Splunk Search

Discussions

Thread Info

Monthly reporting

I am trying to create a report that will show month over month reporting for web service average response time as a p...

by Explorer in

Status of a transaction using splunk transaction command

i am using transaction command to check the start time and end time of a transaction. I have used: | transaction...

by Explorer in

Total Duration of a User from one point to Another

The below table is for one User, like wise I have to pull the details for many users - who visited multiple url o...

by Communicator in

How to make sure Splunk does not search some indexes?

Hi Guys, We have 1 indexer and 1 Search head in 2 different datacenter locations. (Lets say DC-A and DC-B) Sinc...

by Path Finder in

Error in 'search' command: Unable to parse the search: Comparator '=' has an invalid term on the right hand side: (FNN = "A0291234567").

Hi all, Below is my search command: | inputlookup servicereport.csv | search "FNN" = [ | inputlookup extract.c...

by New Member in

How to combine multiple search

How do combine the below 2 searches into one? 1. * orderid|stats count by id returns something like 2022-03...

by Path Finder in

How to combine two searches from same index

Hi,From these logs (unique index): 2022-03-16 16:43:43.279 traceId="1234" svc="Service1" url="/customer/{customerG...

by Explorer in

How do I use appdncols command in order to aggregate in a table the result of different search?

hello I use appdncols command in order to aggregate in a table the result of different search I have 2 ...

by Motivator in

How do I fix this multisearch that is acting unexpectedly

The message format we chose uses a field called scope to control the level of aggregation you want (by request_type, ...

by Engager in

Is it possible to draw firewall connection diagram using Splunk Apps

Greetings I am new to Splunk. I need to know if it is possible to draw a diagram using the below search results: Sour...

by New Member in

How do I delete header with transpose?

hello I use a transpose command in order to have _time field displayed in column instead row First question : ...

by Motivator in

How do I filter based on average over time

query | bin _time span=30m | chart avg(throughput) by _time server Hi, I want only the avg(throughput) by _time se...

by Explorer in

How to Merge Rows in Table With Similar Data, While Maintaining Records That Do Not Match

Hello, We are currently working with two sets of data that have similar fields. We would like to align matching ev...

by Explorer in

How to find ELAPSED Time entries greater than a particular amount.

Hello, I am trying to find the list of elapsed time over a specific time using our os process sourcetype. Loo...

by Explorer in

How do I use mstats and changing aligntime to set up this alert

I had a situation where I wanted to know if the mstats p90(cpu) over 5 minutes of a host was above a certain value; b...

by Explorer in

How to include results where count is 0 in a an existing search using a csv file?

Currently I have a search query that will show when an event happens with the device_id, count, and the device name. ...

by Explorer in

How to search number of active VPN users over time

Hi all, I've been working on getting the number of active VPN users from our ASA logs by a simple query to get the...

by New Member in

How to track Windows Login failure from expired or disabled account

Hi Splunkers,I'm performing some searches to monitor Windows user failure attempts. The failure itself is not a probl...

by Path Finder in

How do I get unique within each group?

Team, Can you please help me with the splunk query for the below? Thank you Splunk query returns the below ...

by Path Finder in

How to display charts based on condition by some field

Hi , I want to display two charts , one column and line chart in single panel based on condition. For example, if re...

by Explorer in

How to add average column to timewrap table for multiple fields?

Hi there! I want to add columns to this table that I copied from the docs about timewrap. I want to add columns th...

by Path Finder in

How to include several unique IP address in the search command with src=or can I use src IN(ip,ip,ip)?

How can I include several unique IP address in the search command with src= or can I use src IN(ip,ip,ip)

by New Member in

How to change stats on optional field?

Hello Folks, I have the below query on one of my dashboard panel. Here I pass the IN_BUSINESSDATE field value f...

by Path Finder in

How to check if multiple conditions are true?

I am looking for a way to check for multiple conditions to match, and if they are met, output a specific word... such...

by Explorer in

How to create a lookup subsearch with NOT IN

I am facing following challenge. I have a lookup table myids.csv with ID's in it: ID123 I have and index also w...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Monthly reporting

Status of a transaction using splunk transaction command

Total Duration of a User from one point to Another

How to make sure Splunk does not search some indexes?

Error in 'search' command: Unable to parse the search: Comparator '=' has an invalid term on the right hand side: (FNN = "A0291234567").

How to combine multiple search

How to combine two searches from same index

How do I use appdncols command in order to aggregate in a table the result of different search?

How do I fix this multisearch that is acting unexpectedly

Is it possible to draw firewall connection diagram using Splunk Apps

How do I delete header with transpose?

How do I filter based on average over time

How to Merge Rows in Table With Similar Data, While Maintaining Records That Do Not Match

How to find ELAPSED Time entries greater than a particular amount.

How do I use mstats and changing aligntime to set up this alert

How to include results where count is 0 in a an existing search using a csv file?

How to search number of active VPN users over time

How to track Windows Login failure from expired or disabled account

How do I get unique within each group?

How to display charts based on condition by some field

How to add average column to timewrap table for multiple fields?

How to include several unique IP address in the search command with src=or can I use src IN(ip,ip,ip)?

How to change stats on optional field?

How to check if multiple conditions are true?

How to create a lookup subsearch with NOT IN

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...