Splunk Search

Discussions

Thread Info

table order with eval

I've got a search that does a |table prior to doing an |eval for ldapfilter. The search results are displayed in a se...

by Path Finder in

How to set the Background Color of a Chart?

Hi, We want to represent two Criticality Zones for an attribute on a Chart. Based on a Critical Threshold Series ...

by Path Finder in

Limit on number of OR conditions in a search query

Hi, I would like to know if there is a limit to the number of OR conditions that we can include as part of a searc...

by Communicator in

how to remove last character of a field value from the search results

by New Member in

How do I combine two searches and only return results from Search2 that are missing from Search1?

Hello Splunkers, I am running two separate searches, both of which are running fine. The results of these two sear...

by Contributor in

How to add search peers in a search head cluster?

Is there a trick to adding search peers with a search head cluster? I have to add 20 new indexers very soon and I don...

by Builder in

How to write a search to match Event 3 with Event 1 and match Event 4 with Event 2?

Hello All, Need help in building a search. Below is my log file events format: Event 1 -- RequestType1 Event 2 ...

by Contributor in

Merge two indexes (ids with proxy) for more alert depth correlation

I have two indexes for ids (suricata) and proxy (Cisco WSA), I'd like to correlate when splunk finds an IDS alert and...

by Communicator in

How to write a search to find which user did a sudo to root for the last 2 days on Linux servers?

Would it be something like: sourcetype="/var/log/secure" eventtype="su_authentication"

by New Member in

How to count how many times a field value has changed from one to another?

Hi, In my data I have a "Status" field. The status can be in one of 3 states: Connected, Connecting, Disconnected. I ...

by Engager in

Trouble Joining Firewall and DHCP logs by IP address

Hello All, been banging the head against the desk for awhile on this one; tried join, transaction, and a few other th...

by Path Finder in

How to update a lookup periodically?

Hi All, I'm wondering what would be the best way to download the latest CSV from http://cyberthreatalliance.org/cr...

by Explorer in

How to troubleshoot why I'm missing events in my search results?

Hi, I have an issue with a search, that I also use as an alert, which is not finding current events: So...

by Communicator in

JSChart Drilldown - Show drilldown table when page loads

I would like to know if there is a way to perform and inline drilldown from a JSChart to a Table but have the table s...

by Explorer in

How to make a search run or populate a dropdown if condition is met using simple xml?

So I have a dropdown called Repository, that populates a search and another dropdown called Namespace that has set ch...

by Path Finder in

How to search the count of both fail and total numbers from a data model?

I want to get fail number and total number from one data model, but I cannot figure out how to do this. My search is ...

by New Member in

How to retrieve time\date after distinct count search?

Hi, My search is: mysearch | stats dc(Errorcode) as Errors By Name I want to get results for 2 options: ...

by Communicator in

How to change the chart label size in Simple XML in Splunk 6.3?

Hi I want to change chart label size in Simple XML. I find in Splunk 6.2 there is one option that can be used ...

by Engager in

Can Splunk Web Console through IPv6

Do anyone know how to enable Splunk Web to be access via IPv6 address schema? Can dual-stack (IPv4 and IPV6) access a...

by Engager in

Is there a way for different users/departments to only view their respective lookup files based on their assigned user roles?

Hey Everyone, I'd like to make sure that different user/department will only be able to view their respective look...

by Explorer in

How to make a timechart/graph from a search result?

I have some events with message field as Bar Hello.., Bar Hi..., Bar Foo... and so on. I do not know beforehand how m...

by Explorer in

How do I use the transpose command header_field argument to reformat my table?

I have a table from a timechart like this : Month LE11 LE12 LE41 January 1680 ...

by Explorer in

How to write a search to display a particular string if a certain condition is met?

If AVSResponse = x, then I need to display "matched" in the dashboard report. Likewise, if I have more than 10 value ...

by New Member in

Why are there differences between _time, _raw time, and indexed_time for my event?

query: Search to find latency: Index=XXX source=abcd.csv | eval indexed_time=strftime(_indextime, "%+") | eval ...

by Explorer in

How to delete logs permanently from an indexer in an indexer cluster using a search?

I want to delete logs from the last 3 months permanently from each indexer present inside the indexer cluster using a...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

table order with eval

How to set the Background Color of a Chart?

Limit on number of OR conditions in a search query

how to remove last character of a field value from the search results

How do I combine two searches and only return results from Search2 that are missing from Search1?

How to add search peers in a search head cluster?

How to write a search to match Event 3 with Event 1 and match Event 4 with Event 2?

Merge two indexes (ids with proxy) for more alert depth correlation

How to write a search to find which user did a sudo to root for the last 2 days on Linux servers?

How to count how many times a field value has changed from one to another?

Trouble Joining Firewall and DHCP logs by IP address

How to update a lookup periodically?

How to troubleshoot why I'm missing events in my search results?

JSChart Drilldown - Show drilldown table when page loads

How to make a search run or populate a dropdown if condition is met using simple xml?

How to search the count of both fail and total numbers from a data model?

How to retrieve time\date after distinct count search?

How to change the chart label size in Simple XML in Splunk 6.3?

Can Splunk Web Console through IPv6

Is there a way for different users/departments to only view their respective lookup files based on their assigned user roles?

How to make a timechart/graph from a search result?

How do I use the transpose command header_field argument to reformat my table?

How to write a search to display a particular string if a certain condition is met?

Why are there differences between _time, _raw time, and indexed_time for my event?

How to delete logs permanently from an indexer in an indexer cluster using a search?

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions