Splunk Search

Discussions

Thread Info

How to add a column with the max values for a set of fields on each row and add these values in the totals row?

I need to add a maximum column for a set of fields on each row (created using chart ... OVER ... BY ... ), and then a...

by Engager in

What is meant to clean up dispatch?

Splunk recently fell over because the dispatch directory (on an ext2 filesystem) hit 32000 directory entries, so the ...

by Engager in

How to search the last 90 days of BlueCoat logs for the top 100 websites?

This is the criteria I'm using: index=bcoat_logs sc_filter_result!=DENIED cs_host!="-" | stats count(cs_host) by c...

by New Member in

How to edit my search to get the counts and eval results for each value of a certain field?

The below returns the correct results, but I only get the RequestOne, RequestTwo, and meetscriteria fields when field...

by Engager in

To Get sum of hosts

Hi, i have a simple query where i am getting response times by host. i want to get the sum of hosts as a filed. I ...

by Contributor in

How do I table 3 distinct values within the same event if all values share the same field name?

Hi, In my log, I have the same name field for three distinct values in the same event. For example: ... Securit...

by Communicator in

Captain Skipping Configuration Replication

Hi guys, I'm having a problem with my environment, we have 15 machines, 1 Master, 1 Deploy, 1 Universal Forwarder,...

by Contributor in

"Unanswered" Questions

As a note: 17:30 CET - 4,825 questions, 1,069 unanswered!?! There are so many answered questions still "open" / un...

by Contributor in

How to search the count of each Windows event code in my data and run arithmetic operations with these counts to display on a timechart?

Hello! I have some Windows event log data with 5 different event codes. I need to count by each of the event codes...

by Builder in

How to create a panel that displays response events which take longer than the time of X to respond?

Hey fellow Splunkers, I have a very complex problem which I am attempting to solve and thought it couldn't hurt to...

by Explorer in

What is the difference between `tstats` and tstats?

Hi all, I'm trying to build a simple dashboard that shows a simple graph of bytes sent by a web server. I realize ...

by Engager in

How to add the result of 2 calculations in 2 searches?

I have 2 searches which from the log I calculate a difference of a number at the current time and the beginning of th...

by New Member in

Search to display a table of only Active alerts in time frame

I am trying to build a table that will show the active alerts for SNMP trap data ingested via a text file. I can ...

by Path Finder in

How to Sort the "count by..." results

I am using the search below for the locked out accounts - Should be possible to sort the result by the user with high...

by Path Finder in

Active Directory LastLogonTimestamp EVAL/WHERE Date Math

I'm attempting to locate systems that have not logged into AD for 90 days. I am using the following search; index=...

by Communicator in

How to extract the date from the file name without modifying datetime.xml?

Hi everyone, I am currently trying to extract the date from the filename so I can use it for all events include in...

by Path Finder in

Segregate data base on IP Address

I am looking for the best solution for segregate data into multiple indexes. There are IP addresses (very vary) being...

by New Member in

How to extract XML field data using transforms.conf?

How to extract xml data contained in AUDDET_STR field in the following event using transforms.conf settings? "2016...

by Contributor in

How to write a search to join the data from four lookups on a unique field?

Hello Experts, Can you please help me with a search to join these four lookups on login (unique field). Lookups L...

by Observer in

Why does is the "eval if" statement in my search not working as expected?

I am trying to run a search which sets a new value depending on another field value. Below is my serach: inde...

by Path Finder in

How to edit my lookup search to display multiple fields after matching domains in a CSV file?

Scenario: I am matching dns queries to the domains listed in malware_domainsdm.csv. The .csv has multiple fields that...

by Contributor in

Using an iframe to embed a report on a website, the bar chart visualization shows, but why is the table of data missing?

Hi I created a report with Table data and bar chart together. When I embed this report and use iframe codes in t...

by Path Finder in

How to count a sum of events since a specified time?

How to count how many events are over 1 yr old? And better yet, how to show a pie chart comparing against the entire ...

by Explorer in

How do I filter my search using inputlookup with a CSV file?

I have created a search that searches for any Windows logon events in my environment. index=windows EventID=528 O...

by Engager in

How to create a summary index to compare data with daily?

Good afternoon, everyone I'm looking for a solution for my idea like this: Today, I want to create a first baselin...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to add a column with the max values for a set of fields on each row and add these values in the totals row?

What is meant to clean up dispatch?

How to search the last 90 days of BlueCoat logs for the top 100 websites?

How to edit my search to get the counts and eval results for each value of a certain field?

To Get sum of hosts

How do I table 3 distinct values within the same event if all values share the same field name?

Captain Skipping Configuration Replication

"Unanswered" Questions

How to search the count of each Windows event code in my data and run arithmetic operations with these counts to display on a timechart?

How to create a panel that displays response events which take longer than the time of X to respond?

What is the difference between `tstats` and tstats?

How to add the result of 2 calculations in 2 searches?

Search to display a table of only Active alerts in time frame

How to Sort the "count by..." results

Active Directory LastLogonTimestamp EVAL/WHERE Date Math

How to extract the date from the file name without modifying datetime.xml?

Segregate data base on IP Address

How to extract XML field data using transforms.conf?

How to write a search to join the data from four lookups on a unique field?

Why does is the "eval if" statement in my search not working as expected?

How to edit my lookup search to display multiple fields after matching domains in a CSV file?

Using an iframe to embed a report on a website, the bar chart visualization shows, but why is the table of data missing?

How to count a sum of events since a specified time?

How do I filter my search using inputlookup with a CSV file?

How to create a summary index to compare data with daily?

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions