Splunk Search

Discussions

Thread Info

How to find users who have done an event A, but not done an event B display as timechart span of 1 month?

I want to convert the result from https://community.splunk.com/t5/Splunk-Search/Find-users-who-have-done-an-event-A-b...

by Engager in

How to add contributing fields to unique values?

Hi, I seem to be stuck with something pretty trivial. I have events with users and corresponding hostnames, eg: Us...

by Explorer in

Help comparing outputcsv to inputcsv

Hi Team.I have a big ol search that tables a bunch of resource usage data. Now i smack and outputcsv on that badboy, ...

by Path Finder in

How to condense eval search query?

Hello! Splunk newbie here - I was hoping to get some advice on how to condense this search query I have. Is there ano...

by Engager in

How to hide columnName from table?

I want to hide columName from 2nd row onwards for below table <row><panel><title>STATS : SLI/SLO Dashboard count</...

by Explorer in

How to create table from JSON?

Hello - Thank you in advance for the help. I am getting following raw data in Splunk events which I'd like to pull in...

by Explorer in

How to show to line chart for failureCount, warningCounttimechart by time?

Hi, I am using below query in my Dashboard index="deng03-cis-dev-audit" | spath PATH=data.labels.verbose_m...

by Explorer in

How to split time into 3 shifts with labels on x-axis?

Hi, I have a timechart that is currently split into 8-hour shift bins, however as it is a timechart, the x-axis only ...

by New Member in

Why am I receiving this lookup error?

hi When I call the lookup like below it works fine | inputlookup test.csv but whe...

by Motivator in

How to run a same search with multiple time ranges and append the value compare them?

Here is the example of the search looks like : index=x* OR index=y* OR index=z* Iabcd 12_* ( earliest=05/09/20...

by Observer in

How to collect data and correlate into a table?

|>TYPE|2022-04-25 18:38:40|2d7e908bo82cb8|1725357403659|HERE|TYPE/272|1,856|1.2.0|ABC|351c481f2de|NONE<||>TYPE|2022-0...

by Explorer in

How to find missing ip's from search1 in search2 and find the stats percentage missing ip's?

Hi, am trying to find list of ip's from search1 which are missing in search2 and get all the ip from search1 and c...

by Path Finder in

How to Calculate the product of a numeric field (multiplication)?

I have a field with the following values. How can I calculate the product i.e multiply all values with each other? Th...

by Engager in

How to filter out records if they match multiple criteria?

Hi there, I want to filter out some records if they match multiple criteria, for example: host service state==...

by Engager in

How to Make operations between two columns

Hello, I have this query: | mstats avg(_value) as packets WHERE index=metrics_index sourcetype=netwo...

by Observer in

Compare entry date to the selected revisit date to figure out when a user is being added to the lookup table

Here is my xml code so far:<form version="1.1" theme="dark"><init><set token="none">None</set><set token="tokTypeInpu...

by Explorer in

How to do the division of 2 values in the same field

Hi, I have a table like this: id value 1 12 2 10 I want to do this calculation...

by Explorer in

Is it possible to get a list of available indices?

I could then populate a dropdown list with indices  Somehow I could not get this done, would be cool if someb...

by Communicator in

How to display a table with status reason and count of different status reasons like "NO_ID_UPLOADED", "FRAUD_ID"?

Hi,This is splunk query and it returns nested JSON object Query:sourcetype=_json_fluentd source="***" | search me...

by Engager in

Realtime input: How to use time picker in real time in classic dashboard?

I am unable to use time picker in real time in classic dashboard is it not supported or am I having this problem. ...

by Explorer in

*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:
SOAR (f.k.a. Phantom) >>
Enterprise Security >>
Splunk Enterprise or Cloud for Security >>
Observability >>

Or Learn More in Our Blog >>

Splunk Search

Discussions

How to find users who have done an event A, but not done an event B display as timechart span of 1 month?

How to add contributing fields to unique values?

Help comparing outputcsv to inputcsv

How to condense eval search query?

How to hide columnName from table?

How to create table from JSON?

How to show to line chart for failureCount, warningCounttimechart by time?

How to split time into 3 shifts with labels on x-axis?

Why am I receiving this lookup error?

How to run a same search with multiple time ranges and append the value compare them?

How to collect data and correlate into a table?

How to find missing ip's from search1 in search2 and find the stats percentage missing ip's?

How to Calculate the product of a numeric field (multiplication)?

How to filter out records if they match multiple criteria?

How to Make operations between two columns

Compare entry date to the selected revisit date to figure out when a user is being added to the lookup table

How to do the division of 2 values in the same field

Is it possible to get a list of available indices?

How to display a table with status reason and count of different status reasons like "NO_ID_UPLOADED", "FRAUD_ID"?

Realtime input: How to use time picker in real time in classic dashboard?

Alternative to append

How to generate alarm for when CPU peaks at100% o...

Difference between per_second and span=1s in timec...

Help comparing outputcsv to inputcsv

How to hide columnName from table?