Splunk Search

Thread Info

Removing certain results from reports

I'm attempting to extract statistics of user logins from a custom log format and create a bar chart. I have users A, ...

by Path Finder in

How to use Subsearch to achieve this ?

I have 2 Splunk SPLs=====================index=computer_admin source=admin_priv sourcetype=prive:db account_name=admi...

by Contributor in

Help with temp tables and variables

New to splunk and been struggling manipulating search results into a final result that I am looking for. In powershel...

by Explorer in

SPL: How to calculate the average user events per unique user, per day over a 14 day period (exclude weekends)?

All, I need some help on a problem I am trying to solve. Problem: I need to calculate the average user events p...

by Path Finder in

Compare results from two separat search results

I have two separate searches that provides me the same data field in two different fieldds. I want to identify the co...

by Explorer in

How to find number of events, size (in GB), and frequencies of ingestion?

Hello, are there any queries we can use to find the Total Number of Events, Total Size/Volume (in GB) of Data, Fre...

by Motivator in

How to add hyperlinks for column values in table?

If col A contains a b c d e f, I want a separate link to be opened for each value. E.g If the user click on "a", it s...

by New Member in

Conditional regex help: How to capture two groups if they have an "exclusion type"?

hi everyone, i'm trying to parse json inline. i'm using kv mode= json already but i'm trying to achieve selective...

by Loves-to-Learn in

How to capture in chart?

Hello I have a table I want this I am not sure which tool (chart, table anything else) and a...

by Explorer in

Why is my alert report only showing the first result of every row?

I have this table and I'm trying to send it as a report/alert every morning to our teams chat group T...

by Contributor in

help to change the chart label size

Hi I use this CSS code in order to enlarge the size of the data values in the bars chart Now I also need to enlar...

by Motivator in

How to get stats max count of a field by another field?

Hi There, I am looking to produce an output where the field with maximum count is display based on another field. ...

by Communicator in

How to create a Splunk query to more easily narrow down the exact page where a device ID reset occurred?

Here is the SPL: index=name reqHost="host" | rex field=cookie "care_did=(?<care_did>[a-z0-9-]+)" | rex fi...

by Explorer in

help to solve a different syntax field between a lookup and a main search

hi I use a lookup with a field corresponding to a site name | inputlookup site.csv | search site=*paris* ...

by Motivator in

How to access a lookup created in one app in another?

Hi All, Splunk Enterprise 8.2.4 Clustered I have an issue where I have an existing app with a lookup listing al...

by Path Finder in

Is there anyway to create a file with a list of IP's that i can use in the search field?

is there anyway to create a file with a list of IP's that i can use in the search field? i am trying to search for IP...

by Engager in

Why is my chart that is grouped by values not showing up in visualization?

Hi Experts, my SPL query, ...| eval elapse_range=case(TOTAL_ELAPSE>0 AND TOTAL_ELAPSE<4, "Green",TOTAL_ELAPSE>4...

by Explorer in

How to display min and max in a timechart?

hello I use this timechart index=tutu sourcetype=titi | timechart span=15min dc(s) as "Uniq" ...

by Motivator in

Comparing fields of different events in the same log file

Hello all, I'd like to compare events in the same log files, amusing the format of the events are the same. For exa...

by New Member in

Tranpose the output result

Hi There, I have got some results in after running the below command my search | | bucket _time span=1h| stats co...

by Communicator in

How to pass a user ID to a new query?

I'm attempting to build a search around Okta authentication logs. I want to run a query to check for any Multi facto...

by Explorer in

how to search for event matching lookup table

hi, i a total newbie i need to do a search in splunk matching the domain in my lookup table (master_lookup.csv) m...

by Explorer in

How to display a message when a specific host is not ingesting?

My dilemma. index=prod_s3 sourcetype=My_Sourcetype earliest=-30m(host=2016) OR (host=2018) OR(host=2015) OR (host...

by Communicator in

Why doesn't Web app search and REST API on Postman consistently return the same results?

Hello, I have a search that runs in the web application interface (Splunk Enterprise). It returns results as and w...

by New Member in

How to create a calculated field eval coalesce follow by case statement?

I'm trying to create a calculated field (eval) that will coalesce a bunch of username fields, then perform match() an...

by Contributor in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

Removing certain results from reports

How to use Subsearch to achieve this ?

Help with temp tables and variables

SPL: How to calculate the average user events per unique user, per day over a 14 day period (exclude weekends)?

Compare results from two separat search results

How to find number of events, size (in GB), and frequencies of ingestion?

How to add hyperlinks for column values in table?

Conditional regex help: How to capture two groups if they have an "exclusion type"?

How to capture in chart?

Why is my alert report only showing the first result of every row?

help to change the chart label size

How to get stats max count of a field by another field?

How to create a Splunk query to more easily narrow down the exact page where a device ID reset occurred?

help to solve a different syntax field between a lookup and a main search

How to access a lookup created in one app in another?

Is there anyway to create a file with a list of IP's that i can use in the search field?

Why is my chart that is grouped by values not showing up in visualization?

How to display min and max in a timechart?

Comparing fields of different events in the same log file

Tranpose the output result

How to pass a user ID to a new query?

how to search for event matching lookup table

How to display a message when a specific host is not ingesting?

Why doesn't Web app search and REST API on Postman consistently return the same results?

How to create a calculated field eval coalesce follow by case statement?

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...