Splunk Search

Discussions

Thread Info

How to get a count of all of the events in all datamodels with tstats

Hi, I am trying to get a list of datamodels and their counts of events for each, so as to make sure that our datamode...

by Communicator in

Put stats(values) and stats(count) in the same table (with tstats)

Hello, I need help with a dashboard Panel I need to make for a client. This guy wants a failed logins table, but m...

by Communicator in

how to calculate duration between events

Hi All, i have a events as mentioned below. 02/04/2019 19:58:01 this is from A4: message from something 02/04/2...

by Path Finder in

splunk custom command python sdk set level for logging

how do i set the logging level if i use the splunk.minining.dcutils? Is it possible to do it from within the python s...

by Contributor in

How can I pipe the results of a stats command into another search as a field to perform a boolean operation?

I'm struggling to output the results of a stats command into a new field so that I can then perform a search based on...

by Explorer in

Timechart Split by Multiple Fields for Trellis

Is there a way to split timechart by more than two fields so that I can use a trellis layout for the visualization? (...

by Engager in

Adding evaluated token breaks searchWhenChanged="false"?

I have a dashboard where the input fields are set to searchWhenChanged="false". This was working as expected until I ...

by Communicator in

In Windows Custom Events, why are the bigger JSON events while using REGEX getting truncated?

In our environment, the application writes logs into Windows Events in JSON format under Message section. We need to ...

by Contributor in

Can a subsearch return only the value (without the fieldname)?

(Copied from a legacy Splunk Forums post by user bpf) Hello I have the following problem: I have a Name. Wit...

by Splunk Employee in

Metrics and real time searches?

How should I approach RT aka real-time searches from metrics data and indexes? Should approach with the same caution ...

by New Member in

What does stats partitions do?

What does stats partitions do? How would you use this? Sample query: |stats **partitions=1** latest(Insert_Te...

by Communicator in

Is it required to set a static ip on the localhost for Splunk with Universal Forwarder to work?

I'm a student running the free Community Edition in my homelab. My host currently receives a dynamic IP. Is a static ...

by New Member in

How to create a search for lookup to get results in single search?

Hi, I have uploaded a csv file with fields User Name, A, B, C. First I need to perform lookup with another file...

by Explorer in

Can a PDF table be more than 1000 rows?

I'm in the process of building some high-priority dashboards for my management (time critical), and I'm having a prob...

by Path Finder in

How do I change the color of a table when I modify the value of a text type filter?

I have a table with 2 filters: 1. Dropdown that selects the column 2. Text box (numeric) The functionality I want ...

by New Member in

How to pass multiple search field into new search with AND/OR conditions?

Hi im currently having a search that result multiple field, and i wish to pipe those values into a new search that ma...

by Explorer in

How to get timechart value even if splunk contain no data for this "_time" field ?

Hi, I'm tryin to get the number of alerts by day. When i have alerts i see the number in statistics. But when...

by Path Finder in

How to get the where condition from a lookup source, work?

Hello I dont understand why my "where" condition doesnt work could you help me please? | inputlookup host.csv ...

by Builder in

Real Time Search Issues

We're running into an issue where are RT searches are being delayed due to the amount of concurrent searches being ra...

by New Member in

Importing a CSV file as a threat intelligence lookup list, how can I test that this file is being parsed against my data?

I just completed importing a CSV file as a threat intelligence lookup list. I followed Splunk documentation (6.2) and...

by Path Finder in

Splunk Search

Discussions

How to get a count of all of the events in all datamodels with tstats

Put stats(values) and stats(count) in the same table (with tstats)

how to calculate duration between events

splunk custom command python sdk set level for logging

How can I pipe the results of a stats command into another search as a field to perform a boolean operation?

Timechart Split by Multiple Fields for Trellis

Adding evaluated token breaks searchWhenChanged="false"?

In Windows Custom Events, why are the bigger JSON events while using REGEX getting truncated?

Can a subsearch return only the value (without the fieldname)?

Metrics and real time searches?

What does stats partitions do?

Is it required to set a static ip on the localhost for Splunk with Universal Forwarder to work?

How to create a search for lookup to get results in single search?

Can a PDF table be more than 1000 rows?

How do I change the color of a table when I modify the value of a text type filter?

How to pass multiple search field into new search with AND/OR conditions?

How to get timechart value even if splunk contain no data for this "_time" field ?

How to get the where condition from a lookup source, work?

Real Time Search Issues

Importing a CSV file as a threat intelligence lookup list, how can I test that this file is being parsed against my data?

Could not load lookup=LOOKUP-splunk_security_essen...

CIDR match not working on Splunk 8.X

Splunk App for Windows - Missing Task Category, Ty...

Jump multiple links at the same time

How are AWS logs get ingested into Splunk Enterpri...