Splunk Search

Ask a Question

Discussions

Thread Info

Smart search by default

Hello, is it possible to set 'smart mode' search for all users in a search head cluster, if yes, how? Thanks.

by Motivator in

Grouping based on Regex and occurences of language

Hi, I am new to Splunk and I managed to construct the below query to generate statistics with the help of the answ...

by Engager in

I have question on SSH, i dont know how connect, anyone Can help me.

I am typing all command like splunk start, splunk help, nothing is working, i don't know what to do, every time comma...

by Path Finder in

lookup table renaming a field & map visualisation

tl;dr how does renaming a field to "search" help? how to make a map visualization with the lookup table/codes sho...

by Engager in

Which command is used to take away a field from the results display?

Is there a specific command that we use to take away a field from the results displayed?

by New Member in

Save auto-extracted fields' mini-dashboards from verbose search as named dashboard panels

When you run a standard search query (say, in verbose mode), it auto-extracts fields and displays them on the left. W...

by New Member in

show difference of 2 accumulated values in line chart

Hi, I have created a chart to show the accumulated number of open and closed ticket: My code: source...

by Contributor in

Standard Deviation Difference

Hi all, I am trying to discover the standard deviation from one set of data to another in a percentage to see if t...

by Explorer in

Is anyone monitoring user permissions/access to SharePoint / Office365 sites and files?

Hello, We currently have a use case to examine the permissions/access associated with a users Office365 or SharePoint...

by Explorer in

Dashboard panels: what's the proper use of the splunk admin_all_objects capability vs. read permission settings?

When I give admin_all_objects to a role, that role can also edit the permissions of the dashboards, but when I remove...

by Path Finder in

How to assign dates using eval

Hi, Here I want to assign Initial_L1_Decision_Date dates to Queue_to_Initial_L1_Days. There are some dates for Initi...

by Explorer in

Event Type vs Tags for multiple events

I am looking to create a way to track multiple types of events across different sources. For example, where 'web' is ...

by Explorer in

Lookup a value based on a position in the string field

I have a string of status codes per component, something, like this: 0113000000000000000 To determine what this me...

by Explorer in

Get Day of Week from Created Date Field through extraction

I have extracted a field from log files that is called file_Date and it is in the format "8/1/2017". How do get the d...

by Path Finder in

How to create a sum of counts variable

I have a query that ends with: | eval error_message=mvindex(splited,0) | stats count as error_count by error_messa...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Smart search by default

Grouping based on Regex and occurences of language

I have question on SSH, i dont know how connect, anyone Can help me.

lookup table renaming a field & map visualisation

Which command is used to take away a field from the results display?

Save auto-extracted fields' mini-dashboards from verbose search as named dashboard panels

show difference of 2 accumulated values in line chart

Standard Deviation Difference

Is anyone monitoring user permissions/access to SharePoint / Office365 sites and files?

Dashboard panels: what's the proper use of the splunk admin_all_objects capability vs. read permission settings?

How to assign dates using eval

Event Type vs Tags for multiple events

Lookup a value based on a position in the string field

Get Day of Week from Created Date Field through extraction

How to create a sum of counts variable

Enterprise Security Content Update (ESCU) | New Releases

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We’ve Got Education Validation!

Search based on a previous conditions. Or alert th...

BotS member needed !

To set up alert using saved search and map command

How to compare 2 lookups and highlight any changes...

How to change pie chart font color from within Spl...