Splunk Search

Discussions

Thread Info

How to add image from URL to a table

Pretty simple question, hopefully it is a simple answer. I have data where one field has a URL of an image. I would l...

by Builder in

Is there a way to find which props.conf and/or transforms.conf file is applied to a specific sourcetype for search-time field extractions?

I have certain logs which are indexed correctly. Field extraction using props.conf and transforms.conf works correctl...

by Contributor in

How do we get our summary index search to produce our expected result?

Hi, We are planning to implement summary indexing in our dashboards. As part of it, I have created a scheduled sea...

by Path Finder in

How to search my Sonicwall logs for multiple values for the same field?

Very much a newb looking to get some basic information from my Sonicwall logs. Setting up the search using multiple c...

by New Member in

How to search a specific user's internet activity for a certain time range? (websites visited, search history, timestamps)

I am trying to complete a request for a specific employees internet search history. I need to specify a date range, l...

by New Member in

Why do search results return nothing on a calculated check?

I have a summary index that is holding lead information. One of the data points I created was the numeric day the lea...

by Path Finder in

Should you specify or not specify the index in your search?

What are everyone's thoughts on whether you should or should not specify the index in your search? Is sourcetype=valu...

by Communicator in

Count Sourcetype by Day

In 6.4.2 version, when i try to count the integrated volume by sourcetype last day for example with this search : ...

by Engager in

Getting duplicate rename fields error after upgrade from 6.3.0 to 6.4.2

The following search worked prior to upgrade: | stats sparkline count dc(sourcetype) as sourcetype last(_raw) as l...

by Motivator in

Are there recommendations on teaching users how to get current data from reports without hitting concurrent search limits?

A ticket has come across my desk today where a customer is getting different results from different search heads for ...

by Path Finder in

Does lookup command support OR Boolean operation?

Hello, I have events in index 1 and I have lookup table 1 created from a CSV file. I want to lookup events from index...

by Engager in

left join multivalue

hi, i try to use left join to match between two index. index="myfirst_Index" | rex max_match=0 field=multi...

by Contributor in

How to include all rows from a lookup?

Hi folks, newbee here, I'm trying to do this: | stats values(duration) as DaysSinceLastAccess, count(duration) as ...

by New Member in

Compare time of the output of the query

Hi All I am trying to compare the result of the query. In am getting this result from my query Hostname date ti...

by New Member in

Universal Forwader Regex - no special field

Hey Guys, any chance to set a blacklist entry in the universal forwarders input.conf for not sending events where ...

by New Member in

How to calculate Weighted Average

After the base search such as: ...... | stats sum(r1) as t_r1 sum(r2) as t_r2 sum(duras) as total_dura c(member...

by New Member in

How to write a search to show events that do not meet transaction requirements?

Hello, I am trying to find a way to show events which are not meeting transaction requirements. So of course I can...

by Explorer in

[hope someone could help me!] How can reduce records in each row in splunk table.

Hi, I was preparing a dashboard but i have some problems while generating the table. I am using sort and stats to gr...

by Explorer in

Is there a way to do calculation on streamstats values?

Hi folks, newbie here, trying to use Splunk to do some stuff... I have a search that ends like below: | table D...

by New Member in

How to set the x-axis limits of a line chart?

I am trying to display a timechart on a line graph. The timechart looks back 24 hours to find specific events. My iss...

by New Member in

Average load of universal forwarder and heavy forwarder

Hello Splunkers, What is the average CPU/memory usage of a universal forwarder and heavy forwarder ? ( The average...

by Super Champion in

Fetching data fro a limited time in to csv for lookup

Hi All I am trying to schedule a job that will run every day to pull data of last 30 days into a csv file for look...

by Path Finder in

How to rename a field that was recently extracted?

I recently extracted a few fields such as GBPS and now I would like to rename this particular field Bps. Thank You...

by Engager in

How to search the average percentage of two different stats and display both on the same timechart?

I'm having trouble displaying the count of 400-499 errors as 1 series on a timechart, and 500-599 errors as a separat...

by Engager in

How do I extract this date time field from my sample data using rex?

I used this search, but it is not extracting the date time field properly. I will use this date time as a common fiel...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to add image from URL to a table

Is there a way to find which props.conf and/or transforms.conf file is applied to a specific sourcetype for search-time field extractions?

How do we get our summary index search to produce our expected result?

How to search my Sonicwall logs for multiple values for the same field?

How to search a specific user's internet activity for a certain time range? (websites visited, search history, timestamps)

Why do search results return nothing on a calculated check?

Should you specify or not specify the index in your search?

Count Sourcetype by Day

Getting duplicate rename fields error after upgrade from 6.3.0 to 6.4.2

Are there recommendations on teaching users how to get current data from reports without hitting concurrent search limits?

Does lookup command support OR Boolean operation?

left join multivalue

How to include all rows from a lookup?

Compare time of the output of the query

Universal Forwader Regex - no special field

How to calculate Weighted Average

How to write a search to show events that do not meet transaction requirements?

[hope someone could help me!] How can reduce records in each row in splunk table.

Is there a way to do calculation on streamstats values?

How to set the x-axis limits of a line chart?

Average load of universal forwarder and heavy forwarder

Fetching data fro a limited time in to csv for lookup

How to rename a field that was recently extracted?

How to search the average percentage of two different stats and display both on the same timechart?

How do I extract this date time field from my sample data using rex?

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions