Splunk Search

Discussions

Thread Info

How to alert on a value crossing over a moving average of that value?

Is there any way to do this in a single search? I know it can be done by having one search compute the moving average...

by Builder in

How can I create extract the earliest and latest times for current search and create fields for them?

I would like to display the original earliest and latest of a search as fields in my table results. My query below. ...

by Builder in

Unmatched parentheses error with replace

The following search is complaining about an unmatched parenthesis. Since the parentheses are inside of quotes, shoul...

by Contributor in

Filtering on UF for Specific Events then Delete the Rest (6.3.2)

Hello Splunkers, I've been working on filtering IIS events. What I need to keep is any event that contains auth.ow...

by Explorer in

Help with timecharts

New to splunk so aplogies if this question is not worded correctly. Trying to generate a view (sparkline?) that compa...

by New Member in

Multiple stats counts in string, need to divide one count by 2

This is my string .....| eval actionSend=if(action="Send", 1, null) | eval actionRecv=if(action="Receive", 1, null...

by New Member in

Struggling with stacked bar chart to show time spent in different places

Hi, We are trying to use Splunk to provide some nice diagrams showing execution time of critical sections in refer...

by Path Finder in

help with distinct counting in same field

Hi, I have a question for sifting through some ssl logs. Let's say you have something like this: "GET /subdomai...

by New Member in

Field mapping from number to names

Say for instance I am searching for windows event codes and types and I have a list of the event code mapping to thei...

by Path Finder in

Connect Splunk to the Internet to retrieve apps

Hello, I'm tying to add more apps to our Splunk Web GUI. Every time I click "Find More Apps" I get an error messag...

by Path Finder in

How to group results by name

Hello all, I have a search with these results compl count(Number) 0 1 p1-compliant 5 p1-no-compliant 3 p2-complia...

by Contributor in

Display phone number value without commas?

Trying to display a phone number as a single value but it is getting formatted with commas: xx,xxx,xxx,xxx What...

by Contributor in

Count Stats by Two Fields in One Search

So I'm running a search that looks like this: (host="zakta01.inno-360.com" AND mwv-landscaping.inno-360.com AND "G...

by Path Finder in

How can I use tokens in a stats function?

I want to use a dropdown to change the field that the stats command function uses in calcuation. my token is called m...

by Builder in

Combine two searches using Eval with Case statement.

by New Member in

Search to find missing data using lookup table with multiple fields

Hello, I am trying to find missing data in Splunk from a lookup table using inputlookup. My lookup table is: ne...

by Path Finder in

How to show text values in a timechart?

I have the following information extracted from the log file: 03.03.2016 04:46:23 : Execution time in minutes: 4,3...

by Path Finder in

Why does a new field extraction not work on the search head just I created it on, but works immediately on other members in the search head cluster?

Running the latest Splunk 6.2.2 with search head clustering. I found that when I create a new search field extraction...

by Builder in

mvexpand truncate result because of exceed 500MB memory usage

Dears, i have splunk 6.3.3 and i am using query that have command mvexpand but mvexpand truncate result because of...

by Explorer in

charting.data.count worked in Splunk 6.2.x, but why not in Splunk 6.3.0? Is this a known issue?

Dear community, We have several dashboards where we need to display more than the default 100 results in a visuali...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to alert on a value crossing over a moving average of that value?

How can I create extract the earliest and latest times for current search and create fields for them?

Unmatched parentheses error with replace

Filtering on UF for Specific Events then Delete the Rest (6.3.2)

Help with timecharts

Multiple stats counts in string, need to divide one count by 2

Struggling with stacked bar chart to show time spent in different places

help with distinct counting in same field

Field mapping from number to names

Connect Splunk to the Internet to retrieve apps

How to group results by name

Display phone number value without commas?

Count Stats by Two Fields in One Search

How can I use tokens in a stats function?

Combine two searches using Eval with Case statement.

Search to find missing data using lookup table with multiple fields

How to show text values in a timechart?

Why does a new field extraction not work on the search head just I created it on, but works immediately on other members in the search head cluster?

mvexpand truncate result because of exceed 500MB memory usage

charting.data.count worked in Splunk 6.2.x, but why not in Splunk 6.3.0? Is this a known issue?

Improve Your Security Posture

Maximize the Value from Microsoft Defender with Splunk

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Why are there Different results with "earliest" th...

Why is website monitoring app not pulling data?

How to achieve readable date format for scatter pl...

How to change the date format of the Date Picker i...

Maximun disk usage quota- Why are alerts not sendi...