Splunk Search

Discussions

Thread Info

How to edit my search to chart counts and a calculated count, order the bars, apply better labels, and graph values over time?

I've found a way to chart event counts by eventtype, plus a calculated total of implied events. However, it's a littl...

by Engager in

Why is my timechart overlay axis (second Y axis) not accepting settings correctly?

Hi. On my timechart, I have defined an overlay in the "Chart Overlay" tab of the settings. View as Axis = On ...

by Motivator in

using UTF-8 files for CSV lookup

I need to use a .CSV file for a lookup which has accented characters in the field values If I save the file in ANS...

by Path Finder in

How do I edit my search to group FieldB values by FieldA?

My input table is like this Ticket No Tower Status 1 Backup Resolved 2 Storage WIP 3 ...

by Explorer in

Why does my timechart lose data with real-time search? (all data is present and correct on "Last x minutes/hours" type search)

Hi, I have a timechart which appends three types of data into one chart in this way: eventtype=x sourcetype=x ...

by Communicator in

I need to retrieve results for the last 30 days, but why is my search only returning results for the last 3 days?

I have this search: index=os sourcetype=ps host=rtl*pxiw01* (DataFlowEngine AND *Inbound) earliest=-30d | multikv...

by Engager in

Why am I getting error "can't find xxx.csv" using a oneshot search and lookup via Python?

Hello all, I am trying to run a oneshot search in Python that contains a lookup function of a .csv. I can run any ...

by Engager in

Splunk DB Connect with Microsoft SQL Database: Why do I keep getting error "Connection refused"?

I realize this question has already been posted, but none of the answers have helped me. I have followed this documen...

by Explorer in

How to configure props and transforms.conf to only index a few fields and ignore the other fields?

I tried all the possible things in Splunk, but couldn't index only some part of the file. For example: 2015/11/...

by Path Finder in

Using inputlookup on a CSV file in searches, why do results only get displayed in the Statistics and Visualization tabs, not the Events tab?

I have an excel file (CSV), which I add as a lookup and do searches using inputlookup. The search results only gets d...

by Explorer in

How to get a variable from first search and pass to subsearch?

There are 2 kinds of log: one is error log the other is access log. In error log, there is a field requestUrl. val...

by Explorer in

How do I list valid sids for a loadjob command programmatically/by subsearch?

| loadjob <sid> savedsearch="admin:search:test2" sids looks like the epoch time of the job start time. How do I l...

by Contributor in

How do I deal with Linux auth.log "Last Message Repeated" log lines when trying to get a count of identical events over a time period.

I'm trying to read in some logs on a Solaris system to check for users failing a login N times over Y seconds. Curren...

by Path Finder in

How to get the count of a field WITH values and the count of the same field WITHOUT values in the same search using Hunk?

I'm trying to count the number of occurrences of a field WITH values and the number of the same field WITHOUT values ...

by Explorer in

Does anyone have examples of using RegEx to convert a Syslog event to a delimited string?

I would like to convert a syslog event (no delimiters) to a delimited input at the Universal Forwarder. This would al...

by Path Finder in

Summary by domains and data size

Hello Splunkers, I have this query which looks for HTTPS connections on web proxy layer made by users when there i...

by Path Finder in

How to write a search which exclude events found in another source based on some string?

Hi, I am facing difficulties in forming one search. Details are following. Two different searches, Search1: ...

by New Member in

Create time range for each customer from adjacent time

Hi, Originally I generated a table from a Splunk query in the following form: CustomerID SeenTime 1234 8/5/2015...

by Path Finder in

How to use REX to extract the text within brackets prior to a key word?

I'd like to be able to extract the text within the brackets that is prior to the text that I'll be filtering on, [Err...

by New Member in

Divide Time Chart Results by 2

index=tibco sourcetype=troubtibco host=sc58ltibp02 OR host=sc58ltibp03 source="/tibco/prod/bw/6.2/domains/WebAPI/appn...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to edit my search to chart counts and a calculated count, order the bars, apply better labels, and graph values over time?

Why is my timechart overlay axis (second Y axis) not accepting settings correctly?

using UTF-8 files for CSV lookup

How do I edit my search to group FieldB values by FieldA?

Why does my timechart lose data with real-time search? (all data is present and correct on "Last x minutes/hours" type search)

I need to retrieve results for the last 30 days, but why is my search only returning results for the last 3 days?

Why am I getting error "can't find xxx.csv" using a oneshot search and lookup via Python?

Splunk DB Connect with Microsoft SQL Database: Why do I keep getting error "Connection refused"?

How to configure props and transforms.conf to only index a few fields and ignore the other fields?

Using inputlookup on a CSV file in searches, why do results only get displayed in the Statistics and Visualization tabs, not the Events tab?

How to get a variable from first search and pass to subsearch?

How do I list valid sids for a loadjob command programmatically/by subsearch?

How do I deal with Linux auth.log "Last Message Repeated" log lines when trying to get a count of identical events over a time period.

How to get the count of a field WITH values and the count of the same field WITHOUT values in the same search using Hunk?

Does anyone have examples of using RegEx to convert a Syslog event to a delimited string?

Summary by domains and data size

How to write a search which exclude events found in another source based on some string?

Create time range for each customer from adjacent time

How to use REX to extract the text within brackets prior to a key word?

Divide Time Chart Results by 2

Using Machine Learning for Hunting Security Threats

New Learning Videos on Topics Most Requested by You! Plus This Month’s New Splunk ...

How I Instrumented a Rust Application Without Knowing Rust

How to look for two values that occur at the same ...

How to achieve a field extraction from json events...

Alerts that go on waiting status causes next alert...

Compatible issue with the app Whois- are there any...

How to send alert via nlp and bot?