Splunk Search

Ask a Question

Discussions

Thread Info

How to de-aggregate the STATS result ?

I have this query where I need to use stats to aggregate the results based on account_number. Now, some of the resul...

by Contributor in

How splunk search work

Hi I have 4 huge log file that ingest into the Splunk File1 File2 File3 File4 Now i want to know whe...

by Motivator in

Cluster Map doesnt show correct events

Hello guys, I have a problem with the "Cluster Map" so I have add a log 2 weeks ago and when I do a search about t...

by Path Finder in

Setting sourcetype with a complex regex - transforms.conf

I am using transforms.conf to pull the sourcetype from the source via a complex regex. It doesn't seem to be working,...

by Motivator in

Enable/Disable indexing a debug log file on demand?

Is there any easy way to enable/disable indexing of a debug log file so that it can be indexed only when needed? We h...

by Explorer in

Passing a time restriction while using join

Hello, I would like to ask, if it is possible to pass a time restriction to a subsearch of an join ? Unfortunately ...

by Path Finder in

Distsearch.conf

Hi, What are the 4 important attributes to be considered under distsearch.conf

by Builder in

Data in source shows Y/N for fields investor, borrower, guarantor, benefic for each customer. How can I show pie chart?

I have data in source which shows Y/N for fields investor, borrower, guarantor, benefic for each customer. Need to sh...

by Path Finder in

The search you ran returned a number of fields that exceeded the current indexed field extraction limit='200'

The search you ran returned a number of fields that exceeded the current indexed field extraction limit='200'To ensur...

by Communicator in

How to count for each host

Hi every one I have some difficulty to count my consumedHostUnits I have this commande : index="dynatrace_hp" | searc...

by Engager in

need to update values of a lookup search by count

Splunk Queryindex="abc" source=def[| inputlookup ABC.csv | table text_strings count | rename text_strings as search]P...

by Engager in

How to add a new column in table results

Hi, I am providing sample data below: [2021-12-07 03:50:14,666] {{taskinstance.py:1532}} INFO - Marking task as F...

by Loves-to-Learn Everything in

Matching field values to text

I have a base search:index=oswin EventCode=19 SourceName="Microsoft-Windows-WindowsUpdateClient" earliest=-10d Comput...

by Loves-to-Learn Lots in

does OCI loggin addon work?

Hi everyone, Recently, I have tried to install the OCI addon in a test enviroment but it does not work. According ...

by Observer in

Filtering substring content

I have a search which looks at rare events in Windows Event Logs and provides output shown below. source="winevtlog...

by Explorer in

how to display stats results by values(field)

I am using the following query and trying to display the results using stats but count by field valuessearch query | ...

by Engager in

inner join

i have a query likeindex = xyz| eval assignment= upper(assignment)| eval SO = upper(SO)| eval Ser = upper(Ser)| join ...

by Path Finder in

RFE: Do not strip out formatting when using the Expand your search feature

When using the Expand your search feature, the Expanded Search String output is stripped of any custom formatting, pa...

by Engager in

using regex for field extraction

I am trying to extract the action=* from this field, in this event its add. I've trying extracting through how you wo...

by Engager in

Extract browser type and device from User agent

Hi, I've been reading number of posts about how to extract the OS and browser details but I don't think there is a be...

by Path Finder in

chart visualization

Hello I have a table with user gcid and user score and i want to show it as a bar chart so the Xis will be the gcid...

by Communicator in

Timechart , how to display value of the field

using tmechart command , I want to display values of 7 filds.. i don't want to use avg, sum functions.. just i want t...

by Explorer in

I am using geostats, I want to show multiple fields in the tooltip. Please help.

My current query source="VLS_OUTSTANDING_GEO.csv" host="dev-bnk-loaniq-" sourcetype="csv" | geostats latfield=AREA_...

by Path Finder in

Help with Stats / Tstats and exclude devices based on OS version

Hello All, We currently use the following search to list all the Windows hosts in our environment. | ...

by Builder in

time range in searches

Hi, I am using earliest and latest in sub search to get last 24 hrs data and compare it with last 7 days data to kn...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to de-aggregate the STATS result ?

How splunk search work

Cluster Map doesnt show correct events

Setting sourcetype with a complex regex - transforms.conf

Enable/Disable indexing a debug log file on demand?

Passing a time restriction while using join

Distsearch.conf

Data in source shows Y/N for fields investor, borrower, guarantor, benefic for each customer. How can I show pie chart?

The search you ran returned a number of fields that exceeded the current indexed field extraction limit='200'

How to count for each host

need to update values of a lookup search by count

How to add a new column in table results

Matching field values to text

does OCI loggin addon work?

Filtering substring content

how to display stats results by values(field)

inner join

RFE: Do not strip out formatting when using the Expand your search feature

using regex for field extraction

Extract browser type and device from User agent

chart visualization

Timechart , how to display value of the field

I am using geostats, I want to show multiple fields in the tooltip. Please help.

Help with Stats / Tstats and exclude devices based on OS version

time range in searches

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6