Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

combining stats question, can I do this as one search instead of appending 2?

BASE_SEARCH | rex field=dest_host "^(?<hostname>([a-z0-9\.\-]*\.)?(?<Domain>[a-z0-9\-]{2,}(?=\.[a-z\.]{3,})\.(?<tld>...

by Path Finder in

Timechart with no data gives "No results found"

I want to show the number of bad errors each minute over an hour time period to show as an embedded report. I am u...

by SplunkTrust in

Match values under 2 different fields

Need help. Appreciate in advance. I have 2 lookup csv. I need to match each value under "numberX" field against th...

by New Member in

SPL to find users NOT in ldapsearch subsearch results

Looking for how to query for users that are logging in via Remote Desktop which are not in a certain OU in Active Dir...

by Contributor in

Timechart last month to prior month comparison with trend

Hi, I am trying to compare the number of events from last month to the prior month. So January and February and displ...

by Path Finder in

How to inputlookup a csv file which contains only the hostnames and get the field values of A,b and C?

I have a lookup file which contains a list of hostnames under the field Host like below Host abd addf fdfs Now...

by Builder in

Map/Join Search query with lookup, when field in null

Hello, I am trying to Join/map Search query result with lookup table. I am close to perfect query, Just not be abl...

by Builder in

Why am I getting "Error in '| metadata' " when trying to get the earliest event in a particular index?

I am attempting to determine the earliest event in a particular index by executing the following search over All Time...

by Builder in

Issue combining 2 sourcetypes into 1 table

I am using the following search: index=nessus sourcetype="nessus:plugin" OR sourcetype="nessus:scan" each time ...

by Explorer in

Sorting Multi value Field

Hi , I have to sort 2 multivalue fields and need to compare. Please provide me some example. Thanks Sathish R

by Contributor in

Average of the total count

Hello all, How can I get the average of the output as below? Calculation is 40 + 20 + 50 / 3 = 36.6 REQUEST...

by Path Finder in

How to remove "Other" option from Time Range Picker

I have "Other" as a drop-down option in my Time Range Picker. I have separate times.conf file for my application in ...

by Path Finder in

Group my data per week

Hi All, I am currently having trouble in grouping my data per week. My search is currently configured to be in a r...

by Engager in

Query doesn't work under CURL call (but is fine under user interface)

Hi; I have a query that ends as follows | stats count(eval(HttpStatus LIKE "2__")) AS success count(eval(HttpStat...

by New Member in

Removing the "not found" results from a pie chart in csv format

Hello All, I have csv data like this ip address, Ports Open 192.168.1.1, 80 192.168.1.2, 81 192.168.1.3, none...

by Engager in

Count number of field value per source and show as table

I have a field named "router" that has multiple values and have three sources. I would like to count the router value...

by Communicator in

Search for Error only in the latest log file coming from different hosts

My original search Query returns results- index="ver_logs" "ERORR detected" | rex field=source "VerLogs\\\(?.*?)...

by Contributor in

How to extract fields from xml in a lookup table?

I have a lookup table where one of the field columns is xml format. I'm trying to extract fields from the xml entries...

by Communicator in

How to search Events on Hosts in Inputlookup File?

I have a CSV that I've created via ldapsearch, that contains a single column with 'cn' and then a list of servers. ...

by Communicator in

Correlation Events and Discard Events

Hello, I need your help to correlation some transactions by a number of reference and responses Input and Output but...

by Engager in

Splunk Search

Discussions

combining stats question, can I do this as one search instead of appending 2?

Timechart with no data gives "No results found"

Match values under 2 different fields

SPL to find users NOT in ldapsearch subsearch results

Timechart last month to prior month comparison with trend

How to inputlookup a csv file which contains only the hostnames and get the field values of A,b and C?

Map/Join Search query with lookup, when field in null

Why am I getting "Error in '| metadata' " when trying to get the earliest event in a particular index?

Issue combining 2 sourcetypes into 1 table

Sorting Multi value Field

Average of the total count

How to remove "Other" option from Time Range Picker

Group my data per week

Query doesn't work under CURL call (but is fine under user interface)

Removing the "not found" results from a pie chart in csv format

Count number of field value per source and show as table

Search for Error only in the latest log file coming from different hosts

How to extract fields from xml in a lookup table?

How to search Events on Hosts in Inputlookup File?

Correlation Events and Discard Events

Tstats with Sparkline limiting values

Query Duo security for disabled, non-authenicated ...

_time column always moves to end after rendering s...

Comparing 2 Atrributes in different indexes

Changes to user or group privileges