Splunk Search

Ask a Question

Discussions

Thread Info

How to use 「inputlookup」fliter duplicate domains (BIND dns query log)

hello ervery: Scenario: In my case,I use daily search create DnsQueryLog.csv,record the domains inquired every da...

by Explorer in

Convert data to hex with tostring inside chart

Hi, Can we manipulate data with functions in a chart.I have a chart table obtained with : | chart count over ...

by Engager in

How to join two searches for stats command

I have 2 queries and need to show the result of both in one table index=someindex queryType="ts" filename=PNASC.HR...

by New Member in

How to display a unit format and a color format in a single panel with an appendpipe subsearch?

Hello I use the search below [| inputlookup host.csv | table host] `diskspace` | fields FreeSpaceKB host...

by Motivator in

Comparing attendance info for two months (Feb and July)

I want to create a chart showing the attendance between pre covid (February) and current covid (July) for one of our ...

by Path Finder in

Changing the background of Single Value Viz. with dark theme

If the trend is zero, how do I not have a black background? I just want a grey background

by Path Finder in

How to color code a field value based on the newly created field?

Hi! I have a table created with Splunk search with the name of the site and projects with due dates that looks like...

by Path Finder in

inputlookup + Join search = parsing job

I have scheduled search jobs that run nightly. The first search adds fields A and B for the day to the lookup. The se...

by Explorer in

How to get previous records in splunk

Hi, I have multiple records with different data_set value. I want to get each data_set record at a time. So tried u...

by Engager in

Brute Force Query Help

I am trying to mimic the table below. I have the count of the source IP, but how do I get the count of the respective...

by Path Finder in

Return index position of {someValue} in multi-value field

I'm using transaction to combine events & generate multi-value fields. What I want to do is keep the values of a mv f...

by Explorer in

How to print non-unique values for each row in a table?

I have a script that extracts table data from a database and loads the data to other tables in another database. Eve...

by Loves-to-Learn in

alert

Hi, How can I set an alert with firing setted to send an email to me. But when It fires on the mail it has to sho...

by Explorer in

Retrieve stats for this current and previous week

Hi,I have the following simple query searchQuery | stats count, p50(duration), p99(duration) by uri_pa...

by Loves-to-Learn in

How to generate chart with 'streamstats' and consecutive 'stats' statements

Hello Everyone! I have to generate a time chart for a calculated average with below sample query. Sample Que...

by Path Finder in

Date Comparisons

. Eg:- R06=Tue 24 Mar 2020,Wed 10 Jun 2020 ,First_Date = Tue 24 Mar 2020, Second_Date = Wed 10 Jun 2020 then compare ...

by Path Finder in

Field extraction permissions questions

Hi, If I create a field extraction in the context of App1 and set the permissions as Global and give Everyone read ...

by Communicator in

Compare field of each event with Subsearch of past each events

1. If the same JobName field name is already exists,Trying to get average of column value of JobName's elapsedtime va...

by Loves-to-Learn Lots in

Move widgets/icons (Search, Inspect, Refresh, and Export) from bottom-right corner to top-left corner in table in Splunk Dashbaord

Is there way to move "Open in Search, Inspect, Refresh, and Export" widgets in Splunk Dashboard-tables?

by Explorer in

Search related events

We have java based rest service A with logfile a.log and another rest service B with log b.logwhen A receives a reque...

by New Member in

search events from txt

I have one txt file, only one column, the txt file has around 60 SHA-256 hashes. these hashes are from malicious file...

by Explorer in

search for script launched

there are some malware enabled by word Macro and run VB script to communicate to outside. I want to find out what are...

by Explorer in

Jump to next line in Search

Hi, is it possible to jump to the next line in the search window, to make the whole search more readable? Thank...

by Motivator in

Moving beyond noob queries (comparing results)

Imagine the following data set: STUDENTEOY_GRADEGENDERSTUDENT_STATUSAlice96FemaleACTIVEBob94MaleACTIVECandice92Fema...

by Path Finder in

How to remove an entire column from results if all the values of the column are zero?

Is there any possibility to remove an entire column if all the values of the column are zero?

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to use 「inputlookup」fliter duplicate domains (BIND dns query log)

Convert data to hex with tostring inside chart

How to join two searches for stats command

How to display a unit format and a color format in a single panel with an appendpipe subsearch?

Comparing attendance info for two months (Feb and July)

Changing the background of Single Value Viz. with dark theme

How to color code a field value based on the newly created field?

inputlookup + Join search = parsing job

How to get previous records in splunk

Brute Force Query Help

Return index position of {someValue} in multi-value field

How to print non-unique values for each row in a table?

alert

Retrieve stats for this current and previous week

How to generate chart with 'streamstats' and consecutive 'stats' statements

Date Comparisons

Field extraction permissions questions

Compare field of each event with Subsearch of past each events

Move widgets/icons (Search, Inspect, Refresh, and Export) from bottom-right corner to top-left corner in table in Splunk Dashbaord

Search related events

search events from txt

search for script launched

Jump to next line in Search

Moving beyond noob queries (comparing results)

How to remove an entire column from results if all the values of the column are zero?

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Buttercup Games: Further Dashboarding Techniques (Part 5)

Customers Increasingly Choose Splunk for Observability

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...