Splunk Search

Ask a Question

Discussions

Thread Info

Extraction of a substring and comparison in a loop

Hi, I need to search for an element A present in one of the fields let's say field 1. Some of the values presen...

by Explorer in

How to set different colors for each row of my results in dashboard panel?

Hi, Can someone please advise, how we can set different colors in a dashboard for each single row? Our data lo...

by Path Finder in

The automatic timechart range changed after upgrading from Splunk 6.3.1 to 6.3.3. What can we set to revert to the old behavior?

We have certain source types where there is only data from months ago. When putting this into a timechart, the chart ...

by Communicator in

How to create a stacked bar graph showing total time and (total time-pending) stacked by filter?

I want to create a stacked bar graph showing 2 columns stacked by department: 1 column is the total time and the seco...

by Explorer in

Change the ''Waiting for data... '' message with a value or word

My search : index=test | where Value>=95 | stats count(Value) as Events by Host The result : if ther...

by Communicator in

How can I know when Splunk reaches the 10000 result limit in a search to output a certain message?

In my search, I calculate some values, but if I reach the 10000 result limit, I get wrong results. I would like chang...

by Path Finder in

How to create a table based on certain fields from the Output Results?

Hi Splunk Support, I'm trying to create a table based on certain fields from the Output Results: Search String...

by Explorer in

How to configure a universal forwarder to add search-time metadata to all events?

Hi Everyone, Our setup is a universal forwarder --> heavy forwarder --> indexer. I am looking to modify a universa...

by New Member in

Difference between earliest -2d and earliest -2d@d?

Hello, Could someone please delineate the difference between these two earliest commands: earliest=-2d earli...

by Explorer in

How do I edit my regex to extract this field from my sample event?

Want to extract only /ubi-v2/api/scoresummary from the below mentioned event in a field. Rex used: `| rex "(?<rem...

by Communicator in

How do I get span=1m to work with eventstats in the same search?

This is my search so far. sourcetype="spam" |eventstats count as total|search block_code="*" |eventstats count as...

by Engager in

How to write the regex to extract numbers between two hyphens?

I have the following string 2016-02-17 field and I would like to extract the 02 between the hyphens. Does someone hav...

by Engager in

|metadata - Need results for Custom time range

|metadata type=hosts earliest=-1d latest=now This displays the overall eventcounts for the available hosts but no...

by Motivator in

How can I search IPs within the Rapid 7 App for Splunk Enterprise?

I'm trying to search for some IPs of interest within the Rapid 7 App for Splunk Enterprise. Is there a way to do that...

by Engager in

How to configure transforms.conf for different count values while not breaking current existing regexes that are working?

Is there a way to create a transforms for separate values while not breaking current regex instances that are working...

by Contributor in

How to use each value in a column to determine count of "success", "failure", or "error", then calculate the success percentage?

I have a search, something like this: search stuff | rex "extract cat" | rex "extract field2" | rex "e...

by Engager in

How to configure REGEX in a props.conf source stanza to match all sources except ones including "/splunk/"?

Hello, We would like to match all sources except the ones including /splunk/ in props.conf. Example: No match f...

by Path Finder in

How to edit my search to extract Splunk user accounts and the dates they were created?

Hi, I wonder whether someone may be able to help me please. I'm using the search below to extract the date when Sp...

by Motivator in

Using multiple searchTemplates in a dashboard, why is the search from the first panel being run in the second panel?

Hi, I wonder whether someone may be able to help me please. I've put together the following form. <form> ...

by Motivator in

Alternatives to left outer join on large dataset and processing inline logic ?

I have two searches with the result as displayed below. Here I want to find the service related to each activity base...

by New Member in

How can filter top search in a month with timeframe

Hello, How can i display latest dates of searches with time frame, I need to filter top search in a month, any opt...

by New Member in

How to search the owner of reports and dashboards?

A user no longer exists in Splunk, but their reports and dashboards are still there. Is there a search to fix this?

by New Member in

How do I write a search to replace an asterisk character in a string?

I want to replace the * character in a string with the replace command. How do I apply the * by escaping it, not to r...

by Communicator in

Adding Index-time field on intermediate forwarder

I need to trace the data from the originating forwarder through intermediate forwarders or directly onto indexers. I ...

by Communicator in

How can I compare the results of the same search by a particular date or day of the week/month?

How can I compare the result by a particular week or date for this search? sourcetype="rum" u=* |stats count,avg(t...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Extraction of a substring and comparison in a loop

How to set different colors for each row of my results in dashboard panel?

The automatic timechart range changed after upgrading from Splunk 6.3.1 to 6.3.3. What can we set to revert to the old behavior?

How to create a stacked bar graph showing total time and (total time-pending) stacked by filter?

Change the ''Waiting for data... '' message with a value or word

How can I know when Splunk reaches the 10000 result limit in a search to output a certain message?

How to create a table based on certain fields from the Output Results?

How to configure a universal forwarder to add search-time metadata to all events?

Difference between earliest -2d and earliest -2d@d?

How do I edit my regex to extract this field from my sample event?

How do I get span=1m to work with eventstats in the same search?

How to write the regex to extract numbers between two hyphens?

|metadata - Need results for Custom time range

How can I search IPs within the Rapid 7 App for Splunk Enterprise?

How to configure transforms.conf for different count values while not breaking current existing regexes that are working?

How to use each value in a column to determine count of "success", "failure", or "error", then calculate the success percentage?

How to configure REGEX in a props.conf source stanza to match all sources except ones including "/splunk/"?

How to edit my search to extract Splunk user accounts and the dates they were created?

Using multiple searchTemplates in a dashboard, why is the search from the first panel being run in the second panel?

Alternatives to left outer join on large dataset and processing inline logic ?

How can filter top search in a month with timeframe

How to search the owner of reports and dashboards?

How do I write a search to replace an asterisk character in a string?

Adding Index-time field on intermediate forwarder

How can I compare the results of the same search by a particular date or day of the week/month?

Unlock New Opportunities with Splunk Education: Explore Our Latest Courses!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

Using the map command with a subsearch not working

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

StateSpaceForecast holdback and forecast_k for eva...