Splunk Search

Discussions

Thread Info

How to make a timechart/graph from a search result?

I have some events with message field as Bar Hello.., Bar Hi..., Bar Foo... and so on. I do not know beforehand how m...

by Explorer in

How do I use the transpose command header_field argument to reformat my table?

I have a table from a timechart like this : Month LE11 LE12 LE41 January 1680 ...

by Explorer in

How to write a search to display a particular string if a certain condition is met?

If AVSResponse = x, then I need to display "matched" in the dashboard report. Likewise, if I have more than 10 value ...

by New Member in

Why are there differences between _time, _raw time, and indexed_time for my event?

query: Search to find latency: Index=XXX source=abcd.csv | eval indexed_time=strftime(_indextime, "%+") | eval ...

by Explorer in

How to delete logs permanently from an indexer in an indexer cluster using a search?

I want to delete logs from the last 3 months permanently from each indexer present inside the indexer cluster using a...

by Explorer in

Multiple Firewall Denies followed by an allow from the same source IP

I'm looking for a way to create a splunk query (and then into a real time alert) when the below conditions are met. ...

by Engager in

How to find first and last occurence of a value in a field when that value in the field gets changed?

We have a requirement to count the total number of unscheduled outages in a month. The scenario is as follows: 1) ...

by New Member in

Change color scheme for test environment

It doesn't look like there's an easy way to change the colors, etc. for splunk, but it would be very helpful to ident...

by Path Finder in

search results sum count by date?

Hi, Im trying to sum results by date: CreatedDate ------ count 2015-12-2 ------ 1 2015-12-1 ------ 4 2015-11-30 -...

by Communicator in

What are the differences between the lookup and inputlookup commands?

Is there any reason why this command would work: | inputlookup myfile | search SERIAL_NO "1234" | table X, Y, Z ...

by New Member in

lookup 正規表現

lookupコマンドについて確認させてください。実現したいこと： 　CSVでシスログのホワイト・リストを作成し、シスログ参照時にCSVのホワイトリストのステータスを参照し、messageが「ignore」については表示しないよ...

by New Member in

Query to capture distinct source IP who triggered multiple signatures

Dear Experts, I require help to create the query. I am creating the rule if single(unique) source triggered disti...

by Path Finder in

How to combine two field extractions into 1 with regex?

I read in the best practices that if possible, combine two field extractions in to 1. This will improve the efficienc...

by Contributor in

Renaming _time field causes an unwanted result

Good Morning all. I'm experiencing a strange behavior when I try to rename _time's field. My goal is to run a sear...

by Path Finder in

Large Lookups, Max number of look up rows?

Any Gurus have experience with a large lookup table? For example my lookup table seems to be 3 GB worth of line that ...

by Communicator in

How to write a search with an outer join to only return results from index=A that are not found in index=B?

I'm looking for the join syntax for an outer join in Splunk that is not "all of A and all of B that's in A". Rather, ...

by Explorer in

Compare count of unique values over two different time periods

Please forgive my ignorance, I am newbie to Splunk. I am trying to depict a unique count of users over two different ...

by Explorer in

Limit an Apps Search Context

I'm hoping to create apps for each of our departments that only allow them to search specific data from splunk. This ...

by Path Finder in

How to combine two of the same type of message string and show table data?

I have one index as foo. In this index there are messages like Bar Baz Hello...., Bar Baz Blah..., Bar Hi.... I want ...

by Explorer in

How do I create a stacked bar chart with my data set?

Hi Guys, I have the following data set that i retrieve using a search : host calltype count ...

by Explorer in

Pie chart labels blank (except "Other")

I have some pie charts on a dashboard: <dashboard> <label>Mail Gateway Summary</label> <row>` <chart> ...

by Path Finder in

strptime/strftime not working

Hi, I am a newbie to splunk and would like to know how to solve the following problem. I have a SharePoint dump wh...

by Engager in

How to perform calculations based on rex extracted fields?

index=aap_prod sourcetype="HDP:PROD:OOZIE" | rex "TOKEN\[\] APP\[(?<JobName>[^\]]*)" | rex "ACTION\[[^\@]*(?<Actio...

by Communicator in

Have to remove the last section of IP addresses before getting a stats count for each one?

Hi, I have a list of IPs, and I want to create a chart showing traffic from them, but I also want a version which ...

by Path Finder in

How to count by Week not using Splunk Timestamp

Problem I want to be able to create a timechart that outlines the company's incident count by week. The issue I...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to make a timechart/graph from a search result?

How do I use the transpose command header_field argument to reformat my table?

How to write a search to display a particular string if a certain condition is met?

Why are there differences between _time, _raw time, and indexed_time for my event?

How to delete logs permanently from an indexer in an indexer cluster using a search?

Multiple Firewall Denies followed by an allow from the same source IP

How to find first and last occurence of a value in a field when that value in the field gets changed?

Change color scheme for test environment

search results sum count by date?

What are the differences between the lookup and inputlookup commands?

lookup 正規表現

Query to capture distinct source IP who triggered multiple signatures

How to combine two field extractions into 1 with regex?

Renaming _time field causes an unwanted result

Large Lookups, Max number of look up rows?

How to write a search with an outer join to only return results from index=A that are not found in index=B?

Compare count of unique values over two different time periods

Limit an Apps Search Context

How to combine two of the same type of message string and show table data?

How do I create a stacked bar chart with my data set?

Pie chart labels blank (except "Other")

strptime/strftime not working

How to perform calculations based on rex extracted fields?

Have to remove the last section of IP addresses before getting a stats count for each one?

How to count by Week not using Splunk Timestamp

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!