Splunk Search

Ask a Question

Discussions

Thread Info

How to custom sort by column headers

I have a table that shows the number of logs by severity over each host. I want to be able to rearrange the severity...

by Path Finder in

Showing in a table results missing in a query from a set

Hi, I’m trying to perform a query in Splunk that not sure if it’s even possible… I have my query over data with a f...

by Observer in

Splunk Ad-hoc search getting auto-cancelled randomly

My Ad-hoc searches getting auto-cancelled randomly.I am running them with admin privileges.There's no problem with RA...

by Loves-to-Learn Everything in

Replace string to replace entire Message field with another message for specific EventCode??

My query searches for (Eventcode=509 OR EventCode=118) and generates output (host, Time, EventCode, Task category, Me...

by Path Finder in

rex a string from text

How do I extract the cities from this text? \"timezone\" "America/Sao_Paulo\",\"max_counter\":2,\"timezone\"...

by Engager in

how to join the two tables?

I have 2 tablesI'd like to join the tables. for example : A table str1str2str3 B table str4val1oval1str5va...

by Explorer in

Percentile values in splunk is not matching with Excel Percentile?

Dear Team, We are used p25() and p75() functions to retrieve Percentile values for a range of values in Splunk. To ...

by Path Finder in

stats latest not showing any value for field

Hi, We have following query - index=yyy sourcetype=zzz "RAISE_ALERT" logger="aaa" | table uuid messa...

by Engager in

How to use color to highlight similar host?

My query searches for eventcode and displays (host, time, task category, message) i want to use some color to highlig...

by Path Finder in

Get App Name/Folder Name using Search

Hi All, I am stuck at a scenario where if user using search in a specific app, then that app folders name should b...

by Path Finder in

WILDCARD in LookUp .csv files

Hi all, I have a challenge, that i have been struggling for the past few days, and can't find the correct solution....

by Path Finder in

unable to manipulate string from JSON (AWS CloudTrail)

I am trying to write a report of 'AccessDenied' messages in our AWS CloudTrail logs. These are in JSON format and the...

by Path Finder in

how to avoid join

Hi, I have scenario where index and sourcetype are same and i am tryng below conditions. chart dc(run) OVER app ...

by Path Finder in

IndexScopedSearch Error Details

I just ran into the problem -- Error in 'IndexScopedSearch': The search failed. More than 125000 events found at time...

by Path Finder in

Error in 'IndexScopedSearch': The search failed. More than 1000000 events found at time

So I seem to have an issue similar to the one in this question here and have accidentally indexed over 1,000,000 even...

by Path Finder in

How to use 「inputlookup」fliter duplicate domains (BIND dns query log)

hello ervery: Scenario: In my case,I use daily search create DnsQueryLog.csv,record the domains inquired every da...

by Explorer in

Convert data to hex with tostring inside chart

Hi, Can we manipulate data with functions in a chart.I have a chart table obtained with : | chart count over ...

by Engager in

How to join two searches for stats command

I have 2 queries and need to show the result of both in one table index=someindex queryType="ts" filename=PNASC.HR...

by New Member in

How to display a unit format and a color format in a single panel with an appendpipe subsearch?

Hello I use the search below [| inputlookup host.csv | table host] `diskspace` | fields FreeSpaceKB host...

by Motivator in

Comparing attendance info for two months (Feb and July)

I want to create a chart showing the attendance between pre covid (February) and current covid (July) for one of our ...

by Path Finder in

Changing the background of Single Value Viz. with dark theme

If the trend is zero, how do I not have a black background? I just want a grey background

by Path Finder in

How to color code a field value based on the newly created field?

Hi! I have a table created with Splunk search with the name of the site and projects with due dates that looks like...

by Path Finder in

inputlookup + Join search = parsing job

I have scheduled search jobs that run nightly. The first search adds fields A and B for the day to the lookup. The se...

by Explorer in

How to get previous records in splunk

Hi, I have multiple records with different data_set value. I want to get each data_set record at a time. So tried u...

by Engager in

Brute Force Query Help

I am trying to mimic the table below. I have the count of the source IP, but how do I get the count of the respective...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to custom sort by column headers

Showing in a table results missing in a query from a set

Splunk Ad-hoc search getting auto-cancelled randomly

Replace string to replace entire Message field with another message for specific EventCode??

rex a string from text

how to join the two tables?

Percentile values in splunk is not matching with Excel Percentile?

stats latest not showing any value for field

How to use color to highlight similar host?

Get App Name/Folder Name using Search

WILDCARD in LookUp .csv files

unable to manipulate string from JSON (AWS CloudTrail)

how to avoid join

IndexScopedSearch Error Details

Error in 'IndexScopedSearch': The search failed. More than 1000000 events found at time

How to use 「inputlookup」fliter duplicate domains (BIND dns query log)

Convert data to hex with tostring inside chart

How to join two searches for stats command

How to display a unit format and a color format in a single panel with an appendpipe subsearch?

Comparing attendance info for two months (Feb and July)

Changing the background of Single Value Viz. with dark theme

How to color code a field value based on the newly created field?

inputlookup + Join search = parsing job

How to get previous records in splunk

Brute Force Query Help

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions