Splunk Search

Discussions

Thread Info

Pass starttime/endtime results to another search

I'm trying to do something similar to what I have below, where I gather the latest transaction for when splunk was sh...

by Builder in

How to dynamically create fields from unique values in a search?

I have a table with users and various fields relating to each event. Here is an example: user | City | State user1 | ...

by Engager in

How to display the total count as a label on top of each bar in a bar chart?

Need your help, We have the search below to display a bar chart and it shows the total numbers, but how do we disp...

by Builder in

Is there a way to search for all Splunk error messages? I'm looking for a solution to "Error in 'rex' command: Invalid argument: '(' The search job has failed due to an error."

Question 1: Is there a centralized place to search for all Splunk error messages? Searching answers.splunk.com I've n...

by Explorer in

R Project: Is there an output file size limitation, and if yes, is there a way to change it?

Hi Everyone, We recently installed the R app in order to do some analysis with R expressions. We ran into an issue...

by Explorer in

Putting two search queries within and

Out of concern for performance, I need to put more than one search queries within same <query> and </query> block. On...

by New Member in

Splunk Google map like kaspersky map

Hi, I project to realize a map of all attack on fortinet firewall like kaspersky cyber attack map. I receive lo...

by Explorer in

How do I count the number of sourcetypes being collected for specific indexes and hosts?

Hi, I need to run a report for specific indexes and hosts that show the number of sourcetypes being collected for ...

by Champion in

How to pass a field as a parameter to the rex command?

Hi, I would like to how we can pass a field as a parameter to the rex expression in Splunk. I am using the below w...

by Communicator in

How to write a search to find how much data was indexed for a particular Eventcode?

Hello All, I want to have one report/search string which states how much data was indexed for particular eventcode...

by Communicator in

How to trigger an alert if 3 consecutive search results reach a certain threshold?

Hello All, I have one requirement where an alert needs to be triggered after three continuous search results reach...

by Communicator in

How to show only top 10 records while using inputlookup csv file

index="logmon_logs" |top useother=f limit=10 CHKOUTErrorMSG by _time|timechart count by CHKOUTErrorMSG |inputlookup a...

by New Member in

How to list all events from two separate searches if the second search depends on the values from the main search?

Main search lists all events from sourcetype=A, there is a field CID. The second search list all events from sourcety...

by New Member in

Best way to combine these searches

The following query... index=os host=* (source=cpu NOT cpu="all") OR source=vmstat OR source=df | stats max(cpu) a...

by Communicator in

How to edit the syntax for my rex search to extract the folder name from a source path?

Hi everyone, I'm struggling with this rex expression: query | rex field=source "/var/syslog*(?<remote_source...

by Communicator in

Why am I getting an incorrect stats count from my transaction search?

Hi, Stats count does not count all instances of variables when I use it with transactions. Search string: i...

by New Member in

How to put _time to x axis in line chart on per hour basis?

Here is my search manager: var search1 = new SearchManager({ id: "rtCPUDaySearch", earlies...

by Explorer in

How to calculate a duration percentage in a transaction search for non-existent events?

I have this specific issue where I'm trying to calculate percentage of online time for a set of devices. I create...

by New Member in

Pass a value to a map subsearch and assign it to another field

How can I take a value from the base search an pass it to a map search like so: <base search> | map "search index=...

by Path Finder in

How can I diff the results of two most recent sources?

I'm currently trying to generate a report describing "what's changed" since the last report. Currently, my idea is to...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Pass starttime/endtime results to another search

How to dynamically create fields from unique values in a search?

How to display the total count as a label on top of each bar in a bar chart?

Is there a way to search for all Splunk error messages? I'm looking for a solution to "Error in 'rex' command: Invalid argument: '(' The search job has failed due to an error."

R Project: Is there an output file size limitation, and if yes, is there a way to change it?

Putting two search queries within and

Splunk Google map like kaspersky map

How do I count the number of sourcetypes being collected for specific indexes and hosts?

How to pass a field as a parameter to the rex command?

How to write a search to find how much data was indexed for a particular Eventcode?

How to trigger an alert if 3 consecutive search results reach a certain threshold?

How to show only top 10 records while using inputlookup csv file

How to list all events from two separate searches if the second search depends on the values from the main search?

Best way to combine these searches

How to edit the syntax for my rex search to extract the folder name from a source path?

Why am I getting an incorrect stats count from my transaction search?

How to put _time to x axis in line chart on per hour basis?

How to calculate a duration percentage in a transaction search for non-existent events?

Pass a value to a map subsearch and assign it to another field

How can I diff the results of two most recent sources?

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Splunk searches using lookup might get affected if...

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...