Splunk Search

Discussions

Thread Info

Is is possible to store Splunk dashboard code in Gitlab or Bitbucket, so I don't lose the dashboard?

I want to store the Splunk dashboard code in Gitlab or Bitbucket so I do not lose the dashboard. Any ideal if its pos...

by Explorer in

How to use inputlookup in a search, but convert the field of a stats by some column by the field of another column?

I have a .csv with this format (this is a mock, just to give you an idea of the pattern) code, message, 1, "Not f...

by Loves-to-Learn Everything in

Would someone know how to find out who is logged into a specific computer?

Would someone know how to find out who is logged into a specific computer. Thanks in advance!

by New Member in

Can we delete the fishbucket for a specific index ?

Hello Experts , I am trying to delete the fishbucket but I want to delete only one index=syslog..Is there a command...

by Builder in

How to count number of values in multi-valued field?

Hello! In any event i have two fields, something like: User - BobHobbies - Singing, Dancing, Eating The "Hob...

by Explorer in

How to make conditional stats aggregation query?

Hi, I'm looking for how to make conditional stats aggregation query according to a form input "With users" (value ...

by Path Finder in

How to match the products within the same column and the result should be matching productnumber?

The result should look like the table given below.Need to find the matching product number within customers and the r...

by Engager in

How to add tooltip on each table column?

i am working on splunk cloud , i don't have access to server and i am using dashboard studio . This is my table code ...

by Explorer in

How to find out unused indexes in DMC?

Could anyone please help to find out unused indexes in Splunk DMC

by Explorer in

Can someone please give me an explanation as to what the below rex command is doing?

Can someone please give me an explanation as to what the below rex command is doing. I do not understand the w+ s+...

by Path Finder in

Found useful trick to have field values as new fields with {field}

Hello, we found useful trick to have field values as new fields, for example : | eval {statu...

by Motivator in

How to show fields conditionally in search?

Dear Splunk Community: I have the following search query: <Basic_Search> | chart count by path_template, http_s...

by Path Finder in

How to only display columns where the duration is > 1 second?

Dear Splunk Community : I have the following search query: <Basic_search> duration | stats count, avg(dura...

by Path Finder in

How to get only latest try of a job?

I need to show only the results of the job. Job try multiple times in case of failure. So if the job passed on 3rd at...

by Explorer in

How to search spath field and value pairs?

I have a log file that is coming into splunk in json format. There appear to be two fields of interest, "key" and "v...

by Path Finder in

How to look for two values that occur at the same time per host?

Hello all, I am trying to figure out the following: 1. If an alert for rule_id1 occurs at the same time on the ...

by Loves-to-Learn in

How to use multiple join commands in single search?

Hi Friends, My current query: index = pg_idx_whse_prod_events host="*" sourcetype= PG_ST_PROBE_DATA source="/op...

by Path Finder in

Search Job Investigation after search with no results shows "None"?

Hello, the following search index=index1 message_type=query NOT ([|inputlookup lookup1 | fields ...

by Communicator in

How to join two savedsearches based on a column and do a time comparison?

I have two savedsearches savedsearch1: | basesearch | stats count by _time, LocationId savedsearch2: | basesear...

by Explorer in

How can I convert it to splunk time format?

Hi, I have a field in the logs like below 2022-12-07T08:40:14.253180536 ...

by Loves-to-Learn in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Is is possible to store Splunk dashboard code in Gitlab or Bitbucket, so I don't lose the dashboard?

How to use inputlookup in a search, but convert the field of a stats by some column by the field of another column?

Would someone know how to find out who is logged into a specific computer?

Can we delete the fishbucket for a specific index ?

How to count number of values in multi-valued field?

How to make conditional stats aggregation query?

How to match the products within the same column and the result should be matching productnumber?

How to add tooltip on each table column?

How to find out unused indexes in DMC?

Can someone please give me an explanation as to what the below rex command is doing?

Found useful trick to have field values as new fields with {field}

How to show fields conditionally in search?

How to only display columns where the duration is > 1 second?

How to get only latest try of a job?

How to search spath field and value pairs?

How to look for two values that occur at the same time per host?

How to use multiple join commands in single search?

Search Job Investigation after search with no results shows "None"?

How to join two savedsearches based on a column and do a time comparison?

How can I convert it to splunk time format?

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...