Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to get a timechart for two values, but not sort by the split-by field alphabetically?

I'm trying to plot to two separate values against another value like this timechart avg(x) avg(y) by z And I w...

by Engager in

Is it possible to extract a multivalue field from an already extracted field using fields.conf?

I was wondering if it's possible to extract an mv field, from an already extracted field, using fields.conf? For e...

by Motivator in

Too many search jobs found in the dispatch directory + Keep on extending the job expiry time + Search artifacts not removed as per ttl

I see too many search jobs present in the dispatch directory. Even after completing the jobs the expiry date keep on ...

by Motivator in

Using dedup with multiple fields

I can do the following separately, and I get the results I want. index="wineventlog" EventIdentifier="4624" | dedu...

by Builder in

My weekly timespan shows bins that are more than week boundaries

I have set up an accelerated summary for a report with summary range of 1 month. I want to report summary by week. Wh...

by New Member in

How to extract and report on field values from a large CSV file in a directory on my Splunk server that is updated daily?

I have a bit of a non-traditional application, but one which Splunk is pretty good at 95% of: There's a big file (...

by Explorer in

How can I track employees' website usage?

Hello My firm currently has the dashboard below that shows top employees utilization and top sites visited. I am ...

by New Member in

Calculate percentage

Hello, I have this query: index=dm counter="Short Equity Loop Duration" | timechart span=1h max(Value),median(Value) ...

by Path Finder in

Why am I getting error "The events associated with this job have no sourcetype information" trying to extract a field in Hunk?

I am trying to extract a field in Hunk, and I get the following error: The events associated with this job have n...

by Influencer in

How to extract each key=value as a new field from a multikv field at search-time?

At search-time, I've been able to massage my data into a multikv field like so: Is it possible to extract eac...

by New Member in

Is there any thing similar to active list or reference set in Splunk

Hi, I want to push the internal IP address (or host name) in a reference set, whenever I see any communication wi...

by Explorer in

Splunk last 7 days within current month?

Hello, I'm using dd/mm/yyyy date format and results are not correctly sorted if we are dealing with data across mo...

by Motivator in

Trying to create a search that will use the results to feed another search and output the results in a table.

So I have a search that tells me is someones account is locked. I have been asked to create an alert or search that w...

by Communicator in

Json Multi array extraction with changing/missing field name

Hi, I am trying to extract the json fields where one of the fields name can change between "stringValue" or "doubleVa...

by Explorer in

multisite replication factor

I have another site I want to add with 2 indexers and 1 search, same setup as site1. I want to have copies across bot...

by Engager in

fields not showing up from csv source with header in first line.

Hi, I have a csv file which grows every five min. it's proper header fields. But I'm not getting the headers as fi...

by New Member in

Help grouping eval results by City

Hi, My current query is | stats earliest(_time) as first_login latest(_time) as last_login by IP_address User ...

by Path Finder in

How do I only show certain values in a field?

I'm trying to group ldap log values. I have already listed them out from a comma separated value but, I'm having a ha...

by Explorer in

find all events of type X that do not have an event of type Y within 1 minute on either side

I'm new to Splunk and trying to figure out how to find all events of type X that do NOT have an event of type Y withi...

by Explorer in

Search to Provide Days in Hot/WarmDB

In our environment, we have a CIFS share that is used to store all colddb. Warm is rolled to cold when the hot/warm v...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to get a timechart for two values, but not sort by the split-by field alphabetically?

Is it possible to extract a multivalue field from an already extracted field using fields.conf?

Too many search jobs found in the dispatch directory + Keep on extending the job expiry time + Search artifacts not removed as per ttl

Using dedup with multiple fields

My weekly timespan shows bins that are more than week boundaries

How to extract and report on field values from a large CSV file in a directory on my Splunk server that is updated daily?

How can I track employees' website usage?

Calculate percentage

Why am I getting error "The events associated with this job have no sourcetype information" trying to extract a field in Hunk?

How to extract each key=value as a new field from a multikv field at search-time?

Is there any thing similar to active list or reference set in Splunk

Splunk last 7 days within current month?

Trying to create a search that will use the results to feed another search and output the results in a table.

Json Multi array extraction with changing/missing field name

multisite replication factor

fields not showing up from csv source with header in first line.

Help grouping eval results by City

How do I only show certain values in a field?

find all events of type X that do not have an event of type Y within 1 minute on either side

Search to Provide Days in Hot/WarmDB

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

How to extract all the multi-values in excel?

How to convert a large number to string with expre...

Need help on Dashboard related issue?

Why does Walklex return spaces before some of the ...

Why won't Walklex timespan follow time specificati...