Splunk Search

Discussions

Thread Info

How to filter the Userid to show once per minute?

In the index for siteminder called cams_prod, there are traced filed with the type smtrace. Using these trace files f...

by Explorer in

join question

here is my search - | dbquery "TQOMA" "SELECT "System", "%busy" FROM TQSTDBO.CPUVMSUM where "System" LIKE '%ntx%'" ...

by Path Finder in

I am able to extract a field using rex and sed in a search, but why is the field not extracted correctly configuring the regex in props.conf?

Hello Splunkers I am currently using the following regex+sed to make one of my extracted fields usable. Trying to...

by Path Finder in

How do I plot events returned from my search on a scatter graph over time?

Hi helpful people, I wish to plot login events on a scatter graph. I would like to show when logins have occurred ...

by Path Finder in

How to capture the click event on a Splunk map?

Using the regular map in Splunk, I'm currently showing points on the map read from a CSV file. When I click on the po...

by Communicator in

How to convert values in milliseconds to seconds and minutes?

Hi all and thanks in advance, I am trying to get statistics for a value that is given in milliseconds, so I would ...

by Path Finder in

How to compare values between two different groupings (multivalue fields) to see what percentage of values are similar?

I'm looking to compare two groups of values from a data sample like this. Group, User Group1, User1 Group1, Use...

by Path Finder in

How to edit my search to change the output of certain strings in results?

Hi Helpful People, I have a table which tells me perfectly well who is logged in to systems. My results show the w...

by Path Finder in

Why is my regex for SEDCMD in props.conf not removing repeated dashes when parsing data?

My developers are adding dashes --- in their logs all over. Sometimes 1.. sometimes 10 dashes. Makes them look really...

by Builder in

How can I write a timechart search with transaction to compare sessions over time (John the Ripper logs)?

Few days ago, a developer has added to John the Ripper the ability to timestamp every line of logs, allowing me to fe...

by Explorer in

How to show the recipient or To field from Ironport logs in a Splunk search?

I can only view the recipient or To in the email from the Event Actions --> Show Source page. I want to show it in th...

by New Member in

How to add a form for user input on a dashboard to only run panel searches for data from certain hosts?

I have a dashboard using multiple sources and I would like to replace the fixed host input ( host=prdo*) with manual ...

by Communicator in

How do I edit my real-time search to add a value to events that are missing a certain field?

Hi We have the search below which gives us the count of all our URLs in events in real-time, but we have a few ev...

by Path Finder in

How to refer to JSON array object in a Splunk search?

Hi, I have a JSON data in following format. How can I access individual element of the array? { [-] LICEN...

by New Member in

How to anonymize data using REGEX in transforms.conf for an undefined number of characters?

Hi, I would like to anonymize data (data is file system path) using REGEX. I succesfully managed to hide data like...

by Communicator in

How do I edit my search to convert a string to a numeric value to display a graph?

Hi! I'm indexing XML data containing free memory values and get a nice stats table, but not be able to show that a...

by Explorer in

How to run an app individually on individual servers on a Search Head Cluster environment?

hi We have a situation whereby we have to run an app (a script within an app) individually on each Servers of Search ...

by Super Champion in

Using restrict search terms to assign a user group access to a specific subnet of firewall traffic, why are only some field extractions working?

I have a user group that I'm trying to assign access to a specific subnet of firewall traffic. Their network traverse...

by Path Finder in

Why is eval case not working in my search?

HI All , I hope someone can help me out with a problem I currently see in a query. I have a Splunk DB Connect ...

by Path Finder in

How to place a solid border around a chart panel using XML/CSS?

I'd like to place a solid border around a chart panel in XML - I'm struggling to comprehend how this is done within X...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to filter the Userid to show once per minute?

join question

I am able to extract a field using rex and sed in a search, but why is the field not extracted correctly configuring the regex in props.conf?

How do I plot events returned from my search on a scatter graph over time?

How to capture the click event on a Splunk map?

How to convert values in milliseconds to seconds and minutes?

How to compare values between two different groupings (multivalue fields) to see what percentage of values are similar?

How to edit my search to change the output of certain strings in results?

Why is my regex for SEDCMD in props.conf not removing repeated dashes when parsing data?

How can I write a timechart search with transaction to compare sessions over time (John the Ripper logs)?

How to show the recipient or To field from Ironport logs in a Splunk search?

How to add a form for user input on a dashboard to only run panel searches for data from certain hosts?

How do I edit my real-time search to add a value to events that are missing a certain field?

How to refer to JSON array object in a Splunk search?

How to anonymize data using REGEX in transforms.conf for an undefined number of characters?

How do I edit my search to convert a string to a numeric value to display a graph?

How to run an app individually on individual servers on a Search Head Cluster environment?

Using restrict search terms to assign a user group access to a specific subnet of firewall traffic, why are only some field extractions working?

Why is eval case not working in my search?

How to place a solid border around a chart panel using XML/CSS?

Admin Your Splunk Cloud, Your Way

Cloud Platform | Discontinuing support for TLS version 1.0 and 1.1

New Customer Testimonials

Combine two searches on different sources based on...

Use the lookup table into a macro with parameters

How to configure alert when a service is in failed...

how to identify '\n' in Splunk rex

How to combine results of inputlookup and a search...