Splunk Search

Discussions

Thread Info

How to compare average between two non-adjacent time periods?

Hello, what' the best way to compare averages between two non-adjacent time periods. I have bunch of api call event...

by Explorer in

Thinkst Canary Alerts

Picking up my first project for SOAR detections. Asking if anyone knows groups or sites that helped them when they we...

by Engager in

How do I table multiple data into one cell?

Hello I have a little problem with Splunk! I have a table that basically contains data in the following way numbe...

by Engager in

Why does our Index firewall ingest more logs every Tuesday?

Hello One of my company's firewall ingest more logs every tuesday to splunk which makes us go over the 10G limit p...

by New Member in

Help with regex - How to exclude multiple parentheses and slashes from a field?

Is there a more elegant way to do this? New to using rex & I can’t seem to strip out the multiple parentheses and sla...

by Explorer in

How to search multiple items from multiselect input in Dashboard studio?

Hi everyone, When I search for multiple items from multiselect, it is not working. I can s...

by Engager in

How to make two searches in the same index but different event types?

Hi! I have a log like this eventtype=000111 msg=malicious srcip=11.11.22.22 eventtype=123 msg=traffic srcip=...

by New Member in

Help with REX command

Hi, I want to create a table from the sample log file entry by computing the field names based on the entries defin...

by Observer in

How to find values between two string

I have this event:(pool-4-thread-1 18a68b34-f4af-4940-9339-6201b5004bb8) (********): do_SMSGW (Request) : &from=TULBU...

by Engager in

When using appendcols, one column doesn't have events?

My Query: index=test sourcetype=true AND private AND beta |rex field=_raw "\[private]\s(?<category>\S+\s+\S+\...

by Path Finder in

How to combine searches from multiple source files?

I have the following 2 logs DRT.log: This consists of the following log lines: {"date_time":"20220823...

by Observer in

How to use the map command to add the total event times between created beginning and end times?

I want to use the map command to add the total event times for each day during the time interval from 6am-6pm.For eac...

by Path Finder in

How to not Display Data that is less than 10 days old?

Hello all, I know this has been asked many different ways but, I cant seem to get the search correct. I am attempt...

by Loves-to-Learn in

How to get Splunk triggered alerts results url?

Hi Splunkers , Im trying to build a dashboard to capture all the triggered alerts with some custom actions to...

by Explorer in

How to set up Alert setting, in case of a large interval between messages?

Good afternoon!I receive messages from systems on splunk, several messages from one system line up in a message chain...

by Communicator in

How to get pie chart value and name to be reflected in Available and Not Available name label?

I need the count and count % to be reflected in Available and Not Available line with the value. Appreciate if i get ...

by Loves-to-Learn Lots in

How can I display a chain of all ten messages?

I have a message thread, these messages are coming on splunk.The chain consists of ten different messages: five messa...

by New Member in

How to change the heigh of panels in XML ?

Hi, How can I make both of these panels be the same height ?

by Path Finder in

Why is timestamp not showing as the default in column1 when I load the dashboard?

Hi Experts , i want to show Column1 timestamp selected as default in Date/Time Range From not sure what i am doing wr...

by Explorer in

How to write search to find error percentage for each group?

My data looks as follows: host col2 ---- ---- A SUCCESS A ERROR B ERROR B SUCCESS B SUCCESS C ERROR ...

by Path Finder in

How to write correlation search to show these alerts?

Hi Community, I have these alerts on EDR and I want to create a correlation search to show these alerts on th...

by New Member in

How to display field value into column?

status=Auto, Manual car= BMW, Honda, Audi index * | stats count(status) as Total by car Is there anyway I ca...

by Path Finder in

How do list multiple sources in a query: sourcetype=xml source="/wealthsuite/tti/current/*"?

by New Member in

How do I change the title text on the tabs from default text to a custom text?

I want to change the title text on the tabs from, for example, "Login|Splunk" or "Dashboards | Splunk 7.1.2" to a tex...

by Communicator in

Formalizing MAC address to XX:XX:XX:XX:XX:XX format

I was searing for a simple way to convert all types of mac address to "more" standard format. Found various solution...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to compare average between two non-adjacent time periods?

Thinkst Canary Alerts

How do I table multiple data into one cell?

Why does our Index firewall ingest more logs every Tuesday?

Help with regex - How to exclude multiple parentheses and slashes from a field?

How to search multiple items from multiselect input in Dashboard studio?

How to make two searches in the same index but different event types?

Help with REX command

How to find values between two string

When using appendcols, one column doesn't have events?

How to combine searches from multiple source files?

How to use the map command to add the total event times between created beginning and end times?

How to not Display Data that is less than 10 days old?

How to get Splunk triggered alerts results url?

How to set up Alert setting, in case of a large interval between messages?

How to get pie chart value and name to be reflected in Available and Not Available name label?

How can I display a chain of all ten messages?

How to change the heigh of panels in XML ?

Why is timestamp not showing as the default in column1 when I load the dashboard?

How to write search to find error percentage for each group?

How to write correlation search to show these alerts?

How to display field value into column?

How do list multiple sources in a query: sourcetype=xml source="/wealthsuite/tti/current/*"?

How do I change the title text on the tabs from default text to a custom text?

Formalizing MAC address to XX:XX:XX:XX:XX:XX format

October Community Champions: A Shoutout to Our Contributors!

Community Content Calendar, November Edition

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions