Splunk Search

Discussions

Thread Info

Finding paired events that are out of sequence (missequenced) or missing partner events

We have a system that generates user-level start and stop event logs. Assume all events have a userID and sessionID a...

by Esteemed Legend in

set y axis limit on bar chart

I would like the max number of my Y axis to be 60. I so have some numbers that are higher than 60 in my data, but I d...

by Path Finder in

Host Extraction REGEX in Transforms failing for lengthy events.

After realizing the hostname of a Blue Coat appliance was at the end of the incoming events, we created a host name e...

by Splunk Employee in

How to extract multivalue fields from XML data at search-time?

Hi all, I indexed a XML file and I am trying to extract some fields at search-time. What I'm trying to do is e...

by Path Finder in

Why stdev returns zero

Hi there, I'm working on this query: index=checkin host="prod" earliest=-0d@d latest=now (description="Intento de ...

by Engager in

How to compare number of events during two specific time periods and display status according to result ?

I’d like to compare 1) the number of events received in the last 30 minutes with 2) the average number of events rece...

by New Member in

Can Tree Map possible using Splunk Enterprise ?

Hi Splunkers, Can it be possible to create a Tree Map using Splunk. If yes, Can any one please guide me in doing t...

by Contributor in

Extract only global IP with rex

Hi there, I want to extract only global IP addresses of destination from the internet access logs. Our server segment...

by New Member in

How to search the count of successful and failed logins, the ratio by IP, and the usernames successfully logged in from those IP addresses?

Hi all, 'fraid I'm still a newbie, so I am probably trying to do too much or the impossible but I'll try and expla...

by Path Finder in

How to edit my search to find the name of each server that has not reported in the last 4 hours?

Hi all, I am a new one to splunk. Now i am facing some problem to get the data as I want. I have more than 250 se...

by New Member in

How to get max hits for a field ?

So, I have a search with a regex that has pulled 2 different fields- lets say user and client. the url is somethin...

by Path Finder in

how to mask data in data model?

Sample: 1234/rani/abc1234/dfh Need to get output as */rani/*/dfh

by Path Finder in

How to include "Other" in pie chart.

I have total 100 host data. But i am displaying 20 hosts in my pie chart with sort 20 command. I want other option to...

by Path Finder in

Multiple Stats Amounts using a Lookup Table

HI, Can't seem to get this working. This is what I want, so I can do a multi stacked bar chart. Columns: Place, S...

by Contributor in

combine 2 searches

I have a search that finds computers that have not checked in for the last couple min. It seems to give the results I...

by Path Finder in

Eval On Field With Multiple Values

I'm trying to get the time difference of two dates on a table but when my user has multiple values for the end_date a...

by Explorer in

How to edit my props.conf and transforms.conf to set the Host value to a portion of each event?

I'm trying to set my "host" field to a portion of each event (it's traffic logs aggregated from a number of places) a...

by New Member in

Why is my stats list() search not matching values correctly in the resulting table?

I have a web service called CreateOrder.. This has a request and response which has a unique identifier called a GUID...

by SplunkTrust in

Using eval to create custom CSV file names and then use that field in lookup as CSV file name

Hello, Is it possible to create custom lookup files names and then use them in lookup command in a query? My event...

by Path Finder in

Alt-Click not working selected fields

When I have an event where there is selected fields that I want to eliminate, if I ALT-click on the value in the sele...

by Communicator in

How to edit my search to show stats by host?

Hello, In the below given search, I want to show data by "host", so please could anybody suggest me how to do this...

by Communicator in

get a count of 2 items and make it in a pie chart

I have a search that looks like: sourcetype="_sort" earliest=-30d | dedup host | where encrypt_c =2 | eval encr...

by Path Finder in

.CSV file and lookup field

Do I need to create a .csv file for the lookup field section of a saved search for CPU,memory by myself or I just nee...

by Explorer in

Table with Sparklines for multiple key/value pairs

Hi All Logged events look something like this: 10:00 ComponentA: 3 ComponentB: 5 ComponentC: 8 10:01 ComponentA...

by Path Finder in

Developing a CIM compliant add-on, is it mandatory to map ALL my data fields to those of the data model's?

When developing CIM compliant add-on, is it mandatory to map ALL of my data fields to the data model's fields? Doe...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Finding paired events that are out of sequence (missequenced) or missing partner events

set y axis limit on bar chart

Host Extraction REGEX in Transforms failing for lengthy events.

How to extract multivalue fields from XML data at search-time?

Why stdev returns zero

How to compare number of events during two specific time periods and display status according to result ?

Can Tree Map possible using Splunk Enterprise ?

Extract only global IP with rex

How to search the count of successful and failed logins, the ratio by IP, and the usernames successfully logged in from those IP addresses?

How to edit my search to find the name of each server that has not reported in the last 4 hours?

How to get max hits for a field ?

how to mask data in data model?

How to include "Other" in pie chart.

Multiple Stats Amounts using a Lookup Table

combine 2 searches

Eval On Field With Multiple Values

How to edit my props.conf and transforms.conf to set the Host value to a portion of each event?

Why is my stats list() search not matching values correctly in the resulting table?

Using eval to create custom CSV file names and then use that field in lookup as CSV file name

Alt-Click not working selected fields

How to edit my search to show stats by host?

get a count of 2 items and make it in a pie chart

.CSV file and lookup field

Table with Sparklines for multiple key/value pairs

Developing a CIM compliant add-on, is it mandatory to map ALL my data fields to those of the data model's?

Can’t make it to .conf25? Join us online!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!