Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to create dashboard which takes multiple(bulk) inputs ?

Hello, I am creating a dashboard, no matter which input can be used, but need is to paste multiple input into dashb...

by Path Finder in

Adding filter to query using IN

Can I please get some assistance on the below? I'm trying to add a filter TRAN_CLASS!=6 to the below query. When I ...

by Loves-to-Learn Lots in

Integrate Oracle Unified Directory with splunk

We have requirement to Integrate Oracle Unified Directory(Authentication and OS logs) with splunk. Action point...

by New Member in

Checking log if some values exist

Hello Splunkers, please help. I have two types of search result and i want to make alert only when 1.) occured: ...

by Path Finder in

Need to add the input lookup file in the search

Hello All "Good Day" index="aedc"| rex field=source "-_(?<source>\S+)"| rex "(?<ModuleID>MY\d+)"| rex "(?<Path>/F...

by Path Finder in

Perform SUM and DIFF on multiple fields

Hi, I'am sending some events each minute to Splunk : TIMEIDINOUT08:00A1008:00B00 08:01A2108:01B2208:01C40 ...

by Explorer in

head and sort a column inside a table generated by `stats`

`base search | stats values(zipcode), count(zipcode) as c by country | sort -c | head 10` which gives me most appea...

by Loves-to-Learn Lots in

Customize Choropleth Map legend

Hello,I have a dashboard with Choropleth map presenting events from various countries (categorical Color mode). In ...

by Path Finder in

How to check which lookup file or table have have an specific field

im looking for the field "is_prohibited=true". This is field is located in one of lookup table, event type, or tag. H...

by Explorer in

Convert timepicker token to epoch time for eval, regardless of timepicker combination

I need to compare my timepicker values (timePicker token) to the field date_e which returns an epoch value. I con...

by Path Finder in

Extract field from Filepath

I've got a number of files coming from directories similar to this.... C:\File Transfer\Relay Files\8Series_files\W...

by Loves-to-Learn Lots in

Help in field extraction

Hello, Sorry for a newbie question, I have the following event thats generated {@timestamp: 2021-06-03T17:39:34.7...

by Engager in

Splunk usage for Rpaas user

I need to know more details about splunk usage for Paas/Rpaas users. Can you define us some brief explanation ple...

by Explorer in

SPLUNK output from search query

Hello, I am trying to search the splunk log but I am getting the output in payload format. is there a way I can get...

by Loves-to-Learn Lots in

KV Store percentage depending of a value

Good morning In a kv store we have 3 columns: Subcontrol, Value1 and Value2. We are trying to calculate the perce...

by Explorer in

How to change phone number format in splunk

how can we change the phone number format. i used sed mod it is working fine but i want to store the formatted phone ...

by Explorer in

tstats, no using stats-function-field, using row-field.

Hi, I use tstats, but tstats use required argument ( stats-func ).I want to write SPL. | tstats summariesonly=t ...

by Explorer in

Creating a table that includes a column for date/time of an event

Hello! I'll try to keep things as brief and concise as I can, but what you need to know is that I'm currently buildin...

by New Member in

Dockerized Splunk Time Zone Forced to UTC

I'm having an issue with dockerized splunk post 8.1.3 free. The timezone in the web interface remains as UTC. With 8....

by Communicator in

Replace placeholders in message templates with property values

We are importing structured logs stored as json lines in a text file. An example event: { "time": "...", "template"...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to create dashboard which takes multiple(bulk) inputs ?

Adding filter to query using IN

Integrate Oracle Unified Directory with splunk

Checking log if some values exist

Need to add the input lookup file in the search

Perform SUM and DIFF on multiple fields

head and sort a column inside a table generated by `stats`

Customize Choropleth Map legend

How to check which lookup file or table have have an specific field

Convert timepicker token to epoch time for eval, regardless of timepicker combination

Extract field from Filepath

Help in field extraction

Splunk usage for Rpaas user

SPLUNK output from search query

KV Store percentage depending of a value

How to change phone number format in splunk

tstats, no using stats-function-field, using row-field.

Creating a table that includes a column for date/time of an event

Dockerized Splunk Time Zone Forced to UTC

Replace placeholders in message templates with property values

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Unify Your SecOps with Splunk Mission Control

Data Preparation Made Easy: SPL2 for Edge Processor

compare today vs last week same hour stats and giv...

Are hidden characters breaking my joins?

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...