Splunk Search

Discussions

Thread Info

[help]stats with key and value extracted by rex not return correct result.

Hi team, I have below 2 events: C_BN="[{pmRating:3},{riskOfLoss:9}]"C_BN="[{sysOverallPerformance:3},{sysOverallP...

by Path Finder in

Group count percentage by key

We have 5 host and 3 on west 2 on east, and each of them take x% of request, the stats we have right now looks like: ...

by Observer in

How to format a custom time field

Hello, I have a search running that shows the custom "Sign-on_Time" field in a table. I want to format it to a mor...

by Path Finder in

Search not retuning all values from a array search

HI Im trying to get data from an object containing an array, and my search returns some of the results but i cant s...

by New Member in

Detect Brute Force auth success after multiple failures

Hi, I'm trying to detect brute force activity by detecting multiple auth failures followed by success. I started w...

by Explorer in

[SmartStore] How is the Replication of Summary bucket managed in Splunk Smartstore?

there has been a huge spike in the number of uploads, resulting in many more failed uploads from throttling than ...

by Splunk Employee in

How to convert string into percentage

I want to convert a column of text values into percentage. STATUSontimelateontimelate

by Loves-to-Learn Lots in

Join multiple fields and change their name

Hi everyone, I have some data with a lot of fields. Some fields represent the same data, but with different field...

by New Member in

Restrict search to a role using a search restriction is not working

Hi All. I have a local instance on my laptop for demo purposes, so no complex deployment on this machine. I have ...

by Path Finder in

calculating field percentages before stats command

index= base search | stats count, avg(ElapsedTime) as duration, by requestName, LogType, errorMessage, HttpStatus, i...

by Loves-to-Learn in

command="predict", Too few data points: 0. Need at least 1 (too many holdbacks (0) maybe?)

Hello, I have tried the following command to forecast recipient using predict command and Forecast time series assi...

by Path Finder in

How to compare events from two sources to find outliers in data?

Hi, I'm trying to compare events from two sources to show where the outliers are (they "should" be the same but we...

by Communicator in

How to create a single query that can show Internal AND External users all in one table.

All users are located under POP_Address. If the POP_Address = 192.168.* or 172.16.*, etc, we consider them to be inte...

by Explorer in

Table containing url, total requests, error responses

Seems pretty simple, but it's kicking my butt so here I am. I've tried more variations than I'd like, but I have a to...

by Loves-to-Learn Lots in

How to track memory/cpu usage per search execution (on Search Head/Indexer)?

Hi I am looking for a way to track memory/cpu usage per search execution on search head and indexer. I thought I c...

by Motivator in

Extract a Particular value from a already extracted field

Hi Team, I have extracted a field which contains some response. From that response in that field I need only ce...

by Engager in

Search and display results of a single field among two sourcetypes

Hello, I have a sourcetype called "signons" and it has a field called "Session_ID" and "System_Account" In my se...

by Path Finder in

Source IP not plotting on cluster map

I'm trying to plot source IP Addresses (src_ip) from web events on a cluster map but it does not seem to work. It ...

by New Member in

rex

I'm trying to extract this line from my linux logs in splunk using rex but I'm not sure how to extract it TCP 191....

by Explorer in

using eval results of a search with my base search

I'm currently trying to use the results of my eval fields in my base search For example, I would like for my searc...

by Path Finder in

Alert when certain event occurs outside of time period of other event

I have an event that logs the following . . startTime: 2020-07-17T17:48:46Z endTime: 2020-07-17T17:52:...

by Path Finder in

Optimizing Query with Join to with out join

I have the below query which seemingly working okay. I was looking things that I can use to optimize the below query ...

by Engager in

Parse nested json array without direct key-value mapping

Hi, I have a json that looks like the following - {"id": "123","uri": "http://xyz.com/api","method": "POST","heade...

by Explorer in

foreach variable and search

I have variables that I am trying to use to get in a search with a foreach loop... for example.. I have customers:...

by Explorer in

Alert for specific PC

I have an alert for excessive login failures configured to fire off when a PC reports greater than normal login attem...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

[help]stats with key and value extracted by rex not return correct result.

Group count percentage by key

How to format a custom time field

Search not retuning all values from a array search

Detect Brute Force auth success after multiple failures

[SmartStore] How is the Replication of Summary bucket managed in Splunk Smartstore?

How to convert string into percentage

Join multiple fields and change their name

Restrict search to a role using a search restriction is not working

calculating field percentages before stats command

command="predict", Too few data points: 0. Need at least 1 (too many holdbacks (0) maybe?)

How to compare events from two sources to find outliers in data?

How to create a single query that can show Internal AND External users all in one table.

Table containing url, total requests, error responses

How to track memory/cpu usage per search execution (on Search Head/Indexer)?

Extract a Particular value from a already extracted field

Search and display results of a single field among two sourcetypes

Source IP not plotting on cluster map

rex

using eval results of a search with my base search

Alert when certain event occurs outside of time period of other event

Optimizing Query with Join to with out join

Parse nested json array without direct key-value mapping

foreach variable and search

Alert for specific PC

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions