Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to create a dynamic table based on one search result?

Hello, I'm building a line graph with a field with "UsedSpaceGB" from the year 2009 until now so I can see the gro...

by Explorer in

Why am I getting zero results with my stats distinct count search?

Hi I wonder whether someone can help me please. I'm using the code below to run a search which works fine. ...

by Motivator in

inputs.conf wildcards and whitelist question

i would like to monitor the following in different sourcetypes, but doesnt seem to get the whitelist correct there wi...

by New Member in

multi pattern string calculation on fields and count the fields value too

I have log coming in this format. this value is dynamic and keep changing in terms of Form and numbers Counts=[100A=1...

by Path Finder in

How do I write a search to join these two lines of data and output results in a table with three columns?

Hi Splunk heads, Can you please help me with a really tricky search? I am trying to join the following two lines t...

by Path Finder in

Why is my rex command not extracting the field from my data?

Hi, My rex is not giving any results. I want to extract "XXX" from the below highlighted area. I used rex fiel...

by Communicator in

How to get a sparkline to run on a different time span?

I am wondering if it is possible to have a sparkline run on a different time span instead of the 15 minutes that I ha...

by Communicator in

How can I cache search results to avoid data recalculation?

Hi, I have a dashboard with parameterized search (it takes three arguments from timepicker and dropdowns) that takes ...

by Communicator in

How to extract more number of strings under the same field name?

my event is - "common.exceptions.CommandFailedAtServerException: concurrent.ExecutionException: common.SocketPoolEx...

by Path Finder in

How to sort chart columns where the column headers are field values?

I have the following search. index=ko_autosys sourcetype=autosys_applog_scheduler_events host="usatlb98" OR host=...

by Communicator in

How do I customize the bar colors for my dashboard bar chart?

Hi all, May i know if there is any way to change the colors of the bars in this screenshot? I want the grey part t...

by Path Finder in

How do I keep startswith from evicting a previous transaction?

Assume I have an input file like the following: 2015-07-28 12:00:01 Executing function a... 2015-07-28 12:00:02 de...

by New Member in

Why am I unable to get started with searching real-time data coming in on a TCP port?

Hi All I may be getting old and senile, but I just can't seem to get started with searching. I have added a TCP so...

by New Member in

How to add lookup files manually?

Hi Everybody, I want to ask you, how we can add lookup files into Splunk manually? I'm working on a script that ca...

by Engager in

How do I create a stacked bar chart?

I have 3 servers: host=host1, host2, and host3 From these servers I get s_status=ok, nok I would like to get a gra...

by Builder in

Pass fields from inner search to outer search

Please disregard...mods can delete.

by Explorer in

Shouldn't this map command work?

|stats count|eval cip='foo'|map search="search index=* Address=$cip$" It errors out saying "Error in 'map': Did no...

by Path Finder in

How to use Splunk to detect web attacks with PHP IDS regex rules?

I'm noodling the thought of using Splunk to detect Web attacks (similarly to Scalp) via the Apache HTTP logs. Scal...

by Path Finder in

How to find the average of a duration field in the time format %H:%M:%S:%3N ?

Using only source and a keyword, my data comes in like this: 07/29/2015-08:50:14.524 - WebContainer : 0 - [com.cgi...

by Explorer in

transforms to extract fieldname and value from cb ioc fields

I have a transform setup which seems simple enough, but does not seem to be working at all: regex101 says that the re...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to create a dynamic table based on one search result?

Why am I getting zero results with my stats distinct count search?

inputs.conf wildcards and whitelist question

multi pattern string calculation on fields and count the fields value too

How do I write a search to join these two lines of data and output results in a table with three columns?

Why is my rex command not extracting the field from my data?

How to get a sparkline to run on a different time span?

How can I cache search results to avoid data recalculation?

How to extract more number of strings under the same field name?

How to sort chart columns where the column headers are field values?

How do I customize the bar colors for my dashboard bar chart?

How do I keep startswith from evicting a previous transaction?

Why am I unable to get started with searching real-time data coming in on a TCP port?

How to add lookup files manually?

How do I create a stacked bar chart?

Pass fields from inner search to outer search

Shouldn't this map command work?

How to use Splunk to detect web attacks with PHP IDS regex rules?

How to find the average of a duration field in the time format %H:%M:%S:%3N ?

transforms to extract fieldname and value from cb ioc fields

Part 2: Diving Deeper With AIOps

User Groups | Upcoming Events!

Splunk Lantern | Spotlight on Security: Adoption Motions, War Stories, and More

Error with connecting two search queries with appe...

multi-level nested JSON to table?

Matching index field value with lookup field value

extract fields from json-wrapped postfix logs?

How to configure alert when a service is in failed...