Splunk Search

Community Activity

Help with tstats SPL query Hi Team, In below query I am trying to pull all the host from various index and match those host in a list lookup fil... by SabariRajanT Path Finder in Splunk Search 04-10-2023 0 4	0	4
How to create Splunk search based on textbox field? I have a splunk search query which shows the details but the problem here is it only shows the results if the hostnam... by srv007 Path Finder in Splunk Search 04-10-2023 0 5	0	5
Why are there different results for the same search however when rerun same results are returned? I have done a search as below to create a table in Dashboard to list the top 20 users that upload files the most to c... by TrangCIC81 Communicator in Splunk Search 04-10-2023 0 4	0	4
How to pass token from search result? Hi All, I had a panel "OS", that gives the value os in single value visualization, based on the value of os, i... by smanojkumar Contributor in Splunk Search 04-10-2023 0 1	0	1
How to create this graph in splunk I want to create this graph in splunk can some one please help me .Required graph The one that i am getting after wri... by Anidy21 Engager in Splunk Search 04-09-2023 0 5	0	5
How to change the order of stacked area chart where the small area is on top? I am very new to Splunk I need to create a stacked bar/area chart where I have two separate searches. I'd like to s... by fikristar Explorer in Splunk Search 04-09-2023 1 6	1	6
How to extract field in json format? Hi All, I have a log which is in Json format. I used spath and extracted the fields. But there is no field valu... by vineela Path Finder in Splunk Search 04-08-2023 0 6	0	6
How to use events from last 30 minutes find duplicates from last 4 hours? Could someone help me with such a query? I am running a scheduled search every 30 minutes which aims to find duplicat... by solaced Explorer in Splunk Search 04-07-2023 0 3	0	3
How to get dc and then sum of field? <search>\| eval vm_unit=case(vmSize="Standard_F16s_v2",2,vmSize="Standard_F8s_v2",1,vmSize="Standard_F4s",0.5,vmSize="... by Sathiya123 Explorer in Splunk Search 04-07-2023 0 18	0	18
特定期間を経過したデータを抽出したい (How to extract data after a certain period of time has passed?) お世話になります。現在、あるログの集計をしております。接続元IPアドレスと、接続日時をキーにして、初回接続日から10日間経過後も接続しているログのみを抽出出来るようにしたいですが、上手く抽出することが出来ません。 ※合計接続日数は... by clio706 Explorer in Splunk Search 04-07-2023 0 3	0	3
集計軸が違う場合にCount数を加工して出力する方法についてお教え下さい (How to process and output the count number when the aggregation axis is different) 集計軸が違う場合にCount数を加工して出力する方法についてお教え下さい。 index「接続情報」のデータ項目は「タイムスタンプ、ユーザ名、接続プロトコル」になります。またデータイメージは下記にタイムスタンプが付加された物になります。... by NgSplunk New Member in Splunk Search 04-07-2023 0 1	0	1
How to achieve timeline visualization of event field over time? Hello, I am trying to use the custom splunk visualisation. I have formatted my search as the following: index=my_i... by James1 New Member in Splunk Search 04-07-2023 0 1	0	1
Subsearch Hi everyone, My post is huge. sorry for that. I need suggestion from you for the query I framed.I have 2 lookup used ... by RanjiRaje Explorer in Splunk Search 04-07-2023 0 2	0	2
How to pass a token in one dashboard that will impact other panel based on values? Hi There, I had a panel "OS", that gives the value os, based on the value of os, if it were "Windows" it should... by smanojkumar Contributor in Splunk Search 04-07-2023 0 8	0	8
Request for information on CPU information app in Splunk Enterprise Security Hi there! I was wondering if there's a specific app available in Splunk Enterprise Security that can provide CPU info... by balu1211 Path Finder in Splunk Search 04-06-2023 0 2	0	2
Can someone help with regex to extract new field? Hello Team, can anyone help me with the extraction of new field input: site: mclaudelinemugasqiln.platinilemu.com:1... by pacifiquen Explorer in Splunk Search 04-06-2023 0 3	0	3
KVStore Lookup Not Returning Results A newly created KVStore collection is not returning matches for a lookup command, despite the fact it's populated. Fo... by Tom_Lundie Contributor in Splunk Search 04-06-2023 0 1	0	1
Help with Regex in transaction endswith Hi all, I try to group events using transaction. Since there are multiple endswith condition, i tried following to m... by stwong Communicator in Splunk Search 04-06-2023 0 6	0	6
How to achieve eval expression using the usecase in Splunk? Hi,I'm trying to write the spl query on usecase like alertname!="pdm" triggerred by user in between like 2 hours... by AL3Z Builder in Splunk Search 04-06-2023 0 4	0	4
Convert stats to JSON I have a user who wants to send a table resulting from \| stats values() to a summary index via the collect command, b... by wpb162 Explorer in Splunk Search 04-06-2023 0 3	0	3
How to create a dashboard of XML file? Hi, I have the following event (XML) in Splunk, how can I create a dashboard of this XML? <JOBAPPLICATION="AFT-DTA"CR... by ns102 Explorer in Splunk Search 04-06-2023 0 5	0	5
How do you prevent the map command from encapsulating the variable in quotes? The quotes can only be seen in the search.log in one of the SearchParser component events. My ultimate goal is to b... by quasikaze Explorer in Splunk Search 04-06-2023 2 9	2	9
How to to sort the date so that my graph is coherent? Hello, thank you in advance for your feedback. I would like to sort the date so that my graph is coherent, can you pl... by numeroinconnu12 Path Finder in Splunk Search 04-06-2023 0 4	0	4
How do I compare lookup field to search and print another field in lookup file? Currently in my logs I am getting the hostname of the users but not their usernames. I created a lookup table that co... by cyrus_thesplunk Engager in Splunk Search 04-06-2023 0 4	0	4
Splunk Forwarder preferred path Hi Splunkers,does anyone have an idea how to configure a preferred path on a Splunk Forwarder?I have 2 datacenters wi... by djluke Path Finder in Splunk Search 04-06-2023 0 3	0	3