Splunk Search

Discussions

Thread Info

First Everyday

There are multiple CSVs which I generate on a daily basis. Each CSV has some critical data & has 2 columns - _time & ...

by Contributor in

How to get only latests events from an events set ?

Hello Splunkers ! We need your help, as we didn't found any answers solving our issue  We will be so grateful...

by Explorer in

How to chart with multiple values on legend

I want to have different values in the legend of a column and that the yaxis is a specific value of this legend. ...

by New Member in

Search based on two searches where one field from one search subtracts results from the other search

So i have logs coming from two different applications. They both both track certain customer requests. They both have...

by New Member in

lookup multiple fields and tables

I have a two part question about lookup tables: Q1 - I have a 1 lookup table that has multiple fields. Sometimes t...

by Path Finder in

Search comma surrounded phrase in _raw using rex

In the logged data: ....,en,us,....(one record) ....,en,in,.....(another record) (Here .... represents string data...

by New Member in

How to extract a string from a field that contains letters, numbers and characters?

731/5000 How to extract a field that can contain letters, numbers and characters, as in the example below? The field...

by Path Finder in

field extraction

I have a filed that has value something like this: ww.abcd.hongkong ww.abcd.cn ww.abcd.asiaenglish.ph ww.abc.us ...

by Contributor in

Sum of a multivalue field inside a row

Sum of a multivalue field inside a row Hi below is how my processed data look like And the expected outpu...

by Explorer in

Avg of past data vs current product data.

I have product family pens, we release a new pen named blue. I want to compare avg sales of pens in past 24hrs with s...

by Contributor in

Lookup table of key=value limits with a random assignment of key=value fields indicating consumption with different field names

I have a lookup table that has information such as resources_available_queue_a=1000 resources_available_queue_b=23...

by Contributor in

Fix table header and add vertical scrollbar using CSS and JavaScript

Hi All, I want to display 100 rows results in table per page with vertical scrollbar and fix the header when we mo...

by Super Champion in

Display the top 5 line chart field values

I'm having some trouble with getting the top 5 line values on a line chart. My current search is below index=db s...

by Explorer in

Column width adjustable table

Morning all, Im sure this may have been answered in the past, but is there away to have a table in splunk that you...

by Path Finder in

How to create a sub-search that looks for events 10 mins earlier

index=windows sourctype=bla EventCode=g host=abc user=cvb NOT [ search index=email |table _time,host |fields _time, ...

by Engager in

KV_Mode against Constant value host fields

I have a new data source that extracts quite well using KV_mode = auto (or KV_Mode=json). The data itself is a si...

by New Member in

Field extraction

I have field in my raw events src = https://www.abcd.com/shop/buy-laptop/dell-200 src= https://www.abcd.com/shop/...

by Contributor in

How to alert when a deviation has been detected in volume between two time periods?

I currently use the following query to compare volume counts between current day and a week ago: sourcetype=abc in...

by New Member in

How to create new field combined from existing fields

Hi I have such a table in which is described the proces of any TestMachine: A B C D TestStart TestStatus TestDuration...

by Communicator in

How to combine two searches into one table using count twice

I have two searches, one getting the current connections and the other getting an average. I'm trying to grab the fie...

by Path Finder in

Splunk Search

Discussions

First Everyday

How to get only latests events from an events set ?

How to chart with multiple values on legend

Search based on two searches where one field from one search subtracts results from the other search

lookup multiple fields and tables

Search comma surrounded phrase in _raw using rex

How to extract a string from a field that contains letters, numbers and characters?

field extraction

Sum of a multivalue field inside a row

Avg of past data vs current product data.

Lookup table of key=value limits with a random assignment of key=value fields indicating consumption with different field names

Fix table header and add vertical scrollbar using CSS and JavaScript

Display the top 5 line chart field values

Column width adjustable table

How to create a sub-search that looks for events 10 mins earlier

KV_Mode against Constant value host fields

Field extraction

How to alert when a deviation has been detected in volume between two time periods?

How to create new field combined from existing fields

How to combine two searches into one table using count twice

Tstats with Sparkline limiting values

Query Duo security for disabled, non-authenicated ...

Changes to user or group privileges

Outlier detection

Could not load lookup=LOOKUP-splunk_security_essen...