Splunk Search

Community Activity

Need help on Dashboard related issue I have a dashboard in which there is a Pie chart like below I need help in this way that it has to show a label of ev... by Renunaren Loves-to-Learn Everything in Splunk Search 02-06-2023 0 3	0	3
How do I rename a Rex field? Hi , I want to rename to Required Parameters Longitude and Latitude are missing or invalid to a new value Required P... by sid_1435 Explorer in Splunk Search 02-05-2023 0 5	0	5
How to use regex in calculated fields? Hi, I've been told, that using field extractions on json is not best practis and that I should use calculated fields ... by bitnapper Path Finder in Splunk Search 02-05-2023 0 4	0	4
How to extract all the multi-values in excel? One of my field in raw data is multivalue(like array) .I can see those values in a column in Splunk , but when I try ... by kasis152 Explorer in Splunk Search 02-05-2023 0 3	0	3
Windows Event Log of Account Creation Search? Hi,I'm create search query to monitor when 3 users create accounts in an hour: index=* sourcetype="WinEventLog:Securi... by s4md0ry New Member in Splunk Search 02-05-2023 0 0	0	0
How to insert dummy data into the first few entries of a field? Here is the original table here, but I need to put some dummy data into Field_B TimeFiled_AField_B110Tom220Smith330W... by splunker-0625 Splunk Employee in Splunk Search 02-05-2023 0 3	0	3
How to get distinct count for which if condition satisfies? My Aim :This below query gives me count of success, failure by b_key, c_key. I want to get the distinct count of b_ke... by arugupta New Member in Splunk Search 02-05-2023 0 3	0	3
Calculate the difference between two fields? Dears, We have two fields in the one index, we need to compare two fields then create a new field to show only on it ... by Abdullah Explorer in Splunk Search 02-05-2023 0 12	0	12
How to convert large bytes to human readable units (e.g. Kib, MiB, GiB) Numeral system macros for Splunk v1.1.1Bytes to printing Human readable size (e.g. 4KiB, 1023.4MiB, 23.4GiB, 345,67Ti... by tfujita_splunk Splunk Employee in Splunk Search 02-04-2023 2 0	2	0
How to host regex from file input? Hey All, I'm really struggling here. I'm trying to get a universal forwarder to pull in txt logs, and edit the "h... by icewolf69 Loves-to-Learn Everything in Splunk Search 02-04-2023 0 4	0	4
How can I write a search that will list all the saved reports in my splunk environment? I need to write search queries to list all the dashboards and reports saved in my splunk environment. I was able to l... by saikatr Path Finder in Splunk Search 02-04-2023 1 5	1	5
Can you remove multiple entries from a lookup table using a search? Hi,I have a lookup table that contains a list of sessions with permitted time frames (start day & time / end day & ti... by mark_cet Path Finder in Splunk Search 02-04-2023 0 2	0	2
How to convert kb to GB? How do I convert this query to display the results in GB instead of kb? index="_internal" source="*metrics.log" per_s... by peasead Path Finder in Splunk Search 02-04-2023 0 4	0	4
Converting units in my classification breaks my alert? Hi, I had a good base search for a calculation and alerting when an upload/download happens, but now I tried to tidy... by klaudiac Path Finder in Splunk Search 02-04-2023 0 4	0	4
How to write a search to convert bytes to KB, MB, and GB, and display them based on IP of top users? Hi Splunkers I am unable to convert no. of bytes to KB, MB, and GB based on the bytes. I have used the search: s... by SanthoshSreshta Contributor in Splunk Search 02-04-2023 0 13	0	13
Does Splunk have an easier way to get FileSize to human readable format? I'm surprised splunk doesn't have an easier way to get a human readable format by passing it the field you want it to... by tb5821 Communicator in Splunk Search 02-04-2023 0 11	0	11
Having trouble with routing problem with _TCP_ROUTING? Hi, I am having trouble for routing the logs(first.txt) to separate index1/2 and second.txt to index3/4. below are ... by okumar1 Engager in Splunk Search 02-03-2023 0 2	0	2
How do I correlate across two log sources? I am writing a query to correlate across two different indexes. One index has userID field. I want the query to match... by Splunk77 Explorer in Splunk Search 02-03-2023 0 1	0	1
How to display all the values of the multi-value column(array-like) in different rows? I have the raw data in format :{"col1":"1",{col2":"2"},{.........(continue)which if I have to visualize using https:/... by kasis152 Explorer in Splunk Search 02-03-2023 0 6	0	6
Interesting fields generated from the AWS Add-On not showing up in Search&Reporting App? Hi,I have a CloudTrail data source feeding into the AWS Add-On app on a single-instance Splunk deployment.If I go to ... by mcirrici Explorer in Splunk Search 02-03-2023 0 1	0	1
Why am I unable to output from subsearch? I am having 2 index - abc - FieldA, E, F bcz - Field B, C, D. Where I want to return D, C and F where value from fiel... by harryhcg Explorer in Splunk Search 02-03-2023 0 4	0	4
Recommended architecture for my specifications? Hello, I currently have an intake that is exceeding 100GB per day and I would like to know what are the best practice... by splunkcol Builder in Splunk Search 02-03-2023 0 1	0	1
Replicated scheduled search not removed- Can I know the Period of the scheduler search and where it is replicated from? Hi, I keep receiving the warning message related "Search peer xxxxxx03 has the following message: Dispatch Command: T... by louismai Path Finder in Splunk Search 02-03-2023 0 1	0	1
Dispatch directory is full. How do we clear it up? We get an error message in the UI, saying that the dispatch directory is full. How can we clean it? We have two SHs..... by ddrillic Ultra Champion in Splunk Search 02-03-2023 1 15	1	15
Where can I find documentation for splunkd clean-dispatch command? ./splunk cmd splunkd clean-dispatch Where can I find the full documentation for this command which is used to "clea... by the_wolverine Champion in Splunk Search 02-03-2023 7 7	7	7