Splunk Search

Discussions

Thread Info

How to group the data

We have the count of different fields We need to get all that data on x-axis for the that we are using appendcols mor...

by Loves-to-Learn Everything in

How do I make list of unused knowledge objects & contents that are also out dated? Thank u very much for your reply.

How do I make a list of unused knowledge objects like KVstores, Data models , data sets specially the ones that are o...

by Builder in

Restful API: cannot change the 'removable' attribute of savedchanges

Below is the Bash script to change the ACL of a saved search: URL="https://splunksearch3.shatin.link:8089/services...

by Communicator in

Piping stats results into table

Can you combine pipe stats into a table

by New Member in

Only showing latest value in a multi-value cell

Hi all, I have the following command which produces a table with one fixed column (Artefact) and the remaining colu...

by Path Finder in

PROPS Conf-TIME_PREFIX and TIME_FORMAT for Complex Source File

Hello, I have a complex data source (sample events given below). Is there any way I can write TIME_PREFIX and TIME...

by Motivator in

How can we use predict command with tstats?

Hi, I have the following search that works against a datamodel to plot a timechart. How can I use predict command w...

by Builder in

Extracting a field from delimeter value

My fields have values like, UTR998760071.unot.utrl.accorda.netRANWA80A8881.cnet.utrl.matrixia.netANNA00A0071.tron.u...

by Contributor in

Trouble creating column chart based off 1 event

Hi, I am attempting to create a simple column chart using JSON data from a single event. The Rows{}.S03PERFC valu...

by Engager in

Ordering an alpha numerical column and highlighting

Hi all, I have the following dataset: Name TitleDaysRemainingTomWest50MartinerrorerrorBilly Winter5103WillFable2 ...

by Path Finder in

Splunk 8 installation - Ubuntu default python used

Hello everyone,When I install Splunk enterprise on my personal Ubuntu machine, it directly changed the default python...

by Contributor in

Creating a Scatter Plot Graph using 3 data series

I have the following data of red, green, and blue light levels over time that I would like to plot on a scatter plot ...

by New Member in

Search Contains / Like between index and csv file as well as NOT Contains / Like

Hi, I am trying to figure this out - I have a data set that I need to compare the DNS values. The index data contai...

by Explorer in

SubSearch - Selecting the last mention of an incident number

Example: a series of events all have the same incident number (1170820) outlining the lifecycle of the ticket (from o...

by Explorer in

Converting event into fields and values

Hi all, I'm trying to convert the message body of my events into fields. The structure of the event message is i...

by Path Finder in

Lookup Table as input for Dashboard

Hello, I would like to enter the info from a lookup table into my dashboard search. lookup table name: FIP.cs...

by New Member in

Need help with XML extraction

Hi All, I need to extract the fields from the below xml data tried xpath and xmlkv but not working as expected.<it...

by Loves-to-Learn Lots in

timechart no results found

I have the follow query index=index |spath output=traceSteps path=traceSteps{}|table traceSteps|mvexpand traceSteps...

by Explorer in

List of AD groups a user was removed from

How do I get a list of AD groups a specific user was removed from in the last week please. We had a Helpdesk perso...

by New Member in

How do I find what source/sourcetype caused this error: "The search failed. More than 1000000 events found at time"

Search failed with error msg: Error in 'IndexScopedSearch': The search failed. More than 1000000 events found at t...

by Path Finder in

Percentile total transactions as a percentage of total transactions

Hello, I have the bellow search: index=test sourcetype=Test |stats count by _time |eventstats perc99(count) a...

by Communicator in

How to search for 3 failed logins followed by 1 successful login from one user to find brute force attacks?

Hello, The question is pretty straightforward. I would like to alert if 3 failed logins followed by 1 successfu...

by Super Champion in

match_cidr = CIDR() config not working as expected

So I need to run search on a firewall index where I need to look for field values matching from two lookup files, one...

by Contributor in

Can someone point me to a table that shows what color equates to what hex value?

I'd like to force consistency across all dashboard charts. For instance, in all charts, I'd like a certain server or ...

by Explorer in

rename command is changing time format

Hi all, I have a field that has a time value such as (_time field): 2021-08-12 15:18:42 However, when I got to ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to group the data

How do I make list of unused knowledge objects & contents that are also out dated? Thank u very much for your reply.

Restful API: cannot change the 'removable' attribute of savedchanges

Piping stats results into table

Only showing latest value in a multi-value cell

PROPS Conf-TIME_PREFIX and TIME_FORMAT for Complex Source File

How can we use predict command with tstats?

Extracting a field from delimeter value

Trouble creating column chart based off 1 event

Ordering an alpha numerical column and highlighting

Splunk 8 installation - Ubuntu default python used

Creating a Scatter Plot Graph using 3 data series

Search Contains / Like between index and csv file as well as NOT Contains / Like

SubSearch - Selecting the last mention of an incident number

Converting event into fields and values

Lookup Table as input for Dashboard

Need help with XML extraction

timechart no results found

List of AD groups a user was removed from

How do I find what source/sourcetype caused this error: "The search failed. More than 1000000 events found at time"

Percentile total transactions as a percentage of total transactions

How to search for 3 failed logins followed by 1 successful login from one user to find brute force attacks?

match_cidr = CIDR() config not working as expected

Can someone point me to a table that shows what color equates to what hex value?

rename command is changing time format

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6