Splunk Search

Ask a Question

Discussions

Thread Info

Creating Bar Chart for SSH logs

Hi Team, We are trying to create a bar chart from secure log. The ultimate goal is to plot the accounts (top 10) u...

by Explorer in

How can I get a count of words in an event?

All, Weird search. How can I get a count of words in an event? e.g. _raw = "Hello world. Hello state. Hello F...

by Builder in

How to edit my search to chart a trend line over time?

I am trying to use the below search and plot a graph for the TPS field. So, if I draw a chart with the TPS values ...

by New Member in

How to find where an extracted field was created that appears in searches?

Trying to find where a field was created that appears in a search against our BlueCoat proxy logs. The field is s...

by Contributor in

How to extract a substring based on its position within a field?

I have a field that is of the form /Code153:4:Item1,Item2,Item3,Item4/Code211:2:Item5,Item6 where I need to extract a...

by Explorer in

How to Group Events at Index Time?

I want to tie together 2 events at index time the same way I would tie them together at search time using the transac...

by SplunkTrust in

Search for items not matching values from a lookup

I have this search which basically displays if there is a hash (sha256) value in the sourcetype= software field =sha2...

by Explorer in

Can I format the y-axis on a chart to properly display military time?

I'm using the following to chart job end times over date: index = ironstream MSGNUM = "IEF404I" ( JOBNAME = TZRPD8...

by Explorer in

Why am I unable to return any results with the appendcols command?

I have a search where I get a value "SplitID" that, along with another ID, gets put into a table. However, I am using...

by Explorer in

How to visualize a sum of simultaneous occurring events in a timechart with a start_time and stop_time?

Hello, I have a series of events with a JoinTime field and a LeaveTime field. Each of these events essentially rep...

by Explorer in

Why am I unable to get results for the second stats in my search?

I have a log file with rows for each transaction in a request sequence, each identified by msg_id. I'm trying to get ...

by Engager in

How do I merge data with the same values in a table entry?

See the attached picture: I am looking at a count of data for deliveries from 2 months ago and the previous months...

by New Member in

How to find the origin and regular expression of an extracted field I use in Splunk?

We have a field called Response_Size which we cannot find. I looked in the Settings>Fields>Field Extractions and sele...

by SplunkTrust in

What is the best way to generate and download a PDF after a search automatically?

Hi guys, I want to download a PDF after search automatically, but the search is produced by crontab, so I need to ...

by Path Finder in

Can I use an eval if statement to create a new field based on a value?

I would like to use an if statement to create a new field based on a value. Something like if field1=0 and field2=0, ...

by Path Finder in

How to add values to a chart with another color based on a certain value?

I have a chart that show some ping times. I would like to show values with "NA" as red in the chart and set their val...

by Path Finder in

I've configured inputs.conf for a Splunk forwarder on Windows, but why do I get no data searching for that host?

Hi, I'm evaluating Splunk for the first time. I installed a forwarder on a Windows server and I configured the inp...

by Explorer in

When searching two indexes, how do i refer to a field from a specific index?

My search is on two indexes. I want to be able to refer specifically to a field value from one of the indexes and not...

by Path Finder in

How to get disabled server status on the basis of time compare query.

Hi, I have a log with number of entries for many servers like- Time1 user1 server1 statusdown Time2 user2 server2 ...

by New Member in

Find common entries in two different sources

Hi, I have data that looks like this Source1 PREMISE,CREATION_DATE,RESULT_TIME 111111,20160621111111,2016062111...

by Motivator in

Why is the where clause case sensitive against field values when part of an inputlookup search?

It appears that the where clause is sensitive to the case of field values when invoked as part of an inputlookup comm...

by Builder in

How to create a chart overlay from 2 stats searches with no time series data?

sourcetype=pbs:rg OR (sourcetype=pbs:status state!=free AND state!=job-* tag=sasl0002) | foreach resources_available...

by Contributor in

How to use two lookups for comparison

Hi All, Here is my requirement: I have 100 values (abc1,def1,....etc) in lookup1 and 100 values in lookup2 (ABC...

by Explorer in

How to parse a timestamp field from a user text input to use for the search time range?

Hi guys, So I have an input field where the user inputs text in the format %y%m%d%H%M, for example 1607061700, wh...

by Engager in

How to edit my search to combine 4 columns into one total column?

Hi I'm new to the community and to Splunk. I am trying to combine the 4 columns my search creates into one total ...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Creating Bar Chart for SSH logs

How can I get a count of words in an event?

How to edit my search to chart a trend line over time?

How to find where an extracted field was created that appears in searches?

How to extract a substring based on its position within a field?

How to Group Events at Index Time?

Search for items not matching values from a lookup

Can I format the y-axis on a chart to properly display military time?

Why am I unable to return any results with the appendcols command?

How to visualize a sum of simultaneous occurring events in a timechart with a start_time and stop_time?

Why am I unable to get results for the second stats in my search?

How do I merge data with the same values in a table entry?

How to find the origin and regular expression of an extracted field I use in Splunk?

What is the best way to generate and download a PDF after a search automatically?

Can I use an eval if statement to create a new field based on a value?

How to add values to a chart with another color based on a certain value?

I've configured inputs.conf for a Splunk forwarder on Windows, but why do I get no data searching for that host?

When searching two indexes, how do i refer to a field from a specific index?

How to get disabled server status on the basis of time compare query.

Find common entries in two different sources

Why is the where clause case sensitive against field values when part of an inputlookup search?

How to create a chart overlay from 2 stats searches with no time series data?

How to use two lookups for comparison

How to parse a timestamp field from a user text input to use for the search time range?

How to edit my search to combine 4 columns into one total column?

What the End of Support for Splunk Add-on Builder Means for You

Solve, Learn, Repeat: New Puzzle Channel Now Live

Building Reliable Asset and Identity Frameworks in Splunk ES

Configuration initialization took longer than expe...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions