Splunk Search

Discussions

Thread Info

Can you help me with my wildcard search involving two columns?

In my Report Table, there were multiple lines of actions performed in the Active Directory. I want to take the value ...

by Engager in

How do I sum up all values on one line to give a max count ?

Hi Splunk! Would someone be able to help me with following? How do I sum up all values on one line to give a m...

by Explorer in

I have created a panel of bubble chart in that how to adjust the height to appear that in center

The top and bottom bubbles are cropped how to get the original bubble shape

by New Member in

How to pass list of values from the first search into the second search ?

Here is what I do to get required search results using two separate searches: SEARCH#1 I use the following quer...

by Explorer in

Dedup within a time range

I need to chart the sum of the values of a field by the value of another field over time (e.g. the sum of values of f...

by New Member in

How do you create a field value and pass it to a map?

So, the reason I am looking to do this search is because the logs for this system are not the greatest and, therefore...

by Explorer in

How do you run the stats count against multiple columns?

Hi all, I'm trying to find a way to combine multiple searches into 1, but all efforts have failed. I'd like to run...

by Path Finder in

How do you sum a field for requests that fail to meet a threshold?

I am trying to calculate the percentage of requests that fail to meet a threshold. Log events from this app are writt...

by New Member in

How to Create "Impossible Travel" Security Monitoring Use Case with pure SPL

I have some reservations about the usefulness of this with so much more usage of IaaS/PaaS/SaaS these days...but sinc...

by SplunkTrust in

How do you make a chart with repeating x axis values?

Hi all, I have 2 columns like that I want to plot: x y 1579 1 1707 2 1707 3 1707 4 1707 5 1707 6 1707 7 1707 8 170...

by New Member in

How do you add percentage of total for several columns in a table?

Hi all, I'm quite new to Splunk and I'm struggling trying to add percentages to a table that I built from two inde...

by Engager in

Why when I refresh splunk I loss data ?

Hello, I filll a table which has more than 60 columns and 1000 lines. But at 10am for example, all the columns e...

by New Member in

Can you help me with the following query using the join command?

Hi everybody, I have a problem with a join between two indexes. For example, I have 2 values: A and B, which ar...

by New Member in

How to pass eval value as macro parameter where my search query starts with macro itself

We have created reusable macro which was used in many reports with 3 parameters and that macro is starting point of q...

by New Member in

Can you use now() in eval-based macros?

Is it possible to use the now() function in an macro? And if so, are there any specific limitations? <p>Example ma...

by Super Champion in

How do you search for the nearest file within 7 days ago of another file?

Hello everyone, I'd like to create a bottleneck graph. Basically, I'd like to use two files. One of the files ...

by Path Finder in

How do you extract the value of output quality from the log below?

I want to extract the value of Output Quality from the below log. Critical-Lab checkRcReady for batchId ==>9a508f0...

by Explorer in

Parsing fields inside quoted fields

Hi, at search time I like to pase the key-value pairs inside the message and would like to have the whole message in ...

by Path Finder in

What rex can I use to extract a value before a string near the end of an event?

I need to extract the value where "SoftFail" from this example log is. In related logs, the value is always after ...

by New Member in

When using the timechart command, how do you show multiple Max Values?

Hi Splunk Community! Quick one for all you experts! I'm trying to timechart the following 4 separate metrics (repr...

by Explorer in

Splunk Search

Discussions

Can you help me with my wildcard search involving two columns?

How do I sum up all values on one line to give a max count ?

I have created a panel of bubble chart in that how to adjust the height to appear that in center

How to pass list of values from the first search into the second search ?

Dedup within a time range

How do you create a field value and pass it to a map?

How do you run the stats count against multiple columns?

How do you sum a field for requests that fail to meet a threshold?

How to Create "Impossible Travel" Security Monitoring Use Case with pure SPL

How do you make a chart with repeating x axis values?

How do you add percentage of total for several columns in a table?

Why when I refresh splunk I loss data ?

Can you help me with the following query using the join command?

How to pass eval value as macro parameter where my search query starts with macro itself

Can you use now() in eval-based macros?

How do you search for the nearest file within 7 days ago of another file?

How do you extract the value of output quality from the log below?

Parsing fields inside quoted fields

What rex can I use to extract a value before a string near the end of an event?

When using the timechart command, how do you show multiple Max Values?

Conditional cell format without JS?

ldapfilter does not return all attributes

Observing 30 mins dip in my Splunk Graph

When there is no result filed is displays as &quot...

SPLUNK ITSI (Cloud)