Splunk Search

Discussions

Thread Info

Dedup field values using if"match"?

Hello all, I am attempting to put together a search where I'm taking website status (200=allowed, etc) and breakin...

by Explorer in

Saving License on Windows Events - Regex "This event..."

Hi! i've been trying to regex some part of the windows events to save license. Many windows events contains a large p...

by Path Finder in

Can't get timechart average to work

I'm trying to get the average time that a case is open in a system. To get the latest event per case that's closed ...

by Communicator in

How to search span for 1 day and 2 hours ?

This is my query and I have some challenges in the log. The thing is my daily job will start at 11 PM. If the job run...

by Builder in

How can I compare values from a lookup and alert when there is no mach?

Hi, I have a lookup tables with user names (ftp_users.csv). Every day I'm getting one line from a particular sys...

by Path Finder in

Tstats Summary Join Different Search Ranges

Hey Guys, I am struggling arround a few days now, but I cant find a good/efficient solution for my problem. I wan...

by New Member in

SPL Search - Alert if not true (transaction)

I have written a rule that is trying to use a transaction and based on the transaction value to either alert or not. ...

by Contributor in

How to change a single panel color based on text result with unit format ?

Hi In the search below, I would be able to change the background color following the value of the FreeSpace field ...

by Motivator in

Comparisons

If suppose i have two Phases with first and last datePhase 1=1 JAN 2020, 1 March 2020 Phase2=1Apr 2020,1jun 2020 ...

by Path Finder in

How to calculate Uptime?

Splukers, I want to calculate uptime for my network. By this I mean, I need uptime in hours like time diffrence be...

by Explorer in

How to change the background color table fieldname

Can some one please help me to change the background color of Table fieldname. By default I am getting the fieldnam...

by Explorer in

Timechart of values

This is probably a really simple question but I have events coming in every minute. I've used | rex field=_raw ......

by Path Finder in

How to set a splunk token in a search query

I've created a text form input called 'username' to search for usernames in my dashboard panels and i've set the toke...

by Explorer in

Search Json Field Using Dynamic Variable

Hello, I have json data and I am trying to search a specific field using a dynamic variable. I can properly sea...

by Explorer in

How do i extract backdoor info from a linux log file into my splunk dashboard ?

I have uploaded the log file containing the backdoor information above into splunk but i'm not sure how to create a s...

by Explorer in

Why do i get 'Search is waiting for input' error?

I've created a dropdown field for New User Accounts Created(Failed Attempts) And this is the search quer...

by Explorer in

How do i extract virus info from a linux log file into my splunk dashboard ?

I have uploaded the log file containing the virus information above into splunk but i'm not sure h...

by Explorer in

use source within map command

Hi, I have several log files that I´m "batch indexing". for example: file01.log file02.log file03.log f...

by Path Finder in

stats count by generating inconsistent result

I have a very simple search: index=logs_glbl sourcetype=kube:container:app-name namespace=prod status=500 | stats c...

by Explorer in

How to extract multiple values for multiple fields within a single event?

I have syslogs from our load balancer which has 4 servers on it. When one of the servers states changes from UP to ...

by Path Finder in

How to combine two field values into one

I have got a query like this index=* request in (request1, request2, request3) eval request&& = request1 + r...

by Explorer in

Table with true and false (column) counts for specific users (rows)

Hi there, I have just started using Splunk and it is quite alie...

by Explorer in

Join index's together.

HI all, I have 2 index, that have same common field together. I want to join both together. Query 1: ...

by Communicator in

Help With Event Cleanup - Remove "-"

I am having a problem with what i believe is writing a regex to clean up some events before i report on them in dashb...

by Path Finder in

Generate timechart with normalized/rescaled data points

Hello, I'm trying to analyze an A/B test results on access pattern changes for a specific field. Simplified query...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Dedup field values using if"match"?

Saving License on Windows Events - Regex "This event..."

Can't get timechart average to work

How to search span for 1 day and 2 hours ?

How can I compare values from a lookup and alert when there is no mach?

Tstats Summary Join Different Search Ranges

SPL Search - Alert if not true (transaction)

How to change a single panel color based on text result with unit format ?

Comparisons

How to calculate Uptime?

How to change the background color table fieldname

Timechart of values

How to set a splunk token in a search query

Search Json Field Using Dynamic Variable

How do i extract backdoor info from a linux log file into my splunk dashboard ?

Why do i get 'Search is waiting for input' error?

How do i extract virus info from a linux log file into my splunk dashboard ?

use source within map command

stats count by generating inconsistent result

How to extract multiple values for multiple fields within a single event?

How to combine two field values into one

Table with true and false (column) counts for specific users (rows)

Join index's together.

Help With Event Cleanup - Remove "-"

Generate timechart with normalized/rescaled data points

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions