, etc. ...

by Path Finder in

How can we change the color of column chart?

I want to color the column bars based on the Status value I'm getting, having trouble in doing that. Can anyone help ...

by Path Finder in

Generate a table of keywords based on the correlation of a username across three rules?

I have a tool that has three different rules, each rule is composed of a list of unique keywords. A rule is triggered...

by Builder in

How to display ONLY first row for each value in table

Hi, I have a requirement to use display first row for every ACCNO.any Ideas? query: I used some transaction co...

by Explorer in

Sharing search with custom field extraction

I have a user that wants to give me a search with references to a number of custom field extractions local to his pro...

by Communicator in

How to use erex in a CLI search

I'm running into an issue with the syntax for a CLI search using erex. The problem seems to be with the double quo...

by Explorer in

How do you use rex to slice a string up to the white space

I have a string called PGM_NM. The contents of PGM_NM are "AE248 \AX0\AX0". I want to use the rex function to slice t...

by Engager in

Formatting Log Name with Regex

Hello. I am currently trying to do something with a list of logs that I have been given. All of the logs have the ...

by New Member in

Why am I unable to extract this field with my current rex statement?

I have a regex that should be extracting the employeeType field from an event. Below is the text of the event and the...

by Communicator in

how can I format and chart a status message?

Hello, a device in our system returns a status message that looks like the following (as seen in splunk search result...

by Path Finder in

What markup language should "Overview" and "Details" be written in?

Very simple question, I need to write these pages for an app, but don't have access to the account yet. Or is it done...

by New Member in

can i skip the lines when we start splunk for first time??

Hello i want to know whether we can skip the lines when we start the splunk for the first time. if we can any body...

by Path Finder in

How to display Event_Status change?

In a log file I have one field with name EVENT_STATUS. It has 3 values 1.Accepted 2. Pending 3. Rejected I have desig...

by Explorer in

How do I remove \x00 characters from my log message?

I have a log message which (thanks, M$) has been littered with \x00 text - originally null bytes. They appear every o...

by Motivator in

is $ supported in regex for field extraction ?

I've got the following log line and I wish I could extract the last IP address field: .................(variable n...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

TimeChart not working properly

Splunk Search - Select Top 10 results by non-unique field

Searching for possible spam

Splunk and OpenLDAP: Is there a setting in authentication.conf or another configuration file to allow custom filtering?

How to use a running total/accumulated value as a starting input for a timechart, but not display this data point?

How to display multiple fields on the x-axis of a chart?

How to display and group events in a timechart that are continuous for 10 minutes?

How do I combine these two charts into one chart?

Instead of a Home Page showing up with three different URLs, is there a way to combine all variations to one URL string?

"Error in 'tstats' command: This command is not supported in a real-time search"

How does Splunk assign processor cores to execute a job (running a scrips, scheduled search, ad hoc search, etc)?

How can we change the color of column chart?

Generate a table of keywords based on the correlation of a username across three rules?

How to display ONLY first row for each value in table

Sharing search with custom field extraction

How to use erex in a CLI search

How do you use rex to slice a string up to the white space

Formatting Log Name with Regex

Why am I unable to extract this field with my current rex statement?

how can I format and chart a status message?

What markup language should "Overview" and "Details" be written in?

can i skip the lines when we start splunk for first time??

How to display Event_Status change?

How do I remove \x00 characters from my log message?

is $ supported in regex for field extraction ?

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions