Splunk Search

Discussions

Thread Info

Compare historical hourly average with today's hourly data

I am trying to show two things in one graph: 1) bar chart of the count of events for last 24 hours in hourly interval...

by New Member in

regex multivalue grouping

Hi Guys, I am pretty new to regex and need help with getting repeated values from one event (record). Splunk is...

by New Member in

Is anyone having issues with base searches in 7.2?

Having some strange behavior with base searches right now. For example, we have events like this flowing into Splunk:...

by Builder in

What does the error "File has no line endings" for a lookup table means?

I'm trying to upload a file to be a new lookup table and I get the following error - What can it be?

by Ultra Champion in

How do I bind values from different indexes with different fields?

Good day sirs! I have two different indexes with different fields but same value-ish. index=a: MTH=SEPTEMBER in...

by Communicator in

How do I remove a string between the first occurrence of two strings in a query?

I am trying to remove all content returned in a field between two specific strings but only from the first occurrence...

by Engager in

How do I create a drilldown for a specific cell location (not cell value) in a table?

Hi there, I read a bunch of related Splunk answers, but so far I haven't seen a solution posted to creating a dril...

by Motivator in

How do I modify ID results in a table to display a URL or filepath?

Hey there, I've been having a look around on here, and through Google, but so far coming I'm up blank. I'm look...

by Explorer in

sort coliumns row wise

Hi , I have a rsult set like this : status eSIMEntitlement selfcare oauth2 account customer catalog moat dub id...

by Path Finder in

Why is the Search and Reporting default overwritten during start up?

The default folder under SPLUNK_HOME/etc/apps/search has been overwritten and all my changes are now in a default.old...

by Explorer in

Is there a good book for learning Splunk queries?

Hi, Can someone suggest a good way (or a real good book) on how to learn splunk queries. any suggestions would be ap...

by New Member in

How do I get top values based on eval?

I have a relatively simple query with which I am evaluating a new field. I'd like to get the top values of this new f...

by Path Finder in

How do I map a field from a lookup to a Splunk index?

Hello Splunkers, I have a requirement to match a field from an index to a field in a lookup and then extract the r...

by Path Finder in

How can I create a search with the stats command which breaks up results into separate rows?

Trying to create a query that would search two different network logs (firewall and proxy) and return results. The re...

by New Member in

Why are comparisons not working with percentages as expected?

Im working with some thresholds and I'm using |eval score = if(percentage>Target, 1, percentage<=Target, 0) Looks...

by Explorer in

In a dashboard, can you help me with the HTML, CSS and Js for displaying a single number in a bubble chart?

I am trying to display number of events by day, number of events of each day in a bubble chart where bubble size depe...

by Contributor in

How to extract field values in eval with tstats?

| tstats count from datamodel=~~ where Field1="A" by B, C | eval Addition = B + C When I run above query, all val...

by Engager in

How come empty event information is being displayed?

I've been seeing some occurrences in Splunk that I haven't been able to find a reason why this is being shown We use ...

by New Member in

help with breaking events from router

Good Day All. I came across a log file which seems to be missing the carriage and ends. Can anyone assist me in break...

by Communicator in

How do I create a field that contains the differences between 2 other multi value (MV) fields?

I have a search that returns two multi value fields. I am looking to create a third field which would contain the dif...

by Explorer in

Splunk Search

Discussions

Compare historical hourly average with today's hourly data

regex multivalue grouping

Is anyone having issues with base searches in 7.2?

What does the error "File has no line endings" for a lookup table means?

How do I bind values from different indexes with different fields?

How do I remove a string between the first occurrence of two strings in a query?

How do I create a drilldown for a specific cell location (not cell value) in a table?

How do I modify ID results in a table to display a URL or filepath?

sort coliumns row wise

Why is the Search and Reporting default overwritten during start up?

Is there a good book for learning Splunk queries?

How do I get top values based on eval?

How do I map a field from a lookup to a Splunk index?

How can I create a search with the stats command which breaks up results into separate rows?

Why are comparisons not working with percentages as expected?

In a dashboard, can you help me with the HTML, CSS and Js for displaying a single number in a bubble chart?

How to extract field values in eval with tstats?

How come empty event information is being displayed?

help with breaking events from router

How do I create a field that contains the differences between 2 other multi value (MV) fields?

Best of Community @.conf20
Humans That Splunk: Meet Abhishek...
Humans That Splunk: Meet Guiseppe...

Visit our Community Blog >

How to make a new list of values that are in one l...

Strategy to search entire estate for unique server...

Python SDK - mTLS support

help fixing cli search with sourcetype specified

Oracle 12c UNIFIED_AUDIT_TRAIL to syslog server