Splunk Search

Discussions

Thread Info

Stats table manipulation

I created the following search to audit the changes made to our network infrastructure: (index=ise Protocol=Tacacs ME...

by Builder in

Align the first column of the table

Hi Team, I have a table in the dashboard, wherein i want first column to be left aligned and rest all the columns ...

by Communicator in

Rex to optionally extract several fields

I have the need to extract fields between single quotes ( '192.168.0.1', '192.168.0.2') in a field that may contain s...

by Communicator in

Why does the Splunk Java SDK always return 500k results, but I get 800k results in Splunk Web?

The job returns 800k results in Splunk Web, whereas the Java API always returns 500k.

by Explorer in

how to ignore a column using addtotals/addcoltotals

Here is my search index="aries" splunk tt=HL7* | chart count by si , tt | addtotals | addcoltotals| rename si as...

by New Member in

Need help with a complicated field-extraction via regex

want to extract a field in splunk however Splunk Regex won't work so I am writing my own Regex. However I am struggli...

by Explorer in

How to distribute an event among many time buckets taking into account the duration of the event?

I have a group of entries that has starttime, endtime , duration and name. Some of them are concurrent some of them ...

by Path Finder in

Dashboard Title - Display date as DD/MM/YYYY

Hello there, idk how to display the date in the title of the dashboard format as DD/MM/YYYY, not in epoch format ...

by Explorer in

Chart Help

index="all_eqt" | stats sum(TotalSquareYards) as TSY by ShopOrder DefectDescription| table ShopOrder DefectDescriptio...

by Path Finder in

Bar chart with single bar does not display

We have horizontal bar charts on our dashboards and when SPL is filtered down to single bar the bar is not displayed....

by Contributor in

Writing reqular expressions

Please help me in writing the regular expression for the below: 2017-11-17 14:20:03 DueDate="11/17/2017", Identifi...

by Explorer in

how to add more than one matching criteria while getting the count

Hi @somesoni2 Can you help me with a simple search i have following requirement from a single input lookup file...

by Communicator in

Can a Splunk search call a Python script to perform data manipulation?

Hello, Before I waste too much time trying to get this to work, I'd like to know whether a Splunk search can call ...

by Builder in

custom span in timechart

Hi there, I have a set of events say 8 records. One record of particular date and other 7 records of past 7 days. whe...

by Communicator in

Is there a way of ensuring every event has a specific field?

Hi guys, My goal is to use the map command look over all ip addresses and mac addresses that have had the value po...

by Communicator in

timechart - how do I combine these two charts into one?

I have the following query: ... | timechart avg(Latency) Can I combine this with: ... | timechart count by ...

by Engager in

CPU Utilization Query

I am using this query to Fetch CPU Utilization details index=os sourcetype="cpu" | multikv forceheader=1 | eval hu...

by New Member in

Prevent Wildcard In User Input

Hi everyone, I've developed a dashboard with text input for my user. However, I do not want my users to use wildca...

by Path Finder in

Event breaking not working on Tomcat Catalina data

I have some Tomcat Catalina data and I can't for the life of me figure out why it isn't line breaking properly. There...

by SplunkTrust in

Is it possible to override the earliest and latest time in subsearch ?

Hi, I am using sub search in my dashboard. Sub search use time defiend in main search query, however I want to use...

by Builder in

Splunk Search

Discussions

Stats table manipulation

Align the first column of the table

Rex to optionally extract several fields

Why does the Splunk Java SDK always return 500k results, but I get 800k results in Splunk Web?

how to ignore a column using addtotals/addcoltotals

Need help with a complicated field-extraction via regex

How to distribute an event among many time buckets taking into account the duration of the event?

Dashboard Title - Display date as DD/MM/YYYY

Chart Help

Bar chart with single bar does not display

Writing reqular expressions

how to add more than one matching criteria while getting the count

Can a Splunk search call a Python script to perform data manipulation?

custom span in timechart

Is there a way of ensuring every event has a specific field?

timechart - how do I combine these two charts into one?

CPU Utilization Query

Prevent Wildcard In User Input

Event breaking not working on Tomcat Catalina data

Is it possible to override the earliest and latest time in subsearch ?

Removing Object from Json Array

wql query not returning any events [WMI:Services]

How to color a panel if the result is not equal a ...

How to force today's date column to display if no ...

Generate timechart with normalized/rescaled data p...