Splunk Search

Discussions

Thread Info

How to edit my regex to remove all text before an optional character?

I'm attempting to us rex or a similar function that will be able to help me remove the domain identifier from a usern...

by Contributor in

How do you divide a count of events in timechart?

We would like to count the number of error events in 15 minute intervals and show that number as the number of errors...

by Explorer in

How do I add a field to my chart?

I am working on a graph in order to identify the most pinging customer accounts (traffic optimization, security). I w...

by Explorer in

How to convert this string to a date?

I'm trying to convert a string to a date. The string looks like 2016-05-20T05:16:02.007+02:00

by Path Finder in

How can I compare two multivalue fields from two different sets of events?

I have events (call them "approvedset" events) generated on a regular interval which each containing a field called l...

by New Member in

How to create a timechart on a dashboard to visualize events using two fields from my data?

Hi I need help in creating a timechart for visualization of events with multiple fields of interest in a dashboar...

by Explorer in

Besides a series of regex's, is there an automated way to change duration format into plain english?

To make a "plain english" dashboard panel, I currently use the following search to change a duration value (SecondsSi...

by Path Finder in

How to edit my search to calculate percentage of a multivalued field for total by Country?

I'm trying to craft a search that will show the percentage of quarantined messages by country, but I'm struggling a l...

by Influencer in

windows app task category incorrect

Hello, We have the Splunk windows app setup to monitor the system eventlogs on our citrix server and it appears to...

by Splunk Employee in

How to make a search case-sensitive?

How can I make a search case-sensitive? That is to say, I search for the general term "FOO" and want to only match "F...

by SplunkTrust in

How can I edit my search to chart relationships between values for a certain field in my data?

I have a simple search parsing project activity logs to pull a list of projects and people working on those projects:...

by Path Finder in

How to extract a numeric value from my field and create an average?

I have created a field extraction for the data I am looking for. The field looks as follows: messages_read total/i...

by New Member in

How to trigger an alert if there is no event2 within 30 minutes of event1?

Hi all, I have to trigger an alert for event=1, if there is no event=2 within 30min of event=1. Search I'm using: ...

by Builder in

My search works when I run it manually, but why does it not produce results when I use it to populate a table?

index=main source=locations sourcetype=location_information | search * AND address=$token1$ OR...

by Communicator in

How to edit my search to alert when a certain field value occurs more than 10 times in an hour and display results in a table?

Hi all, I'm trying to trigger an alert when an ID occurs more than 10 times in an hour and alert should be in a t...

by Builder in

How to create a time chart that is not based on numerical values?

I am trying to create a graph for status history of some machine. Values I have are the name of machine & its server ...

by Communicator in

How to display a value of zero in a chart for negative values returned in a search?

Hi Everyone, Need some help on how to display the output value as zero in a chart when a negative result is return...

by New Member in

What are the use cases where lookups are needed on the indexers/search-peers?

I want to blacklist all the lookups from the replication bundle and would like to understand what are some valid use ...

by Influencer in

Max data points that charts can handle?

Hi, I am looking for the chart property to control the max number of data points that a chart can handle. There ar...

by Motivator in

How do I find the time difference between these events?

We have the events like below (fields like flowId, action..etc) and need a final output between the events (action = ...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to edit my regex to remove all text before an optional character?

How do you divide a count of events in timechart?

How do I add a field to my chart?

How to convert this string to a date?

How can I compare two multivalue fields from two different sets of events?

How to create a timechart on a dashboard to visualize events using two fields from my data?

Besides a series of regex's, is there an automated way to change duration format into plain english?

How to edit my search to calculate percentage of a multivalued field for total by Country?

windows app task category incorrect

How to make a search case-sensitive?

How can I edit my search to chart relationships between values for a certain field in my data?

How to extract a numeric value from my field and create an average?

How to trigger an alert if there is no event2 within 30 minutes of event1?

My search works when I run it manually, but why does it not produce results when I use it to populate a table?

How to edit my search to alert when a certain field value occurs more than 10 times in an hour and display results in a table?

How to create a time chart that is not based on numerical values?

How to display a value of zero in a chart for negative values returned in a search?

What are the use cases where lookups are needed on the indexers/search-peers?

Max data points that charts can handle?

How do I find the time difference between these events?

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Introducing Edge Processor: Next Gen Data Transformation

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Will Splunk searches using lookup get affected if ...

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...