Splunk Search

Discussions

Thread Info

Top 10 same failed login on different computer

by Path Finder in

How to pass results of a search to a subsearch for correlation on VPN Logs (Security Use Case)?

Ive been making some headway on this query, not totally there yet however. I cant seem to get it to return the bytes ...

by Explorer in

Why is a DNS Lookup through a text input form not working?

Been trying for the past day and a half now to get this search working to no avail. This search is one of several on ...

by Contributor in

How to make Pie chart display even if the returned value is zero?

i want to display full green piechart when my total count is 0. And full yellow when my total count > 0 and <5 and F...

by Engager in

Report on splunk searches in session

I am working on an auditing report for Splunk searches. My initial goal is to see what searches a user made in a ses...

by Communicator in

How to display CPU stats by host, add all transactions from each server's logfile, and have that sum overlaying the CPU area graph?

I'm creating what at first seemed a simple search criteria, but here goes... I have multiple servers and displaying C...

by Explorer in

How to create a single scheduled search that will trigger an alert only if the current search result differs from the previous result?

Hi, I have a periodic search looking for a specific pattern in the logs and assign status to the result: ...|ev...

by Explorer in

Difference between Alert and search objects?

Hi, I'm using splunk's rest api to access Splunk objects. The goal is to disable/enable saved alerts(not all searc...

by New Member in

Why can't I get the right field extractions from a PSV file using auto header in transforms.conf?

Hi all, I have here a log file with a header and I'm using transforms.conf to extract the fields, but I'm not gett...

by Contributor in

Add SearchBar and Flashimeline using Simple XML in Splunk 6

How do I add the SearchBar and FlashTimeline into my dashboard? Given this simple XML <dashboard> <label>Dumm...

by Splunk Employee in

How to search the difference between the start and end time for each command from a script log and timechart the durations?

How do I search the difference between the start and end timestamps for each command in my script log and timechart t...

by Explorer in

Whats the best way to improve the performance of my search?

I have a report, which is based on a DataModel, and I'm interested in how best to optimize/tune it, and improve perfo...

by Explorer in

loadjob command has issues with colons in my saved search name?

I've got a saved search name with colons, like this: savedsearch_name="Mysearch: has a colon" The loadjob comma...

by Champion in

How to find the sum of several transactions, including a zero result?

Now, what troubles most is how to find the sum of several transactions, including a zero result. I want to run the...

by Path Finder in

How to create a data summary panel containing the host and the date of its last update?

I want to make a panel that contains the host and the date of the last update, such as shown in the link. I used this...

by Explorer in

Extracting fields from Microsoft Internet Authentication Service (IAS) logs?

I'm trying to figure out a strategy to perform field extractions from Microsoft Internet Authentication Service (IAS)...

by Builder in

How to write the regex in transforms.conf to filter and only index logs with "login time"?

Hello, i need to implement a regex to filter contents of logs of vmware infrastructure. The only logs I want to re...

by New Member in

How to use eval on JSON data

I'm going to suggest this is a bug, and I believe I've a workaround. I wonder if I've missed something. My JSON i...

by Explorer in

How to split a field value and create multiple new fields at search-time?

I have a search which returns drive usage of Windows servers. The information comes up like below in the field: C:...

by Communicator in

How to remove a blank visualization table from my report and only keep the statistics table?

I have this following search which gives me data, but i get a visualization table which is blank. I do not want this ...

by Explorer in

How to fix metadata error "5000000 entries have been received...and this search will not return metadata information for anymore entries."?

Hi, I have increased the maxcount value to 5000000, but still I am getting the error: "Metadata results may be...

by Path Finder in

When running a search like "blablabla | table *", is there a way to determine empty fields and only table fields with values?

When using a search like this: blablabla | table * is there a way to determine empty fields and remove them so that t...

by Builder in

Why can't I find savedsearches over REST with permissions set to "App" ?

We want to run a couple analyses over all our savedsearches in a particular app. The permissions of these savedsearch...

by Explorer in

How to create a dashboard that runs searches against a CSV of devices in our subnet to display new/unauthorized devices?

Hi, Sorry I am sure this is a noob question, but I am struggling after searching to find the best way to obtain th...

by Path Finder in

How to extract multiple values in a single event into one multivalue field?

This is something that I feel should be relatively simple, but no matter what I try I can't get the results I want. B...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Top 10 same failed login on different computer

How to pass results of a search to a subsearch for correlation on VPN Logs (Security Use Case)?

Why is a DNS Lookup through a text input form not working?

How to make Pie chart display even if the returned value is zero?

Report on splunk searches in session

How to display CPU stats by host, add all transactions from each server's logfile, and have that sum overlaying the CPU area graph?

How to create a single scheduled search that will trigger an alert only if the current search result differs from the previous result?

Difference between Alert and search objects?

Why can't I get the right field extractions from a PSV file using auto header in transforms.conf?

Add SearchBar and Flashimeline using Simple XML in Splunk 6

How to search the difference between the start and end time for each command from a script log and timechart the durations?

Whats the best way to improve the performance of my search?

loadjob command has issues with colons in my saved search name?

How to find the sum of several transactions, including a zero result?

How to create a data summary panel containing the host and the date of its last update?

Extracting fields from Microsoft Internet Authentication Service (IAS) logs?

How to write the regex in transforms.conf to filter and only index logs with "login time"?

How to use eval on JSON data

How to split a field value and create multiple new fields at search-time?

How to remove a blank visualization table from my report and only keep the statistics table?

How to fix metadata error "5000000 entries have been received...and this search will not return metadata information for anymore entries."?

When running a search like "blablabla | table *", is there a way to determine empty fields and only table fields with values?

Why can't I find savedsearches over REST with permissions set to "App" ?

How to create a dashboard that runs searches against a CSV of devices in our subnet to display new/unauthorized devices?

How to extract multiple values in a single event into one multivalue field?

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions