Splunk Search

Discussions

Thread Info

How can I assign the day of the week to my events?

I'd like to be able to assign the day of the week to my events so I can show my users whatever happens on a Monday. I...

by Splunk Employee in

How to return a timestamp to an eval?

I'm trying to search by a specific date, so I wanted to return the date to an eval, but when I run it, I get the mess...

by Path Finder in

Normalizing (feature scaling) a datapoint

I have a search and I would like to normalize a data point so that I can use it effectively in conjunction with other...

by New Member in

How to create a chart that calculates the time taken by date/time for a distinct step within a process?

Given the below log file, I need to create a chart that shows the time taken for a given step. The time is a summatio...

by Explorer in

How to edit my search to group by multiple values?

I have a search in which I want to return the distinct number of users doing an number of actions b1 - b5 split by pl...

by Path Finder in

How I can use the rename command in my search on JSON data?

Hi.. I have json data such as {"result": [ {"EventData.mlsnumber": "1039455", "result": 1}, {"EventD...

by Path Finder in

Search problem - not finding results that should be returned from search criteria

We have been running a search that returns results for user and computer account creation. For the past week or so, t...

by New Member in

Help with writing Regex?

Can someone please help me to write a regex to get the value "78" value from the below sample data? Destination to...

by New Member in

How can I create a search to run a report on Administrator Accounts that are used to access the internet?

How can I create a search to run a report on Administrator Accounts that are used to access the internet

by New Member in

Why did my results change when I replaced dedup with stats dc in my search?

I wonder whether someone could help me please. I initially used the search below with my results for a given day s...

by Motivator in

How to use inputlookup count of results as a filter for the main search?

So I have a search which pulls the number of servers in a farm that have the "X" application installed on them. Now I...

by New Member in

Splunk DB Connect 1: How to use the transaction command with dbquery?

Hi, I am trying to run the transaction command on a SQL query with DB Connect 1. My problem is when I am using the...

by Explorer in

Unable to Put Together Join Search

Hi, I wonder whether someone may be able to help me please. After reading the Splunk documentation I'm trying to p...

by Motivator in

Sort 0 -_time

Hi, I wonder whether someone could help me please. I've inherited a search with the line sort 0 detail.ref,-_time....

by Motivator in

Besides latitude, longitude, and the search result values, how do I include the location name in a Splunk 6.2.5 map popup?

Hello, I would like to provide the name of the location, besides the latitude, longitude & values. My search is: ...

by Path Finder in

If I have a search that produces a top 10 list over the last 24 hours, how do I highlight new entries in the list??

Hello all, I have a search that just produced the Top 10 clients regarding outgoing network traffic over the last...

by Path Finder in

How do I extract multiple values from a log into one field?

Hi all, I've been struggling for a few days to extract logs from our SVN repository. Each event contains a list...

by New Member in

How to Join without subsearch to avoid hitting the max result limit?

I tried to join with subsearch but I couldn't. The Splunk subsearch max result limit is under 10500, but I need to re...

by Engager in

Does Hunk support Avro as a log format?

Does Hunk support Avro as a log format? We are reviewing the ETL process for the various ways we can write data to...

by Influencer in

How to use rex command to extract this field from my sample log?

Hi , COSE#1017 Associated kernel not found. Please see Enterprise Server log for details: SocID:19041 PID:13695 BS...

by Path Finder in

Is it possible to display a name or number on top of a chart overlay?

Hi Everyone, Is it possible to display a name or number on top of a chart overlay? I have a search that display...

by Explorer in

How to create a query using values that come from the result of a different query

Hello, So I'm logging xml requests and responses as raw strings into splunk. To get the responses searching, among...

by Engager in

How to search if Windows update was installed successfully or not on multiple servers?

Hi guys, I modified a search we found online to show us what updates were installed successfully or not. The probl...

by Path Finder in

How do I extract these strings from my sample event as values into their own fields?

=Application SourceName=RGFXQA EventCode=55 EventType=3 Type=Warning ComputerName=UPS6Z445201Y3.upstreamaccts.XOM.com...

by Builder in

When trying to display field values, why are values being truncated after an apostrophe appears in the string?

I am currently trying to write a search which will, after specific conditions are met, display the subject field valu...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How can I assign the day of the week to my events?

How to return a timestamp to an eval?

Normalizing (feature scaling) a datapoint

How to create a chart that calculates the time taken by date/time for a distinct step within a process?

How to edit my search to group by multiple values?

How I can use the rename command in my search on JSON data?

Search problem - not finding results that should be returned from search criteria

Help with writing Regex?

How can I create a search to run a report on Administrator Accounts that are used to access the internet?

Why did my results change when I replaced dedup with stats dc in my search?

How to use inputlookup count of results as a filter for the main search?

Splunk DB Connect 1: How to use the transaction command with dbquery?

Unable to Put Together Join Search

Sort 0 -_time

Besides latitude, longitude, and the search result values, how do I include the location name in a Splunk 6.2.5 map popup?

If I have a search that produces a top 10 list over the last 24 hours, how do I highlight new entries in the list??

How do I extract multiple values from a log into one field?

How to Join without subsearch to avoid hitting the max result limit?

Does Hunk support Avro as a log format?

How to use rex command to extract this field from my sample log?

Is it possible to display a name or number on top of a chart overlay?

How to create a query using values that come from the result of a different query

How to search if Windows update was installed successfully or not on multiple servers?

How do I extract these strings from my sample event as values into their own fields?

When trying to display field values, why are values being truncated after an apostrophe appears in the string?

Splunk App for Anomaly Detection End of Life Announcment

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions