Splunk Search

Discussions

Thread Info

How to change the order the transaction command process the opened txn?

Hi everyone! I'm trying to use a transaction to group logs that match the following business-logic: all trigger...

by New Member in

I added a field to all my events so I could search for specific results, but why can't Splunk read the custom field values?

I added a field cluster to all my events, so that I can search for results in a Hadoop cluster specified. I edited in...

by Engager in

Group results by field

I am trying to group a set of results by a field. I'd like to do this using a table, but don't think its possible. Si...

by Explorer in

How would I generate a Report to Display any delta (By ID, by _time) in FIeld X greater than Y?

So a sample of the data I'm working with is as follows TImestamp | ID | Amount 2015-12-30 09:50:45 | 1 | 28668 201...

by New Member in

table order with eval

I've got a search that does a |table prior to doing an |eval for ldapfilter. The search results are displayed in a se...

by Path Finder in

How to set the Background Color of a Chart?

Hi, We want to represent two Criticality Zones for an attribute on a Chart. Based on a Critical Threshold Series ...

by Path Finder in

Limit on number of OR conditions in a search query

Hi, I would like to know if there is a limit to the number of OR conditions that we can include as part of a searc...

by Communicator in

how to remove last character of a field value from the search results

by New Member in

How do I combine two searches and only return results from Search2 that are missing from Search1?

Hello Splunkers, I am running two separate searches, both of which are running fine. The results of these two sear...

by Contributor in

How to add search peers in a search head cluster?

Is there a trick to adding search peers with a search head cluster? I have to add 20 new indexers very soon and I don...

by Builder in

How to write a search to match Event 3 with Event 1 and match Event 4 with Event 2?

Hello All, Need help in building a search. Below is my log file events format: Event 1 -- RequestType1 Event 2 ...

by Communicator in

Merge two indexes (ids with proxy) for more alert depth correlation

I have two indexes for ids (suricata) and proxy (Cisco WSA), I'd like to correlate when splunk finds an IDS alert and...

by Communicator in

How to write a search to find which user did a sudo to root for the last 2 days on Linux servers?

Would it be something like: sourcetype="/var/log/secure" eventtype="su_authentication"

by New Member in

How to count how many times a field value has changed from one to another?

Hi, In my data I have a "Status" field. The status can be in one of 3 states: Connected, Connecting, Disconnected. I ...

by Engager in

Trouble Joining Firewall and DHCP logs by IP address

Hello All, been banging the head against the desk for awhile on this one; tried join, transaction, and a few other th...

by Path Finder in

How to update a lookup periodically?

Hi All, I'm wondering what would be the best way to download the latest CSV from http://cyberthreatalliance.org/cr...

by Explorer in

How to troubleshoot why I'm missing events in my search results?

Hi, I have an issue with a search, that I also use as an alert, which is not finding current events: So...

by Communicator in

JSChart Drilldown - Show drilldown table when page loads

I would like to know if there is a way to perform and inline drilldown from a JSChart to a Table but have the table s...

by Explorer in

How to make a search run or populate a dropdown if condition is met using simple xml?

So I have a dropdown called Repository, that populates a search and another dropdown called Namespace that has set ch...

by Path Finder in

How to search the count of both fail and total numbers from a data model?

I want to get fail number and total number from one data model, but I cannot figure out how to do this. My search is ...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to change the order the transaction command process the opened txn?

I added a field to all my events so I could search for specific results, but why can't Splunk read the custom field values?

Group results by field

How would I generate a Report to Display any delta (By ID, by _time) in FIeld X greater than Y?

table order with eval

How to set the Background Color of a Chart?

Limit on number of OR conditions in a search query

how to remove last character of a field value from the search results

How do I combine two searches and only return results from Search2 that are missing from Search1?

How to add search peers in a search head cluster?

How to write a search to match Event 3 with Event 1 and match Event 4 with Event 2?

Merge two indexes (ids with proxy) for more alert depth correlation

How to write a search to find which user did a sudo to root for the last 2 days on Linux servers?

How to count how many times a field value has changed from one to another?

Trouble Joining Firewall and DHCP logs by IP address

How to update a lookup periodically?

How to troubleshoot why I'm missing events in my search results?

JSChart Drilldown - Show drilldown table when page loads

How to make a search run or populate a dropdown if condition is met using simple xml?

How to search the count of both fail and total numbers from a data model?

Splunk APM & RUM | Upcoming Planned Maintenance

Part 2: Diving Deeper With AIOps

User Groups | Upcoming Events!

What is wrong with my sub-pipeline in appendpipe?

Help with non eng word rex search?

Cannot export search results- How to fix error?

How to remove null values then add fields?

How to calculate distinct count for present values...