Splunk Search

Discussions

Thread Info

How to display a table icon for a certain process status?

Hi I would like to show a list of processes and use the table icon set to show the status of the process, either e...

by Contributor in

strptime to get %Y-%m-%d

I run a command as below try to get all the locked out accounts, and get the date like %Y-%m-%d as well. But seems al...

by New Member in

How to filter xyseries table results to only show rows where there is a value of 0 in any column?

I am generating an XYseries resulting in a list of items vertically and a column for every day of the month. Examp...

by New Member in

Why am I getting different results for a search when run on its own versus as a subsearch for a join?

I'm writing a search to see abnormally high or low levels of traffic from forwarders on a day-to-day basis: getting t...

by Contributor in

Why is my inputlookup search not pulling a field from a CSV file needed to populate a timechart?

Requirement was to delete the contents of the index as soon as a new .csv file arrives and index the contents of the ...

by Communicator in

count between events

I would like to count values between an event and i'm not getting an entry point for this at all. Assume i get an ...

by Explorer in

stats return multiple columns where only one occurance exists

Hello, I'm not really sure how to appropriately describe my query need, which is why I think I can't find what I'...

by Path Finder in

timechart with math function

i am using timechart like this search | timechart span=10m avg(diff) but the diff number is in seconds I would ...

by Motivator in

How would I Split Transaction by Step by Host?

First the business case: We want a dashboard with a bar graph that shows the time a transaction spends at each step i...

by Explorer in

How can I perform a join with a separate query?

I need to create a query which returns a list of unique hosts (shost), the most recent 'status' column matching that ...

by Explorer in

where in subsearch

sourcetype="log4j" source="*server*" | rex field=_raw "nonce created : (?<nonce>[0-9a-z-]*)" | transaction thread sta...

by Path Finder in

Pulling data from a lookup file, what parameters need to be included and how do I format the data for a map visualization?

Some sample data for creating a maps visualisation in splunk countries_lat_long_int_code.csv code,name,country,...

by Motivator in

Why are multiple of the same events and values from a single source file being indexed in Splunk?

Hi team, I have a source file like this: {"ts":"08 26 2015 13:05:41.374","th":"http-bio-8080-exec-1", "level":"...

by New Member in

Why am I getting error "Search not executed: The minimum free disk space (1000MB) reached for /opt/splunk/var/run/splunk/dispatch."?

Hi I am getting this error on search Search not executed: The minimum free disk space (1000MB) reached for /o...

by Engager in

How do I search a list of locked out IP addresses that are trying to access Active Directory?

Hello The issue is that the search that I am using will not pull the IP address and list of IP addresses that are...

by New Member in

How do I join these two searches?

Hi, I wonder whether someone may be able to help me please. I'm using the following searches: Search 1 - "EI Au...

by Motivator in

How to configure Splunk to extract XML fields from Windows security event 4698?

We are currently forwarding Windows security event 4698 to Splunk, and would like to be able to parse/extract a numbe...

by Path Finder in

How to join three searches

Hi, I have three different indexes with a common field. I know how to use of the join command with two indexes wit...

by Path Finder in

How do I make a line graph with my timechart search?

This is a table I created using the timechart command. Now, I am trying to make a line graph with this information wi...

by Communicator in

Is there a performance advantage of using rex in a search versus saving it as an extracted field?

What is the advantage of using rex in a search V saving it as an extracted field? Example of using rex in a search...

by Motivator in

How to extract XML data from mixed content into one field for later use with spath?

I have a mixed output log that contains XML and non-XML data. I am looking to extract the XML data into a field that ...

by New Member in

Is there a way to disable the use of the splunk clean command?

We would like to have the splunk clean command unavailable to our Splunk administrators. The other idea would be to t...

by New Member in

How to create a table and align rows for related fields using stats?

Sorry for the lengthy question...... Here is what I am trying to achieve: For a event, containing the following da...

by Engager in

How do I edit my chart count search returning HTTP codes to filter out codes 200 and 301 from the list of results?

Hi All, source="/export/home/logs/access_log" | rex ".*?HTTP\/\d+\.\d+\" (?<status_code>\d+)"|chart count by statu...

by New Member in

How to pass Time span in Drill Down Graph

I have a parent graph showing maximum swap memory for all hosts. I have a drill down graph showing maximum swap me...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to display a table icon for a certain process status?

strptime to get %Y-%m-%d

How to filter xyseries table results to only show rows where there is a value of 0 in any column?

Why am I getting different results for a search when run on its own versus as a subsearch for a join?

Why is my inputlookup search not pulling a field from a CSV file needed to populate a timechart?

count between events

stats return multiple columns where only one occurance exists

timechart with math function

How would I Split Transaction by Step by Host?

How can I perform a join with a separate query?

where in subsearch

Pulling data from a lookup file, what parameters need to be included and how do I format the data for a map visualization?

Why are multiple of the same events and values from a single source file being indexed in Splunk?

Why am I getting error "Search not executed: The minimum free disk space (1000MB) reached for /opt/splunk/var/run/splunk/dispatch."?

How do I search a list of locked out IP addresses that are trying to access Active Directory?

How do I join these two searches?

How to configure Splunk to extract XML fields from Windows security event 4698?

How to join three searches

How do I make a line graph with my timechart search?

Is there a performance advantage of using rex in a search versus saving it as an extracted field?

How to extract XML data from mixed content into one field for later use with spath?

Is there a way to disable the use of the splunk clean command?

How to create a table and align rows for related fields using stats?

How do I edit my chart count search returning HTTP codes to filter out codes 200 and 301 from the list of results?

How to pass Time span in Drill Down Graph

Fall Into Learning with New Splunk Education Courses

Super Optimize your Splunk Stats Searches: Unlocking the Power of tstats, TERM, and ...

How Splunk Observability Cloud Prevented a Major Payment Crisis in Minutes

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions