Splunk Search

Community Activity

How to create correct format inside a multivalue field? Hello to all, I have a multivalue field with a date and also a null value. In addition I have the problem that the fo... by Flenwy Explorer in Splunk Search 08-17-2023 0 4	0	4
How to Find new users in the last 24 hours and see if they were subsequently added to two groups? Greetings! I have been googling, pluralsighting, reading splunk docs and I am extremely new to splunk. I did search t... by jdtokenring Engager in Splunk Search 08-17-2023 0 2	0	2
How to Extract the data after second special character? Hello, I want the extract everything after the second slash(/) OR Everything from the last till the first slash (/) ... by Neel881 Path Finder in Splunk Search 08-17-2023 0 6	0	6
How to create a table? Hi, I need help with creating a table in Splunk that displays all the components below: I too need to create anot... by Imhim Explorer in Splunk Search 08-17-2023 0 3	0	3
How to Summarize on distinct value? Hello there,I would like some help with my query.I want to summarize 2 fields into 2 new columns One field is unique,... by hvdtol Path Finder in Splunk Search 08-17-2023 0 4	0	4
Why is splunk.pie is not defined? Hi I need some help.I have a Splunk add-on that worked fine and showed pie charts and single values in a dashboard.I ... by roys Loves-to-Learn in Splunk Search 08-17-2023 0 0	0	0
How to do stats count for different day? \| stats count by field1 field1 field2 field3 only show yesterday count, how can I show count1 for yesterday, count2... by rick1168 Engager in Splunk Search 08-17-2023 0 5	0	5
Why am I able to get values via joining on an input lookup command, but cannot get values when using the actual lookup? I have a sourcetype that is exhibiting very odd behavior. If I try to run a lookup command such as the following:ind... by briancronrath Contributor in Splunk Search 08-16-2023 0 4	0	4
How To Sum Hourly Column Results In A Separate Column I am looking to sum up cumulative column totals by hour in a separate column.Here is the search:index=main CompletedE... by mark_groenveld Path Finder in Splunk Search 08-16-2023 0 3	0	3
When searching for IP, how to only show the subnet, not the whole IP I have this searchindex="firewall" dest_ip=172.99.99.99 dest_port=* \| stats count by src_ip,dest_port,action,src_user... by rune_hellem Contributor in Splunk Search 08-16-2023 0 1	0	1
How to add a label to a char legend? I would like to add a label for the upper/lower 95. I was wondering how I could do that. Id like to have it the same ... by Abass42 Communicator in Splunk Search 08-16-2023 0 1	0	1
how do I count values based on many values using a multiselect filter Hi I am trying to count values based on values if they equal a range of values. Is that possible? \| search fieldName=... by Talking_Master Explorer in Splunk Search 08-16-2023 0 1	0	1
LOOKUP table: How to add id field name.csv file? I have two lookup table call name.csv and id.csv. both has matching field call fullname.id.csv file has id field but ... by abi2023 Path Finder in Splunk Search 08-16-2023 0 2	0	2
Workflow actions and variables Hi,We have a internal wiki with tons of useful informations about hosts and IPs.I'm trying to set up a workflow that ... by gargantua Path Finder in Splunk Search 08-16-2023 0 2	0	2
Why is my lookup field from KV store in datamodel not showing correct results? Hi,I have an accelerated datamodel. This datamodel have a lookup field based on a KV store lookup, that is, the datam... by hettervik Builder in Splunk Search 08-16-2023 0 1	0	1
How to write code for planned downtime in day wise by Luckyyyy New Member in Splunk Search 08-15-2023 0 1	0	1
How to create HTML code in separate panels? Dears, i have a problem with my dashboard using html inside the <row>. what i want to achieve is having 2 tabs so th... by Splunk_ZE Engager in Splunk Search 08-15-2023 0 3	0	3
How to create Inner Join with subsearch using Splunk Python? I'm doing a main search of a sourcetype, then I need to join with a csv file using the inputlookup, both the main sea... by RBolconte Loves-to-Learn Lots in Splunk Search 08-15-2023 0 8	0	8
How do we know if user stopped or pause the search while running the splunk query The query below is showing some details about ad-hoc searches. The “info” field in index=_audit has 4 possible values... by harishsplunk7 Explorer in Splunk Search 08-15-2023 0 2	0	2
[ABUSE] By: Abdulkareem / Board: apps-add-ons-all (79599) Link to post: (Issue with Management activity Logs) by Abdulkareem https://community.splunk.com/t5/All-Apps-and-Add-o... by Abdulkareem Engager in Splunk Search 08-15-2023 1 0	1	0
How to create Dependent Multiselect filter in Splunk dashboard? Hi I have a dashboard with multiple filters. I have a "customer" and "subsidiary" filter. I want the "customer" filte... by itnewbie Explorer in Splunk Search 08-15-2023 0 1	0	1
How to get the sourcetype count by each source top 10 events counts I need to get the sourcetype count by each source top 10 events counts in splunkExample : I have 3 sourcetype and se... by harishsplunk7 Explorer in Splunk Search 08-14-2023 0 3	0	3
How to compare two matching field from two look up table? I have two lookup table call lookup1.csv and lookup2.csv both has matching field call fullname.I want match my lookup... by abi2023 Path Finder in Splunk Search 08-14-2023 0 1	0	1
Flagged Risky Commands- Why is Splunk no longer recognizing command? We have this dashboard that recently started alerting us on a risky command. We were using the fit command. I fol... by Abass42 Communicator in Splunk Search 08-14-2023 0 2	0	2
How to extract key-value pair from json object? I have a JSON event like this: { ...otherfields..., "fields": { "id1": 123, "id2": 456, "id3": 789, ... },... by itnewbie Explorer in Splunk Search 08-14-2023 0 2	0	2