Splunk Search

Thread Info

How to change the search that will convert table format to bar or column chart?

Hello Splunkers , I have the following search which gives me the the dashboard look as table...but can we make th...

by Communicator in

Creating a table combining common field from index and lookup?

by Explorer in

How to check 30 minutes after an event in Splunk for a failed login attempt?

I have a search in Splunk that returns events for failed logins. I want to be able to check 30 minutes after the even...

by Path Finder in

How to count matching events in lookup in last 30 days?

A have a lookup table that includes a "time" column (timeformat=%m/%d/%Y %H:%M:%S). Can someone please help me develo...

by Path Finder in

How to create a search that shows a daily message count and the average for each direction?

I'm trying to create a search that shows a daily message count (both inbound and outobound) and the average for each ...

by Explorer in

How to compare two searches using a shared variable?

I am trying to make 2 searches using the same index and source. The first search is looking for all entries with "...

by Engager in

Transaction ends and begins with same code- How to differentiate?

I'm trying to differentiate between cd burns and cd read codes from Window Event Viewer using WinZipBurn. From what I...

by Communicator in

Problems with dedup dropping too many records?

I am having trouble with deduping on a Salesforce object and my "feels like" here is dedup isn't doing what I underst...

by Explorer in

Field is extracted by default, but no results based on it's values?

Returns thousands of entries: index=myindex sourcetype=mysourcetype Returns all (8 atm) uuid values and all sta...

by Explorer in

In my index vital metrics, how can i find host status ( which can take up or down values)?

Hi Community In my index vital metrics how can i find host status ( which can take up or down values) Up when h...

by Explorer in

Splunk search for identifying the list of unauthorized user from the authorized users db lookup table?

We have a list of authorized user who have to specific Database and created a lookup table name "Authorized_list.csv"...

by Engager in

Does splunk support Reactive Programming in Java/Spring?

Hi team,Currently, I'm in project to work with Splunk.The project is building with Spring boot and Webflux Reactive P...

by New Member in

How to remove "Date & Time Range" from time picker using HTML code?

I have a time picker in one of my dashboards and want the time picker to only display "Date Range". I have been succ...

by Path Finder in

Why is appendcols not working aligning values correctly?

Hi! I'd like to know if someone can help me with this: I have 4 saved searches that gives back counts for WTD (...

by Explorer in

How to calculate downtime or time difference within a custom date time range

This is in continuation to my query(resolved) here - Solved: How to check time difference between a series of e... - ...

by Communicator in

Can I use search head to enhance searching speed?

I am newbie in splunk. I would like to enhance the searching speed. I am using a splunk instance in a VM (Master)...

by Path Finder in

How to start and stop a search based on certain criteria?

Short Description In short we have a particular search that we want to run during a specific period, and we want t...

by Path Finder in

How do I show only field values that are missing from one of the 2 splunk searches?

I have 2 events Event1: Document uploaded <documentId> Event2: Document viewed <documentId> I have generate...

by New Member in

Export results from KV lookup file in Lookup editor?

Hi There, I would like to export the results of kv lookup file in a lookup editor, but the results after export...

by Contributor in

Alerts not Finalizing- Is there a way to find out why it's getting stuck?

I've got an issue with a scheduled alert that keeps going to finalizing but never stops (if this happens on the weeke...

by Path Finder in

Exclude results from lookup table in search

I have a lookup table with Scheduled Tasks called Scheduled_Tasks, and only one column in it called "Task_Name". Thi...

by Path Finder in

How to make table from key-value series?

HI, I have this table with one column and 3 rows (could be more as this is a search result) and ther could be also...

by Explorer in

Trying to split the message text in a Windows event log

We are collecting Windows 2008R2 Printer server logs and have identified event_id = 307 as the log that contains info...

by New Member in

Will increasing Elasticsplunk application timeout resolve this error?

HelloI am currently managing a hybrid between Splunk and ELK (Elastisearch Logstash Kibana). Logs supporting ...

by Builder in

How do I find this string?

my string is "abcdxyz|11.2.0000|56|12120|32|1005|15|32|7742|5|54|336|446|203473<" above string is st...

by Engager in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

How to change the search that will convert table format to bar or column chart?

Creating a table combining common field from index and lookup?

How to check 30 minutes after an event in Splunk for a failed login attempt?

How to count matching events in lookup in last 30 days?

How to create a search that shows a daily message count and the average for each direction?

How to compare two searches using a shared variable?

Transaction ends and begins with same code- How to differentiate?

Problems with dedup dropping too many records?

Field is extracted by default, but no results based on it's values?

In my index vital metrics, how can i find host status ( which can take up or down values)?

Splunk search for identifying the list of unauthorized user from the authorized users db lookup table?

Does splunk support Reactive Programming in Java/Spring?

How to remove "Date & Time Range" from time picker using HTML code?

Why is appendcols not working aligning values correctly?

How to calculate downtime or time difference within a custom date time range

Can I use search head to enhance searching speed?

How to start and stop a search based on certain criteria?

How do I show only field values that are missing from one of the 2 splunk searches?

Export results from KV lookup file in Lookup editor?

Alerts not Finalizing- Is there a way to find out why it's getting stuck?

Exclude results from lookup table in search

How to make table from key-value series?

Trying to split the message text in a Windows event log

Will increasing Elasticsplunk application timeout resolve this error?

How do I find this string?

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...