Splunk Search

Discussions

Thread Info

Reduce a list of possible names to the most common values?

I have a list of malware vendors and associated malware names, each in its own field from spath JSON output. Is there...

by Explorer in

Bucket not bucketing Z after calling chart X over Y by Z

I am trying to get the output to look like this Process Name | 10:00:00 | 10:10:00| 10:20:00...etc _______________...

by Path Finder in

How to set up an alert if Value1 > 0, a second alert if Value2 > Value1 + 5, and a third alert if Value3 > Value1 + 10?

Data: 0:01:49 1 0:06:49 1 0:11:49 1 0:16:49 1 0:21:49 1 0:26:49 1 0:31:49 1 0:36:49 1 Logic to follow: 1) 1st aler...

by Explorer in

Lookup search query results to null

csv file users_timeout_value_map.csv content. TIMEOUT,TIMEOUT_VAL default_timeout,300 transformes.conf [user...

by Engager in

How can I create a bar chart through 4 fields?

I'm using db Connect and I have this db input. So, I want a chart with 24 bars that represent range of hours. HourSta...

by New Member in

Is there something in Splunk similar in to the HTML attribute colspan to use in a table?

Hi guys I need to know if it's possible in Splunk to use the colspan in a table. Example table label prin...

by Path Finder in

Automatic field extraction is failing for one field

I have a field value named 'category' the raw values are for example. "Audit Global - ABC - Login and Logout Audi...

by Path Finder in

How to configure different color codes for Today and Yesterday to display a comparative trend timechart?

Hi I am trying to create a comparative trend chart for Today and yesterday, but i have problem with the visualiza...

by Contributor in

Why does my search with an eval if condition always return false?

Hi, I'm having difficulty in using a field in a dashboard. I have 3 fields that I'm trying to use some logic with...

by Contributor in

How to create an Alert that is triggered if the number of events is over 130 per hour and email a timechart PDF?

I have an alert that is looking when number of certain events go over a threshold per hour. For example if number of ...

by Path Finder in

How to exclude a hyphen "-" field value from my search results?

When running this search: index=syslog | stats count by UserAgent it gives me - and a whole bunch of other Us...

by Explorer in

Modifying the total value of revenue within a piechart

I am trying to graph a pie chart that reflects the percentage that TopTenRevenue is on TotalRevenue. The search strin...

by Splunk Employee in

How to exclude "DRAFT" in my regex query

Hi guys, I need to exclude returning the words "DRAFT" from the current query that I have, but I am not sure on wh...

by Communicator in

Combining and summing the results of two searches

Hi - I have two searches that have the same fields exactly but from different sources. I would like to join and...

by New Member in

How can I extract the 3 or 5 digit number and 2 3-letter words after "Request" in my sample log?

The log is: 2015-06-15 15:50:29,381 ws prd 62 WARN JourneySearch # # # # Blocked Incoming Request 13360-PSA-LIS ...

by Explorer in

How to extract session ID list and perform another search over it?

Hi folks, I need a solution for counting one thing by extracting a list of ID's from the same index. My log archiv...

by Explorer in

Calculate a percentage on chart count over some span

Hi there, I have response time data in ms in a table field ElTime. I want to band this based on 1000ms second brac...

by Explorer in

Count matches between values from two different events with different time ranges

Okay, this is a bit difficult to explain, which is also why I'm not sure it hasn't already been answered, but here go...

by Explorer in

What endpoint for schedule searches?

Using REST API to call curl command, what is the exact endpoint to hit in order to create a scheduled search with all...

by Builder in

How to use rex and sed to insert '-' and ':' in the result?

Hi, I'm new to Splunk. I have a query that extracts the date and time from the name of a log file. Logfile names are ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Reduce a list of possible names to the most common values?

Bucket not bucketing Z after calling chart X over Y by Z

How to set up an alert if Value1 > 0, a second alert if Value2 > Value1 + 5, and a third alert if Value3 > Value1 + 10?

Lookup search query results to null

How can I create a bar chart through 4 fields?

Is there something in Splunk similar in to the HTML attribute colspan to use in a table?

Automatic field extraction is failing for one field

How to configure different color codes for Today and Yesterday to display a comparative trend timechart?

Why does my search with an eval if condition always return false?

How to create an Alert that is triggered if the number of events is over 130 per hour and email a timechart PDF?

How to exclude a hyphen "-" field value from my search results?

Modifying the total value of revenue within a piechart

How to exclude "DRAFT" in my regex query

Combining and summing the results of two searches

How can I extract the 3 or 5 digit number and 2 3-letter words after "Request" in my sample log?

How to extract session ID list and perform another search over it?

Calculate a percentage on chart count over some span

Count matches between values from two different events with different time ranges

What endpoint for schedule searches?

How to use rex and sed to insert '-' and ':' in the result?

Enterprise Security Content Updates (ESCU) - New Releases

Thought Leaders are Validating Your Hard Work and Training Rigor

.conf23 Registration is Now Open!

How to extract non-english column?

how to map extracted field name (e.g actual_time) ...

Need to pass the time from one query to another qu...

KV Store status is currently unknown- How to resol...

Combining results in metric index?