Splunk Search

Ask a Question

Discussions

Thread Info

show in a graph a numbers with two numbers after comma

hi, I would like to build a graph with these values: a 100 b 97,56 c 99,34 my issue is when i try to see a grap...

by Explorer in

regex to extract date from the file name

Hi we are using fs_notification and monitoring a specific path. I have a field called path which has the following...

by Communicator in

How to edit my regex to extract this value from my data?

This should be an easy thing to do but obviously, I am missing it. I need to extract "cannot be located" c.f....

by Explorer in

How to edit my search to only display users that have logged on to more than 5 workstations and sort the list in descending order?

Hello, Like the title says, I have the search criteria pretty nailed down, however, I would like to do a count so ...

by New Member in

Optimize query by referring latest source data

Hi, Here are the three sources that I have for the below query that I need to optimize : a) tech_detail.gz b) grou...

by Explorer in

Splunk is only reading some records from a lookup and leaving others out. Any suggestions why?

I have a CSV file uploaded as a lookup. I am using the userID from my search with the lookup, but for some reason, th...

by Path Finder in

How can I chart 24hr difference between Fields at exactly 7am over the last 7 days

I am capturing events every minute. Within the events, there is a continuously compounding field: "FlowTotal_Running_...

by Engager in

SEDCMD search inline question

I am trying to test a sedcmd command, inline, that Im going to add. I am finding a string and replacing it with a fie...

by Builder in

What is the basic difference between the lookup, inputlook and outputlookup commands

Good afternoon All, I am having a hard time trying to understand the difference between "lookup", "inputlookup", a...

by Path Finder in

Why is my search with transaction and concurrency commands skipping over certain events?

I'm not sure if I can get any help here, but I am going to try cause I've been wrestling with this search/data for a ...

by Builder in

How to create a timechart in Splunk that shows how many accounts are in processing at different intervals?

Hello Splunkers Hope you are doing good, appreciate beforehand all the time you take helping us out here. So I'...

by Explorer in

How to extract fields from my _raw data into events and sort them in a table?

I will try and explain my problem to the best of my ability. I am attempting to create a saved search from which I ho...

by Explorer in

How to edit my search to compute host up times with a lookup table and importance value?

I have to take a logfile and extract certain fields to present as a percentage of availability ("UP" host_names). I ...

by New Member in

Replace string

I want to replace (" ") in my xml file to single (").Since there is some misplace of double codes in my whole file.So...

by Communicator in

I need to fill missing values in a search as NULL

I need to fill missing values from search items as NULL (not the string, but actual NULL values) I see options to ...

by Path Finder in

convert time field

i have the last sync time for my activesync clients going to splunk via powershell input. ex: LastSyncAttemptTime = ...

by Path Finder in

Use of color field in treemap visualization

Is there a working example of the use of color_field in the new Treemap visualization? I have tried the form that...

by Path Finder in

stats count help

I am pulling syslogs and attempting to count IPs that are blocked for abuse. My counts are coming up 0. the IP used h...

by Engager in

Is it possible to populate values and pass to a search pipeline based on a lookup value? (Without using JS)

I'd like to have a simple XML dropdown that selects, as an example a Device Name. deviceName,Vendor,Model mainfw,C...

by Splunk Employee in

How to add a fixed value into the stats count?

I am trying to have a single value panel. The search for the same is given below: index=* host="prodserver-*" sour...

by Engager in

How do I use regex to extract URL parameter field names

I want to extract the field names from a URL's parameters. For example my raw event might look like this: action=a...

by Explorer in

How do you use the value of a field as a keyword search?

I would like to use the value of a field as a keyword search. For example, if I have field like dest_ip="1.1.1.1", ho...

by New Member in

Is it possible to run a search with a cron expression inside the search?

My requirement is to monitor files daily, weekly, monthly, and quarterly and I have to search during a specific time ...

by New Member in

How to edit my stats search to find the percentage of a range?

I'm trying to build a simple SPL query to display the max, min, range (difference), and percent of the difference to ...

by Explorer in

How to search average response times at a specific time?

Hello, I'm trying to write a splunk query but dont know where to start with. Is it possible to write a query to se...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

show in a graph a numbers with two numbers after comma

regex to extract date from the file name

How to edit my regex to extract this value from my data?

How to edit my search to only display users that have logged on to more than 5 workstations and sort the list in descending order?

Optimize query by referring latest source data

Splunk is only reading some records from a lookup and leaving others out. Any suggestions why?

How can I chart 24hr difference between Fields at exactly 7am over the last 7 days

SEDCMD search inline question

What is the basic difference between the lookup, inputlook and outputlookup commands

Why is my search with transaction and concurrency commands skipping over certain events?

How to create a timechart in Splunk that shows how many accounts are in processing at different intervals?

How to extract fields from my _raw data into events and sort them in a table?

How to edit my search to compute host up times with a lookup table and importance value?

Replace string

I need to fill missing values in a search as NULL

convert time field

Use of color field in treemap visualization

stats count help

Is it possible to populate values and pass to a search pipeline based on a lookup value? (Without using JS)

How to add a fixed value into the stats count?

How do I use regex to extract URL parameter field names

How do you use the value of a field as a keyword search?

Is it possible to run a search with a cron expression inside the search?

How to edit my stats search to find the percentage of a range?

How to search average response times at a specific time?

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

How to Monitor Google Kubernetes Engine (GKE)

Index This | How can you make 45 using only 4?

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6