Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to extract the field "user" from my data?

Hi How to extract the field "user" from the following data? ABCDEFGHI\cw2343@ac.abcdefghi.com ABCDEFGHI\kira...

by Builder in

How to edit my eval statement to convert numerical values from a field into MB?

I have a field [B] that consists of some numbers and strings. 10 gb 20 gb 30 gb I would like to implement a ...

by Path Finder in

How can I use fillnull to fill in different values for different fields?

Hello, I have a timechart that plots three values: incoming objects, outgoing objects, and the running amount of obje...

by Builder in

How to modify my search to include historic count to my current day's count and also average?

Hello everyone, I have a search as follows which displays the usernames, their accessing application count on that...

by Builder in

search query to get specific date range events from different field

Hello All, I have requirement where need to compare the two different date's and condition is that date would be o...

by Communicator in

How to edit my search to display data on a weekly chart?

Hi All, For a trend chart, I have data for the following dates 2016-10-29 - saturday 2016-11-05 - saturday 20...

by Explorer in

How can I optimize the performance of my current base search and subsearches?

I have a base search to collect all data and some subsearches that access these base searches to draw graphs. Base...

by New Member in

How to compare values from two fields from different sources but only keep an uncommon value?

Hi community, I have a combined search which includes two sourcetypes. Both include a field with a username. Let's...

by New Member in

How to edit my search to get a weighted average based on total event count?

New to splunk, so if any more info needs to be provided, please let me know. I'm trying to get a weighted average,...

by New Member in

Show Only Logon Events

I simply will audit our Administrators on which Systems they are logged on right now. but i cannot separate only E...

by Path Finder in

How to generate a search that will let me know if Splunk is installed on a host and if the host is sending data or not?

how can i know that a particular host is sending data or not? and how can i know that the Splunk agent is installed i...

by Communicator in

How to find the time taken to create a particular index in Splunk?

Hi All, I have to find the "time it took to create my index in Splunk". Can anyone please help me how to find tha...

by Explorer in

How to display cumulative results' count of events in timechart by hour?

I want to show the sum of events in a search from the earliest time to the time increasing hour by hour. Because I wa...

by Explorer in

Why do I sometimes get "Failed to load component" in the Events tab while performing a search?

During a search, the query runs and i get the extracted fields in the fields sidebar however in the panel for events ...

by New Member in

"Configuration initialization took 1441ms for C:\Splunk\etc" How do I get rid of this warning message?

"Configuration initialization took 1441ms for C:\Splunk\etc" Can someone please let me know how to get rid of this...

by Explorer in

Multiple match in lookup File

I have a search query which gives me the following information in the table: Device | MsgType | TimeStamp A |MSG1...

by New Member in

How do I do Field (column) selection for post process search in a dashboard panel?

In a dashboard I'm trying to drive several charts off a single query and use post process search to select the fields...

by New Member in

How to extract a string without using rex or erex?

How to extract a string without using rex or erex? Ex: I don't have clear logs for phone numbers, want to extract ...

by Explorer in

How to resolve "approaching the maximum number of historical searches" message received after moving to search head cluster?

heyyyy everyone, anyone run into this annoying message before? we keep getting this after moving to a search head...

by Contributor in

How to generate a search that will look for Splunk apps that have not been used?

Any one know of a search that will look for Splunk apps that have not been used by any user for a week, etc?

by Splunk Employee in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to extract the field "user" from my data?

How to edit my eval statement to convert numerical values from a field into MB?

How can I use fillnull to fill in different values for different fields?

How to modify my search to include historic count to my current day's count and also average?

search query to get specific date range events from different field

How to edit my search to display data on a weekly chart?

How can I optimize the performance of my current base search and subsearches?

How to compare values from two fields from different sources but only keep an uncommon value?

How to edit my search to get a weighted average based on total event count?

Show Only Logon Events

How to generate a search that will let me know if Splunk is installed on a host and if the host is sending data or not?

How to find the time taken to create a particular index in Splunk?

How to display cumulative results' count of events in timechart by hour?

Why do I sometimes get "Failed to load component" in the Events tab while performing a search?

"Configuration initialization took 1441ms for C:\Splunk\etc" How do I get rid of this warning message?

Multiple match in lookup File

How do I do Field (column) selection for post process search in a dashboard panel?

How to extract a string without using rex or erex?

How to resolve "approaching the maximum number of historical searches" message received after moving to search head cluster?

How to generate a search that will look for Splunk apps that have not been used?

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

Observability Highlights | January 2023 Newsletter

Security Highlights | January 2023 Newsletter

Why does Walklex return spaces before some of the ...

Why won't Walklex timespan follow time specificati...

How to use MLTK to tune DNS Query Length Outliers ...

Optimizing metrics based searches?

How to use fit command together with foreach?