Splunk Search

Discussions

Thread Info

Why the error "sh: /opt/container_artifact/splunk-container.state: Permission denied"?

we are using ocp-4.10 deploying splunk/splunk:7.2.2 image but pod is going into crashbakloopoff state and in logs we ...

by New Member in

Why the error "sudo: unable to send audit message: Operation not permitted" after installation?

we are doing splunk integartion with ocp-4.10 so need to install splunk but After installation of splunk getting erro...

by New Member in

How to use tstats to calculate avg response times?

Hello All, I need help trying to generate the average response times for the below data using tstats command. Need...

by Explorer in

How do I convert a time duration to a number?

Hi Team,I have a field which has the values in the below string format: HH:MM:SS.3N 0:00:43.096 22:09:50.174 ...

by Path Finder in

Is there a query that let's us know when the UF version on the machines have changed?

Hello folks, we have some linux machines with UF installed on that connect to our search head. We haven't acces...

by Explorer in

Is it possible to turn 8 product charts into one table with Sparklines/Trendlines?

Hi, I am looking to grab a hand at turning 8 product charts into one table with Sparkline's if possible for trend tra...

by Explorer in

How to plot P95,P99,P75, mean and median response times values using tstat?

Hello All, I need help trying to generate the P95,P99,P75, mean and median response times for the below data using...

by Explorer in

How to hide search results until the search is complete?

I want no results of a search to display until the search has completed. The search I am running displays any users w...

by Explorer in

How do I compare query result with lookup result?

Hello I have a query that running a rest command, one of the fields is "action.email.to"also i have a lookup table...

by Communicator in

What's the meaning and mechanism of form.multiselect_lines (with the pattern form.<input_token>?

I see an interesting Simple XML idiom below: <input type="multiselect" token="multiselect_lines" searchWhenChan...

by Communicator in

How to set a token when the field exists?

I'm looking for a way to set a token when the column exists (regardless of value). Tried these with no luck. <ev...

by Path Finder in

How to use dropdown value in different ways?

I have a dropdown whose value once input needs to be used in two different ways in the same search query. One of the ...

by Path Finder in

rex search returning everything instead of the one I'm trying to search, what am I doing wrong?

My rex search is returning all the rows instead of the one being searched. What am I doing wrong? index=cloudw...

by Explorer in

How to plot a graph with field having duplicate values

Hi, I have a scenario where I receive multiple requests which contain same field value basically OrderNumber. So the ...

by Path Finder in

Rex to extract values from jason type format logs?

Currently I am trying to extract the crossReferenceId value using below rex query. Its working fine and I can extrac...

by Explorer in

How can I delete notable events in ES?

A notable event triggered 30000 notables how can i delete them all?

by Engager in

Search to get info from lookup file if event field contains data from two field in lookup file?

Want to create search to get info from lookup file if event field contains data from two field in lookup file. log...

by Loves-to-Learn Everything in

Detection exclusion setting by using Regex?

Hi, everyone.Need some help for detection exclusion setting. Want to exclude detections of the files which are appli...

by Explorer in

How to get rows into columns from rows values?

Hello dear Splunk experts! I've stuck with one search and can't figure how to do this. Did a lot of searching he...

by Engager in

Help adding pipe "l" for all results

Hello - I am getting the below error. I am trying to add pipe "|" for all the results. Error : Failed to parse ...

by Communicator in

How to achieve proper search for timechart with where clause?

Here is my search: source="WinEventLog:Security" EventCode=540 | timechart span=1h count by User This gives me ...

by Motivator in

Can someone explain the parameters of <search>?

Hi Team! Someone please explain to me what each parameter is responsible for in such a search tag: <search><que...

by Engager in

How to exclude results in search?

I want to exclude duration results if greater than 7 days. So i used search NOT but it is not working. Can someone...

by Contributor in

How to fill sparse data in a table for alert?

I have a query which results in a table: "some words" | stats dc(host) as host_count by zone, region ...

by New Member in

How to set x axis time interval for line chart every 1h?

HI Team,I am getting 2 hr time span only if i mentioned the 1 or 3 or 4 hours span too in the visualization line char...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why the error "sh: /opt/container_artifact/splunk-container.state: Permission denied"?

Why the error "sudo: unable to send audit message: Operation not permitted" after installation?

How to use tstats to calculate avg response times?

How do I convert a time duration to a number?

Is there a query that let's us know when the UF version on the machines have changed?

Is it possible to turn 8 product charts into one table with Sparklines/Trendlines?

How to plot P95,P99,P75, mean and median response times values using tstat?

How to hide search results until the search is complete?

How do I compare query result with lookup result?

What's the meaning and mechanism of form.multiselect_lines (with the pattern form.<input_token>?

How to set a token when the field exists?

How to use dropdown value in different ways?

rex search returning everything instead of the one I'm trying to search, what am I doing wrong?

How to plot a graph with field having duplicate values

Rex to extract values from jason type format logs?

How can I delete notable events in ES?

Search to get info from lookup file if event field contains data from two field in lookup file?

Detection exclusion setting by using Regex?

How to get rows into columns from rows values?

Help adding pipe "l" for all results

How to achieve proper search for timechart with where clause?

Can someone explain the parameters of <search>?

How to exclude results in search?

How to fill sparse data in a table for alert?

How to set x axis time interval for line chart every 1h?

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions