Splunk Search

Ask a Question

Discussions

Thread Info

Transaction Command startswith & endswith not working without filtering the events

I am grouping events using the transaction command. Sample search which gives expected results below : Successful Se...

by Path Finder in

How to compare two cells when using table_cell_highlighting.js

I am using table_cell_highlighting.js and right now I have something like this working: if (cell.field =...

by New Member in

How to save search results as a variable to then search against a lookup table?

Hello all, I am trying to figure out how to save the results from a search and then check if they exist in my look...

by Path Finder in

What is the best way to search email subjects by "is" or "contains"?

Scenarios: 1) searching email logs for an exact subject so I use quotes index=mail sourcetype=xemail subject = "ex...

by Contributor in

How to chart cumulative distinct count over time?

With dc(mykey) as DC1, I can plot how many distinct values of mykey is incurred for the fixed time span. If values of...

by SplunkTrust in

query for percentage with count

I am trying to write a search, like Requests per second and its percentage based on total count. Please help me out i...

by New Member in

How to get total of unique senders and recipients from Index=msexchange

I think I was able to get the total number of unique senders and unique recipients. But, now I need the total of uniq...

by New Member in

How to compare 2 searches and alert on the differences?

I am trying to alert if one of my servers is left out of load balance for a specific amount of time. My current s...

by New Member in

Can you mask data at index-time conditionally?

Given data like this: v1=1 v2=2 v3=3.45 v4=4 key=bad v1=6 v2=7 v3=8.45 key=good v4=9 I want to mask the vX val...

by Influencer in

How to edit my search to create a table with the distinct count of users by domain?

I am trying to create a table that shows the number of distinct users that have logged into a machine. I am having pr...

by Builder in

How to automatically extract the JSON object before indexing so I don't have to use spath in my search?

Hi, How do I extract the JSON object before indexing itself? Right now I'm extracting using the below search. ...

by Path Finder in

Is data extraction possible in the period of the April opening?

I make the panel of the dashboard now to display the number of the access of the application with a bar graph from t...

by New Member in

How do I search using a data model?

I've been working on a report that shows the dropped or blocked traffic using the interesting ports lookup table. I w...

by Explorer in

How do I edit my current regex to extract fields from my sample data?

Looking for assistance on manually building a regex for the following data. Here is the data below and how far along ...

by Path Finder in

Advice on how to better search Splunk>answers

I'm trying to work on a dashboard that's gotta be nothing new. But when I search in Splunk>answers I'm not able to dr...

by Explorer in

Time range picker -1d

Hello, I'm not even sure how to ask this question correctly but we are running a trend analysis. The below dashboard...

by New Member in

Why does my regular expression work with rex, but not as a configured field extraction?

I'm trying to extract a value from a fairly simple XML document. My regular expression works fine in search (rex) and...

by Path Finder in

How to set up a chart drilldown in Simple XML so a new search is used based on a selected column?

Hey all: I am fairly new to this. I have tried to set up a chart drilldown after which I can swap out the original...

by New Member in

Why am I not getting the expected output with my current search?

Hi Experts, I want to create a trend of UPS load over time. I can get a UPS overtime trend by getting the sum of t...

by Explorer in

How to apply regex rules in props.conf and transforms.conf to filter unstructured data before indexing it in Splunk?

The requirement is a multilevel filter 1. I need to create a line break at Header|521|02|00|521| which I am doing usi...

by Explorer in

Why is my search no longer excluding results from a lookup table?

index=test action=allowed app=smtp client_ip!=x.x.x.x | iplocation dest_ip | stats count values(Country) values(clie...

by New Member in

How to write a search to get a predicted value based on a date and a number of data points?

I have looked at the predict cause and the "x11", however, I'm still struggling to find the right searcg to get the d...

by Explorer in

How do I edit my current search to compare the values of 2 fields efficiently?

Hello, I want to compare results of 2 searches, I am using a subsearch and a join index=1 | table field1 | eval...

by Influencer in

"Your maximum number of concurrent searches has been reached" Why are scheduled reports not cached?

Background: I created a dashboard (actually a few dashboards) that used many heavy hitting searches. Well, the Splunk...

by Path Finder in

How do I find the time difference between these two events?

Hello, I have following events: event 1: product_category=dvd product_name="the martian" event=to_basket eve...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Transaction Command startswith & endswith not working without filtering the events

How to compare two cells when using table_cell_highlighting.js

How to save search results as a variable to then search against a lookup table?

What is the best way to search email subjects by "is" or "contains"?

How to chart cumulative distinct count over time?

query for percentage with count

How to get total of unique senders and recipients from Index=msexchange

How to compare 2 searches and alert on the differences?

Can you mask data at index-time conditionally?

How to edit my search to create a table with the distinct count of users by domain?

How to automatically extract the JSON object before indexing so I don't have to use spath in my search?

Is data extraction possible in the period of the April opening?

How do I search using a data model?

How do I edit my current regex to extract fields from my sample data?

Advice on how to better search Splunk>answers

Time range picker -1d

Why does my regular expression work with rex, but not as a configured field extraction?

How to set up a chart drilldown in Simple XML so a new search is used based on a selected column?

Why am I not getting the expected output with my current search?

How to apply regex rules in props.conf and transforms.conf to filter unstructured data before indexing it in Splunk?

Why is my search no longer excluding results from a lookup table?

How to write a search to get a predicted value based on a date and a number of data points?

How do I edit my current search to compare the values of 2 fields efficiently?

"Your maximum number of concurrent searches has been reached" Why are scheduled reports not cached?

How do I find the time difference between these two events?

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

AppDynamics is now part of Splunk Ideas

Advanced Splunk Data Management Strategies

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...