Splunk Search

Discussions

Thread Info

How to get a Stats count of field values by country

Hi I am looking at access log data with the fields src_ip and method (get, post, head) I have been running the ...

by New Member in

useother works incorrect

Hi all. When I type "useother=f" in timechart some values are lost: fro example, I've got 5-types events: A - 10 even...

by Communicator in

How to ignore tags inside hiddensearch module

Hi, I am trying to perform field extractions in the searchtime using hiddensearch module.the following search works f...

by Path Finder in

Date Format in required form

Hi i have a Date in the below form 201304 201306 201307 I want to convert to these to below form APR-13 JUN-...

by Communicator in

props.conf for specific log format

Hi All, I'd like to create a props.conf for log files in this format: DEBUG[ScriptingSession] 2013-11-30 15:...

by Builder in

how to display data with multiple column and row?

I need to create a table which will display workweek as rows and subarea as column, meanwhile the data inside w...

by Engager in

how to create table for multiple data?

I need to create a table which will display workweek as rows and subarea as column, meanwhile the data inside w...

by Engager in

Adding fields to the output of a CLI search

In the GUI I get results plus the fields: host, source, and sourcetype Same search in the CLI I just get results, no ...

by Engager in

"Gaps" in Timechart

Hello everybody, I'm trying to do a timechart using a 3 day timeframe, for example from Jul 17 2011 00:00:00 to Ju...

by Splunk Employee in

Keeping track of repeat offenders with loopkups

I have set up a lookup table that consists of a number of offenses that need to be identified for every daily search....

by Explorer in

Concatenate date in label

Hi Everyone, Is it possible to concatenate current date and time with dashboard label e.g. my dashboard label is "Mon...

by Builder in

How would I add commas to a multi-key value, excluding the last item? OR better way to add a line break?

Hi all, CSV export of multi-key values is a bit basic at the moment. It exports each value with a space delimiter....

by Communicator in

Top 10 ip addresses denied over last 7 days

Trying to write a search that will show top 10 "repeat" offenders over last 7 days. I'm guessing an eval(if) statemen...

by Explorer in

I would like to add a description to our indexes

we make the index names very short since they will be used in searches, but we have a lot of indexes, so we would lik...

by Explorer in

any way to create an alternate name or alias for an index?

Is there a way to create an alias to an existing index so we can search by its name and it's alias: eg. index=ori...

by Engager in

Join two searches and drilldown

I have two source types, one (A) has Active Directory information, user id, full name, department. The other (B) cont...

by Path Finder in

Nested Transactions? lookup tables or a better way?

Hi, I have a single large dataset that is related as follows. Each User has a UserID, when they login a SessionID ...

by New Member in

Can i count the value for the multivalue field?

I want to count the number for the multivalue field count(eval x=commands("search passed | search sub_areaA")) AS ...

by Engager in

simple search sourcetype=X finds events but wont display them - unless field is forced

this search: index=flowspaces sourcetype=auditlog produces search results that are not displayed in the ui. if fie...

by Path Finder in

Print the strings on Splunk web UI simultaneously while python file running in background

Hi, I have a python file, whose output I am trying to show on splunk web interface. I have written some print stateme...

by Builder in

Splunk On Splunk

Why is Splunk On Splunk showing CPU usage at between 200% and 1100%? This makes me wonder if all the other monitoring...

by Builder in

Group by field / table

Hi, I am grabbing interface errors from Cisco routers (via snmpget) that form a distinct path through the network. I ...

by New Member in

Multiple Series Line Chart Dashboard

Hi everyone! I'm trying to add a new series to my line chart from my dashboard's xml file. (Which means I want to ...

by Explorer in

List of objects available in metadata

Hi Is there a list of all known objects on which I can set ACLs which Splunk's metadata files (default.meta/local....

by Contributor in

subtract csv results by metadata source

I'm trying to subtract the list of host contains in my csv file in field "clients_supprimes" to results of host not r...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to get a Stats count of field values by country

useother works incorrect

How to ignore tags inside hiddensearch module

Date Format in required form

props.conf for specific log format

how to display data with multiple column and row?

how to create table for multiple data?

Adding fields to the output of a CLI search

"Gaps" in Timechart

Keeping track of repeat offenders with loopkups

Concatenate date in label

How would I add commas to a multi-key value, excluding the last item? OR better way to add a line break?

Top 10 ip addresses denied over last 7 days

I would like to add a description to our indexes

any way to create an alternate name or alias for an index?

Join two searches and drilldown

Nested Transactions? lookup tables or a better way?

Can i count the value for the multivalue field?

simple search sourcetype=X finds events but wont display them - unless field is forced

Print the strings on Splunk web UI simultaneously while python file running in background

Splunk On Splunk

Group by field / table

Multiple Series Line Chart Dashboard

List of objects available in metadata

subtract csv results by metadata source

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!