Splunk Search

Discussions

Thread Info

When using the "stats" command, why do the number of results differ when one field is added or removed?

I have noticed that the search results between table and stats can vary if one of the fields returns a null result. B...

by Motivator in

Is using DELIMS in transforms.conf appropriate for a syslog event that contains null values?

I have a syslog event, in which it's format remains constant, however i'm having some trouble leveraging transforms.c...

by Motivator in

How to exclude old data that has been updated?

Hi, So I am trying to write a query for a ticketing system. This ticketing system has a unique ID for each ticket ...

by Explorer in

How to edit my stats search to only display results older than X days?

I am running this stats latest search for Microsoft Cloud Services UserLoggedIn: index=o365 Operation=UserLoggedI...

by New Member in

How do I use a timerange picker in conjunction with a saved search on a dashboard?

I have some dashboards that have many panels. What I would like to do is convert these panels to saved searches and t...

by Builder in

In a chart overlay, how to force a line graph to the edges of a column chart?

Created a column visualization, use chart overlay, and overlay a line or two. Look at my chart and see that the lines...

by Motivator in

How to edit my "rex" search in order to extract the User ID in my sample data?

Another regular expression/rex field extraction question: How do I get USERID between timestamp and '@JavaClient' ? ...

by Explorer in

Is there a way to enable DNS caching in Splunk in order to not overwhelm a DNS server with repetitive lookups?

by Motivator in

How to edit my search to display individual event counts for each sourcetype?

I have the following search and it works pretty well, however I need to see the event counts for each of the sourcety...

by Path Finder in

How to make a "rex" search a permanent field extraction in props.conf and transforms.conf?

Hi all, I have this expression to extract the character part of one string: ... | rex field=Equipment "^(?<TEST...

by Builder in

How do I get Splunk to use meaningful variable name labels?

I'm a Newish Splunk Power-user. I have indexed results from analyzed emails from the publicly available Enron /maildi...

by Explorer in

Why does Splunk Cloud Instance URL return "Error 500"?

My Splunk Cloud trial URL returns "Error 500". How do I recover and complete the eval? URL is https://prd-p-wls4v9...

by New Member in

Is there a way to to further extractions from an existing search time extraction using props.conf or transforms.conf?

Currently I'm doing an extraction on a log file like so: [AUDIT_PARSE] REGEX = \x5b[^\x5d]+\x5d\s+(\w+)\s+(?:\x7b(...

by Explorer in

Mixed column and line chart

Is it possible to create a mixed column and line chart? Ideally, I'd like to create a chart with a couple of stacked ...

by Communicator in

How to troubleshoot why users get 404 not found error when querying the REST endpoints?

One of our clients is trying to use REST API services. He is working on a Web/mobile team which is considering an inn...

by Explorer in

How to edit my search to find the amount of license usage per Active Directory event code?

how would i search to see how the amount of license usage per Active Directory (AD) event code? looking to add it to...

by Contributor in

How to compose a search to compare the difference between hosts?

I am trying to build an alert off based of a search that shows me only hosts that have not logged the following strin...

by New Member in

How to use an existing saved search/report as a subsearch?

I'd like to prevent code / search syntax duplication; but often times I want to use the results of a saved search to ...

by Communicator in

Save value into a variable

Hi, I use Talend Open Studio to collect data on Gitlab (via Gitlab API) and send them to Splunk. As Gitlab cont...

by New Member in

How to make combine multiple string searches and count all combinations

I am logging some settings and whether they are enabled or disabled. I want to make a table combining some of the opt...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

When using the "stats" command, why do the number of results differ when one field is added or removed?

Is using DELIMS in transforms.conf appropriate for a syslog event that contains null values?

How to exclude old data that has been updated?

How to edit my stats search to only display results older than X days?

How do I use a timerange picker in conjunction with a saved search on a dashboard?

In a chart overlay, how to force a line graph to the edges of a column chart?

How to edit my "rex" search in order to extract the User ID in my sample data?

Is there a way to enable DNS caching in Splunk in order to not overwhelm a DNS server with repetitive lookups?

How to edit my search to display individual event counts for each sourcetype?

How to make a "rex" search a permanent field extraction in props.conf and transforms.conf?

How do I get Splunk to use meaningful variable name labels?

Why does Splunk Cloud Instance URL return "Error 500"?

Is there a way to to further extractions from an existing search time extraction using props.conf or transforms.conf?

Mixed column and line chart

How to troubleshoot why users get 404 not found error when querying the REST endpoints?

How to edit my search to find the amount of license usage per Active Directory event code?

How to compose a search to compare the difference between hosts?

How to use an existing saved search/report as a subsearch?

Save value into a variable

How to make combine multiple string searches and count all combinations

Splunk Observability Cloud | Customer Survey!

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

Starting With Observability: OpenTelemetry Best Practices

search event even in achive data (cold etc.)

App to stop unwanted logs ingestion ?

Exclude unwanted apps from web-logs

AD servers with indexing delays when evt_resolve_a...

Using comparison function within mstats