Splunk Search

Discussions

Thread Info

Multi Value Fields Extraction using Props and Transform

Hi, I have log in the following format: time=12345678|hostname=shayh|product=blade1<>blade2<>blade3|username:sh...

by Path Finder in

sourcetype not applying eval and field alias

Hello All, i am trying to customize a sophos TA and i have an issue with EVAL and field alias. My props are like belo...

by Communicator in

Splunk Query to compute the count of consecutive hourly violations per day

I have data like this... Date - Hour - Sample Number 05/01/2014 - 10 - 200 05/01/2014 - 11 - 201 ...

by Explorer in

How to create a table cell conditional drilldown on click

Hi Experts , I am preparing a very simple dashboard this will have 2 input text box elements and one table which h...

by Builder in

Using regex on Extracted field

Hi, I have incoming syslog events for which I've used the Field Extraction wizard in SPLUNK to separate a the filenam...

by Explorer in

Can you put a non-tabled field in an alert title?

I want to be able to put a token in my alert title that is derived from a field NOT in the displayed results table. ...

by Motivator in

How to get ratio of different values in the same field?

How do I get the ratio for two values of the same field? When I run the following command: host=web_app action=* ...

by New Member in

how to insert a macro name as field value if the results on the search match to a macro?

I have a query which displays some statistical results. Now I want to add a column macro_match which contains the mat...

by Builder in

How does throttle work

I wonder how the throttling works if the last pipeline of the search is to redirect the results to different tools/so...

by Path Finder in

Splunk Transaction command for events multiple time/day

I am using this query "index=oswin* source="WinEventLog:System" (EventCode=6005 OR EventCode=1074 OR EventCode=6006) ...

by Communicator in

Calculate percentage from 2 tstats searches

EDIT: The below search suddenly did work, so my issue is solved! So I have two searches in a dashobard, but result...

by Explorer in

Aws dns field extraction

We are trying to do field extraction of the aws dns events, currently we are getting the events with below indexname,...

by Explorer in

Problem With keeping relevant data in the same row while expanding multi value fields

Hello, i have been trying to expand multi value fields from different source-type. Problem is that when i do expan...

by Explorer in

Data not being displayed with previous working query.

Hi Community, I've been using Splunk enterprise search and reporting since a month now and now when I try to search w...

by Path Finder in

Highlight line chart depending on value from 2nd column.

I have 2 columns. First column has values on which my splunk line chart is dependent on. Second column has values onl...

by New Member in

Calculate Maximum transaction per seconds (TPS) day wise

Hi, I want to calculate max TPS on a particular day for last 3 months for some specific URL's. I just have 5 URL's so...

by Explorer in

What is the difference between a "lookup" and a "lookup file"?

Wildly frustrated poring over the Splunk documentation -- there are absolutely no good introductions to any topic! An...

by New Member in

Issues with props.conf and EVAL function

Hi, I am trying to add new evaluation for a field in search-time. For some reason, when I run query from my search...

by Path Finder in

Expand two multi value field with different format using mvexpand

Trying to expand two multi value field using mvexpand for below scenario: Jhon purchased Mango and Banana both. ...

by Explorer in

Overlay 2 time based grouped results in a Chart

Given the 2 following searches which are both over a 30 day period (and each having multiple countries in the results...

by Path Finder in

Splunk Search

Discussions

Multi Value Fields Extraction using Props and Transform

sourcetype not applying eval and field alias

Splunk Query to compute the count of consecutive hourly violations per day

How to create a table cell conditional drilldown on click

Using regex on Extracted field

Can you put a non-tabled field in an alert title?

How to get ratio of different values in the same field?

how to insert a macro name as field value if the results on the search match to a macro?

How does throttle work

Splunk Transaction command for events multiple time/day

Calculate percentage from 2 tstats searches

Aws dns field extraction

Problem With keeping relevant data in the same row while expanding multi value fields

Data not being displayed with previous working query.

Highlight line chart depending on value from 2nd column.

Calculate Maximum transaction per seconds (TPS) day wise

What is the difference between a "lookup" and a "lookup file"?

Issues with props.conf and EVAL function

Expand two multi value field with different format using mvexpand

Overlay 2 time based grouped results in a Chart

How to get counts of same field with different inf...

How to combine search results in order to use Star...

Edit Splunk table column values on the UI

Largest files and its sizes in each Linux host

How do I only return the first name listed under e...