Splunk Search

Community Activity

Splunk integration with grafana Splunk newbie here!My usecase is to1. monitor AWS EC2 webserver metrics (how do I push cpu, iostat, other stats to sp... by icykewl New Member in Splunk Search 05-10-2022 0 1	0	1
How do I select first and second match as separate fields using Rex? Hello, I have 1 field in Splunk which contains 2 short email headers in plain-text, for example: From: Me (me@... by aherrington Path Finder in Splunk Search 05-10-2022 0 7	0	7
Why does the map search break my base search? So I have this search looking to send emails to people logging into a legacy SH, but the map command breaks my result... by andrew_burnett Path Finder in Splunk Search 05-10-2022 0 11	0	11
How to change Splunk Health Status - Red? Currently, Splunk cloud health is in RED. We are unable to search any query. Please help me to overcome from this cir... by alexspunkshell Contributor in Splunk Search 05-10-2022 0 2	0	2
How do I filter-out the 'resultToToss' based on the fact there's only 1 'SecondaryField' result for it? I am trying to create a Splunk Alert which -- well, the details will take too long to explain  The issue is that I'm... by ttovarzoll Path Finder in Splunk Search 05-10-2022 0 6	0	6
Why is only the first word of the value is getting extracted? Hello!I'm trying to pull in full product names into a table, but only the first word is getting pulled in. The field ... by KyleMcDougall Path Finder in Splunk Search 05-10-2022 0 6	0	6
Help on chart from subsearch- How to display a bar chart with the site field in x axis hello I need to display a bar chart with the site field in x axis For each site, I need to display 2 bar The first ba... by jip31 Motivator in Splunk Search 05-10-2022 0 1	0	1
How to Calculate time difference with _metrics events? We recently started working with metrics data. The application is sending metrics events with the dimensions: compone... by jordanking1992 Path Finder in Splunk Search 05-10-2022 0 0	0	0
How to Move the table values to the top with query? Hii,I have a data in the Splunk table like the below image. Arista ConsoleRule Host ... by vinod743374 Communicator in Splunk Search 05-10-2022 0 2	0	2
How to search a list of servers from a text file? Hello, I have been given a list of 40 servers in a text file, all servers are separated by commas for example: server... by supersnedz Path Finder in Splunk Search 05-10-2022 0 3	0	3
Why does Splunk query not return Count? Hi, I am running below query and expecting count of failureCount, warningCount in table as total count (1 row only), ... by dezmadi Path Finder in Splunk Search 05-10-2022 0 4	0	4
What can be the query so that i can display the field " API.V1.WEBS_ENTITLED_PRODUCTS" and not its value? I have the logs in this way : measures: {<!-- --> API.V1.WEBS_ENTITLED_PRODUCTS: 296 success: 300 } what can be... by payyachamy Observer in Splunk Search 05-10-2022 0 5	0	5
How to convert seconds into hours, minutes and seconds? Hi all I'm not sure if somebody already asked a question like mine.How can I convert a field containing a duartion (n... by Simon Contributor in Splunk Search 05-10-2022 2 18	2	18
How to achieve average number of events per unit of time in different days of the week? Hi. How I can compare load during the same time every day for business days? I.e. time 11:oo AM - 7:00 PM on Monday, ... by bigll Path Finder in Splunk Search 05-10-2022 0 2	0	2
How do I check, how long it took for one of the event to appear in splunk? Hello All,How do I check, how long it took for one of the event to appear in splunk? By the way, Solved: How do i fin... by msg4sunil Path Finder in Splunk Search 05-10-2022 0 2	0	2
Help with timechart drilldown without by clause hello I timechart events without a by clause \| timechart count(crash) as "crash" count(hang) as "hang" When I... by jip31 Motivator in Splunk Search 05-10-2022 0 18	0	18
How to Add missing date by each id and fill 0 or null? Hi everyone, I have a list of id and event by day. But some days are missing for some id, now I want to fill 0 or nul... by Julia1231 Communicator in Splunk Search 05-10-2022 0 1	0	1
How to select only specific values into search? Hi all, I have a table and I need to highlight the values that are greater than lets say 5 in a line graph. how to se... by badrinath Path Finder in Splunk Search 05-09-2022 0 11	0	11
How to write a Search to detect AD DSRM persistence? Hi All,Has anybody implemented a search to detect the following use case ?https://adsecurity.org/?p=1785 Any suggesti... by neerajs_81 Builder in Splunk Search 05-09-2022 0 0	0	0
How to create a timechart with a time field? I'm trying to make a time chart where it uses the time value specified in my table. Rather than the default _time va... by Marco_Develops Path Finder in Splunk Search 05-09-2022 0 1	0	1
How to create regex to capture a whole string? I have a big event and I want to capture the string between "Message=" and "UpDocCaseRepository" in other words i wan... by MOHITJOSHI Engager in Splunk Search 05-09-2022 0 1	0	1
Can someone explain what a SearchResultWorkUnit is and why it would timeout? I am using the SDK to create my first custom search command. I'm using the Splunk Free version to test it out. It wor... by grittonc Contributor in Splunk Search 05-09-2022 0 1	0	1
How to create an alert for when the VPN goes down but only when the drop lasts more than 1 minute? Hi I need to create an alert for when the VPN goes down but only when the drop lasts more than 1 minute. I would appr... by splunkcol Builder in Splunk Search 05-09-2022 0 3	0	3
Fill null delta for multiple object Hello all,I have a set of data as below. In the column is value of each id according to the time_timeid = 12345id = 1... by Julia1231 Communicator in Splunk Search 05-09-2022 0 4	0	4
How to use fieldcolors Hi, In one of my graphs I try to fixate the areacolors to red and green. However, I can't figure out how.Tried this: ... by ericvdhout Path Finder in Splunk Search 05-09-2022 0 1	0	1