Splunk Search

Discussions

Thread Info

Pie chart max value

Hello Splunkers, I'm working on a pie chart where I am trying to show the total number of assets and then show that s...

by Contributor in

What is the most efficient way to filter search results by list?

Hello, I am looking to filter my search results by the 'UniqueID' field so that I only get results from the device...

by Communicator in

Timechart with Time (X-) Axis delineated in "T-minutes before now"?

I have a timechart that shows latency in minutes for the last 24 hours snapped to the hour. What I would like to see ...

by Esteemed Legend in

REGEX pattern to extract the hostname in transforms.conf

Please provide the REGEX pattern to extract from host and assign the value to index name, In the below example, we ne...

by Builder in

Transforms.conf - Hide values or make them anonymous

I have a log that look like this: <ReceivedPermissions>EMULATION = [ EMULATEANOTHERUSER = Deny ], APPLICATION = [ ...

by Path Finder in

Automatic lookup field not displayed

I created the below automatic lookup through Splunk 6 web. app_info host AS host gate AS gate OUTPUTNEW app AS ap...

by Builder in

Field extraction regex conditional if-then-else

Here are 2 events from an apache log. I have a field extraction regex which works unless the content-type contains a ...

by Contributor in

How to add column of last login date/time for Target users?

How can I add a column for my below search that displays a result for the Target_Account_Name's last login date/ time...

by New Member in

Compare IP list from the same search between different weeks

I'm newbie with Splunk and I would like to compare IP list that I get with below search: index=com-mng-puppet host="p...

by Engager in

How to only find matches where two tables have the same value?

I have one table called CurrentValue and another called NextValue, I want to be able to only find results where Curre...

by New Member in

Can you refresh or reload index-time sourcetype properties without restarting Splunk?

When you make changes to search-time extractions and other props.conf/transforms.conf settings, they can take effect ...

by Splunk Employee in

Pickup the latest row of records.

acct_nbr event_stamp membership_fee Zip_Code 12345 2014-07-08-10.27.13.000000 0.00 222 12345 2014-07-07-12.03.03.0000...

by Path Finder in

how to parse and format single digit month in splunk

All, how can i parse a single digit month like(7/20/2014) date format and convert it into (07/20/2014). Is it a li...

by Path Finder in

How to compare most recent results with previous search results?

Open ports are check every 5 minutes. index=os sourcetype=openPorts host=myhost earliest = -5m@m udp 123 ud...

by Path Finder in

Set implied transaction start and end time if start or end events are missing

Hi There, We have some user activity logs with LOG_ON and LOG_OFF events in Splunk similar to following: 2014/0...

by Explorer in

How to get top 2 MB users per website?

Hi! That maybe someone has been through this. I have the following table as a result of search: **website** *...

by Contributor in

Pivot and Stats and disappearing make my data disappear

Hi All, I'm playing around with data models at the moment and I came across this strange issue. This is similar to...

by Path Finder in

Sort record based on the time field within the record (not the system time)

Hello, I have my data in the below format : 314 888 abcd 98 2013-07-09-08.01.41.00 514 888 abcd 98 2013-07-07-08.01.4...

by Path Finder in

How to predict all fields in a table without specifying all of them one by one?

if i have a table like the one in the link below, how do i predict all fields in that table without specifying all of...

by Explorer in

How to change current regex for field extraction of whole Set-Cookie from Squid events?

Hi I am trying to extract multiple Set-Cookie from Squid Events. props.conf REPORT-set_cookie = extract-set_coo...

by Explorer in

How to group transactions and multiple timeout logs by deviceId and deviceType?

Hello, I am monitoring several different devices simultaneously and have several log files in a row that say "acti...

by Communicator in

Stats search for users on domain that have used over X amount of megabytes?

Stats help please I have CDR records that contain the fields --- User | Megabytes Used | Date | Domain I want to sear...

by New Member in

How to get percentage from stats count on http statuses?

Hi, I would like to get stats by http status and also i would like to add percentage column. when i use top it giv...

by Contributor in

How to extract text from regular expression "StatusCode_10.178.28.50_1406758126523_19607_10507178"

Hi All, How to extract 10507178 from below string.here all are not constant.but format is same StatusCode_10.17...

by Path Finder in

top N results of values(X)

Hello, I have a column list received from "values(mymail)" abra@sth.com cada@sth.com bra@sth.com this@sth.com is@s...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Pie chart max value

What is the most efficient way to filter search results by list?

Timechart with Time (X-) Axis delineated in "T-minutes before now"?

REGEX pattern to extract the hostname in transforms.conf

Transforms.conf - Hide values or make them anonymous

Automatic lookup field not displayed

Field extraction regex conditional if-then-else

How to add column of last login date/time for Target users?

Compare IP list from the same search between different weeks

How to only find matches where two tables have the same value?

Can you refresh or reload index-time sourcetype properties without restarting Splunk?

Pickup the latest row of records.

how to parse and format single digit month in splunk

How to compare most recent results with previous search results?

Set implied transaction start and end time if start or end events are missing

How to get top 2 MB users per website?

Pivot and Stats and disappearing make my data disappear

Sort record based on the time field within the record (not the system time)

How to predict all fields in a table without specifying all of them one by one?

How to change current regex for field extraction of whole Set-Cookie from Squid events?

How to group transactions and multiple timeout logs by deviceId and deviceType?

Stats search for users on domain that have used over X amount of megabytes?

How to get percentage from stats count on http statuses?

How to extract text from regular expression "StatusCode_10.178.28.50_1406758126523_19607_10507178"

top N results of values(X)

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...