Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to set the color of bars in a bar chart?

I need a help. For the below mentioned bar chart, I want to change the colors of bar. Like: No_of_Mod_Ops =...

by Explorer in

Why is the same search query used before & after the appendcols command producing different results in those 2 columns?

When I run "index=abc | table bytes | head 10", it returns: bytes 1665 1369 2252 893 3920 356 1803 1718 2833 533 ...

by Explorer in

How can I get actual host names or IPs for Rapid7 Nexpose data in Splunk?

The Nexpose app uses the API to get data into Splunk. The problem is that the vulnerability events don't have actual ...

by SplunkTrust in

How to sort by row totals from highest to lowest?

Hi Folks, I'm having problems sorting a chart. I want to take the overall totals in one row and sort by that. Here's ...

by Communicator in

How to display a table with bandwidth by category for Cisco WSA data?

Hi everyone, I have a Splunk server receiving Cisco WSA data. I need to display in a table bandwidth by category, ...

by Communicator in

How to search multiple indexes and join field values that don't exactly match?

Hi, I need to search in multiple indexes but the field values won't match exactly so a straight join will not prod...

by New Member in

How to build a regex for a field extraction that will match a portion of the domain for the field?

I'm looking at sendmail logs and I'm trying to pull out a portion of the domain name based on the relay. I've tes...

by New Member in

Is there a way to determine if transactions overlap?

Is there a way to determine if transactions overlap, and if so which transactions? If so, can any interesting things ...

by Contributor in

What are the benefits of the KV store vs a traditional lookup table in Splunk 6.2?

I've been reading over the 6.2 documentation for the KV store and I'm not entirely clear on what the benefits are com...

by Builder in

Using a subsearch to match a string and a field.

Hi, In one of my indexes I've got a series of pipe separated fields which has one value expressed as so: 31.22:...

by Contributor in

Reusable knowledge objects

Fields created using the below methods will persist as a knowledge objects and are reusable in multiple searches ? ...

by Motivator in

Piping/nesting Transactions - is it possible?

Problem: I need to carry out a time-based correlation across three chained sourcetypes, sourcetype A and sourcetyp...

by Explorer in

Find like strings to detect phishing

I would like to run a search on my logs so they detect fuzzy like strings. So in my current example we received a phi...

by Path Finder in

Field Extractions off host name

Hello, Our naming convention has a relatively strict set of rules on it. e.g. datacenter+envionmentnumber+sec...

by Builder in

How to write a search to return hosts that have no results in a map search?

I have a search, lets say: sourcetype=foo earliest=-1d@d | map search="search host=$host$ earliest=@d sourcetype=b...

by Path Finder in

How can I extract a field value from a folder name?

I have a file that Splunk monitors stored in F:/xxx/2014/file.csv. Is there any way to dynamically take the 2014 fold...

by Communicator in

How to search for and remove indexes in Splunk that are not being used/searched by users?

Ideally I'd like to search Splunk to determine if anyone is searching a particular index. My use case is that I'd ...

by Engager in

How do you anonymize two recognized fields in Splunk?

Hello Splunkers, I am trying to follow the logic from the below URL to anonymize some field data on the fly. http:...

by Communicator in

How to extract a complex field

I have a log that has the following: Blah blah bloh HandleBusInfoMessage=31951592=460892.509; nextcommand Blah Handle...

by Explorer in

How to break events and extract fields from Scripted Input

Here is the sample data AppPoolName : TestApp PrivateMemory : 2000 State : Started Application : IdentityType : Ne...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to set the color of bars in a bar chart?

Why is the same search query used before & after the appendcols command producing different results in those 2 columns?

How can I get actual host names or IPs for Rapid7 Nexpose data in Splunk?

How to sort by row totals from highest to lowest?

How to display a table with bandwidth by category for Cisco WSA data?

How to search multiple indexes and join field values that don't exactly match?

How to build a regex for a field extraction that will match a portion of the domain for the field?

Is there a way to determine if transactions overlap?

What are the benefits of the KV store vs a traditional lookup table in Splunk 6.2?

Using a subsearch to match a string and a field.

Reusable knowledge objects

Piping/nesting Transactions - is it possible?

Find like strings to detect phishing

Field Extractions off host name

How to write a search to return hosts that have no results in a map search?

How can I extract a field value from a folder name?

How to search for and remove indexes in Splunk that are not being used/searched by users?

How do you anonymize two recognized fields in Splunk?

How to extract a complex field

How to break events and extract fields from Scripted Input

Admin Your Splunk Cloud, Your Way

Cloud Platform | Discontinuing support for TLS version 1.0 and 1.1

New Customer Testimonials

How to troubleshoot “Error in 'inputlookup' comman...

How to configure alert when a service is in failed...

how to identify '\n' in Splunk rex

How to combine results of inputlookup and a search...

Running queries not working at all