Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to give threshold values dynamically in the search query

Hi Team, I have got different sites seperated according to the tiers having different threshold values Ex Mumbai-T...

by Path Finder in

Grouping and counting by two different fields

Hi everyone, I'm not sure if I have chosen the title correctly, but I have tried to make it as generic as possible...

by Explorer in

How to represent data in piechart/Linechart which I received by using REST API

My data after search has following columns along with the other columns as below MLS_Number Count 1129078 1 124895...

by Path Finder in

How to display a table icon for a certain process status?

Hi I would like to show a list of processes and use the table icon set to show the status of the process, either e...

by Contributor in

strptime to get %Y-%m-%d

I run a command as below try to get all the locked out accounts, and get the date like %Y-%m-%d as well. But seems al...

by New Member in

How to filter xyseries table results to only show rows where there is a value of 0 in any column?

I am generating an XYseries resulting in a list of items vertically and a column for every day of the month. Examp...

by New Member in

Why am I getting different results for a search when run on its own versus as a subsearch for a join?

I'm writing a search to see abnormally high or low levels of traffic from forwarders on a day-to-day basis: getting t...

by Contributor in

Why is my inputlookup search not pulling a field from a CSV file needed to populate a timechart?

Requirement was to delete the contents of the index as soon as a new .csv file arrives and index the contents of the ...

by Communicator in

count between events

I would like to count values between an event and i'm not getting an entry point for this at all. Assume i get an ...

by Explorer in

stats return multiple columns where only one occurance exists

Hello, I'm not really sure how to appropriately describe my query need, which is why I think I can't find what I'...

by Path Finder in

timechart with math function

i am using timechart like this search | timechart span=10m avg(diff) but the diff number is in seconds I would ...

by Motivator in

How would I Split Transaction by Step by Host?

First the business case: We want a dashboard with a bar graph that shows the time a transaction spends at each step i...

by Explorer in

How can I perform a join with a separate query?

I need to create a query which returns a list of unique hosts (shost), the most recent 'status' column matching that ...

by Explorer in

where in subsearch

sourcetype="log4j" source="*server*" | rex field=_raw "nonce created : (?<nonce>[0-9a-z-]*)" | transaction thread sta...

by Path Finder in

Pulling data from a lookup file, what parameters need to be included and how do I format the data for a map visualization?

Some sample data for creating a maps visualisation in splunk countries_lat_long_int_code.csv code,name,country,...

by Motivator in

Why are multiple of the same events and values from a single source file being indexed in Splunk?

Hi team, I have a source file like this: {"ts":"08 26 2015 13:05:41.374","th":"http-bio-8080-exec-1", "level":"...

by New Member in

Why am I getting error "Search not executed: The minimum free disk space (1000MB) reached for /opt/splunk/var/run/splunk/dispatch."?

Hi I am getting this error on search Search not executed: The minimum free disk space (1000MB) reached for /o...

by Engager in

How do I search a list of locked out IP addresses that are trying to access Active Directory?

Hello The issue is that the search that I am using will not pull the IP address and list of IP addresses that are...

by New Member in

How do I join these two searches?

Hi, I wonder whether someone may be able to help me please. I'm using the following searches: Search 1 - "EI Au...

by Motivator in

How to configure Splunk to extract XML fields from Windows security event 4698?

We are currently forwarding Windows security event 4698 to Splunk, and would like to be able to parse/extract a numbe...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to give threshold values dynamically in the search query

Grouping and counting by two different fields

How to represent data in piechart/Linechart which I received by using REST API

How to display a table icon for a certain process status?

strptime to get %Y-%m-%d

How to filter xyseries table results to only show rows where there is a value of 0 in any column?

Why am I getting different results for a search when run on its own versus as a subsearch for a join?

Why is my inputlookup search not pulling a field from a CSV file needed to populate a timechart?

count between events

stats return multiple columns where only one occurance exists

timechart with math function

How would I Split Transaction by Step by Host?

How can I perform a join with a separate query?

where in subsearch

Pulling data from a lookup file, what parameters need to be included and how do I format the data for a map visualization?

Why are multiple of the same events and values from a single source file being indexed in Splunk?

Why am I getting error "Search not executed: The minimum free disk space (1000MB) reached for /opt/splunk/var/run/splunk/dispatch."?

How do I search a list of locked out IP addresses that are trying to access Active Directory?

How do I join these two searches?

How to configure Splunk to extract XML fields from Windows security event 4698?

User Groups | Upcoming Events!

Splunk Lantern | Spotlight on Security: Adoption Motions, War Stories, and More

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

multi-level nested JSON to table?

Matching index field value with lookup field value

extract fields from json-wrapped postfix logs?

How to configure alert when a service is in failed...

how to identify '\n' in Splunk rex