Splunk Search

Discussions

Thread Info

How can I create a table showing successful logins on a server?

How do I create a table that lists which user logged in to the windows server and the time that they successfully log...

by Explorer in

If/Then To different Eval Statements

I'm trying to have a Splunk Alert kick off an email (to an email script) and depending on the search query it should ...

by Communicator in

Append search issue

I am trying to find out details of a remote session. Although the events are the same, they are separate by action (a...

by Path Finder in

Improve search reducing appendcols

Hello, is there any way to improve this search by reducing appendcols number ? Source is the same, only download_...

by Explorer in

map command not working whn used in advanced xml

Hi PFB the snippet in my dashboard: <module name="Search" layoutPanel="panel_row2_col1" autoRun="True"> <param...

by Contributor in

adding commas to numbers, chart+by breaks it.

Howdy all, I'm using the following search index="summary_collaboration" source="Inbound Messages Accepted & D...

by Path Finder in

Manipulating a Table

Hi All, I have a following table. Total is the sum of the cost of items by country using eventstats. Countr...

by Contributor in

How to extract fields at search-time and display values in one row without modifying props.conf?

As this sourcetype is used for other searches, the props.conf cannot be modified for adding the line merger, how to I...

by Path Finder in

Adding documentation to events

I have been thinking about about having documentation "attached" to events. For example a short explanation of a func...

by Engager in

長いサーチの実行でunknown sidエラーが表示される

UI から、完了するまでに時間がかかる（３時間ほど）サーチを実行したところ、サーチ自体は完了せずに Unknown sid エラーが表示されました。また、この状態で Job Inspector の画面を表示しますと 500 Inter...

by Contributor in

Table of count of specific user action by unique user

I would like to create a table similar to the following: Of Reports Created Users % >10 ...

by Contributor in

using a variable with eval

Yet another Newbie question, I have the following search string that's working fine: | eval DOCSIS_TxPWR_Rdy=case(...

by Path Finder in

Digital Intelligence questions

Hi, guys I dive in Web Analytics and figure out some questions. Please, help me to find answers. All my questions ...

by Path Finder in

Rex not working for special characters

Hi Folks, I've worked out a regex to pull out group names from audit logs. It works for one field with no special ...

by Communicator in

Why is there no Raw Events export option when I have a search with stats command or returns a table?

From the GUI, you should also see a "Raw Events" as an export option along with json, xml, and csv however I do not s...

by Communicator in

DB Connect: I don't see any data after adding my database input

I have defined a database input (dump type) with a simple SQL query and a key-value output format. \ The "dbx.log"...

by Explorer in

search query not filtered by tag command

I have created a field using the rex command. I have partioned the field into two parts: admin and spss_user. However...

by Communicator in

Regex fails as when defined as field extraction, but works with rex command. "Regex: missing terminating ] for character class"

This works in my search: rex field=source "\w:\\\[\w]*\\\(?<app_path>[^\\\]*)" But when I try to define it as ...

by Communicator in

How to get 7 day timechart of percentage of missing Session_ID's by SITE_ID compared to Total number of entries per SITE_ID?

Been wrapped around this a few days now without luck. Starting Query: Tells me how many Session_ID's were not incl...

by Explorer in

How to sum the values in a field over a specific time span?

New to splunk! I'm currently having trouble trying to sum values in a field over a specific time span... My sea...

by Engager in

Compare identical fields from 2 searches

I have 2 searches which I appended and I am trying to search based on a matching session ID (to find details of a rem...

by Path Finder in

Regex : how to combine lookahead for following purpose?

I am trying to clean log files to categorize them in Splunk, so my question is: (?i)^(?:[^ ]* ){8} ((?P ...

by Communicator in

Read Table

Hi, I'm trying to get the data from below image into a usable format, I would like to end up with key-value pairs lik...

by Path Finder in

Can't get Trendline working - values always blank

I'm trying to overlay a trendline over an area graph showing count of records by month. I have a simple search ind...

by Explorer in

How to hide a chart in Splunk without using Sideview Utils?

Without using Sideview Utils how to hide a chart in splunk.Can we achieve this using simple or advance xml?

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How can I create a table showing successful logins on a server?

If/Then To different Eval Statements

Append search issue

Improve search reducing appendcols

map command not working whn used in advanced xml

adding commas to numbers, chart+by breaks it.

Manipulating a Table

How to extract fields at search-time and display values in one row without modifying props.conf?

Adding documentation to events

長いサーチの実行でunknown sidエラーが表示される

Table of count of specific user action by unique user

using a variable with eval

Digital Intelligence questions

Rex not working for special characters

Why is there no Raw Events export option when I have a search with stats command or returns a table?

DB Connect: I don't see any data after adding my database input

search query not filtered by tag command

Regex fails as when defined as field extraction, but works with rex command. "Regex: missing terminating ] for character class"

How to get 7 day timechart of percentage of missing Session_ID's by SITE_ID compared to Total number of entries per SITE_ID?

How to sum the values in a field over a specific time span?

Compare identical fields from 2 searches

Regex : how to combine lookahead for following purpose?

Read Table

Can't get Trendline working - values always blank

How to hide a chart in Splunk without using Sideview Utils?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!