Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to search weekly trending for the past 30 days?

I have this query index = tenable sourcetype="tenable:io:vuln" state!=fixed eventtype="*" | dedup dns_name plu...

by Explorer in

How to Group and count values by group?

I have a table like below: Servername Category Status Server_1 C_1 Completed S...

by Path Finder in

Timechart RAM or CPU usage by Linux process

1. There will be 2 separate charts: CPU usage by process, and RAM usage by process. 2. Sometimes more than one inst...

by Path Finder in

How to search field output?

I am VERY new to splunk so please bear with me. I have a search, index=vulnerability "list of packages instal...

by Explorer in

How do you combine a pair of 2 fields into a column?

I need to create a Dashboard with below columns from below event data. I couldn't able to get "Status" column valu...

by Explorer in

Can someone help me with stats dc with subsearch?

Let's say we have couple of fields in our dataset (called my_dataset) : event_time, event_type, user, field1 and fiel...

by Loves-to-Learn in

Why doesn't my post process search work when using timechart command?

hello Why doesn't my post process search work when using timechart command? <search id="cap"> <qu...

by Motivator in

How to search string abc/efg in log using multiselect field?

Hi, Splunkers, I want to search string like abc/efg in my log using multiselect field. I directly defi...

by Communicator in

How to test if a lookup does exist?

Hi Splunkers, I want to create a macro that will be looking inside a lookup file, but in a way that will not break...

by Explorer in

How to to add a field to a search using a lookup table?

I am trying to add a field to a search using a lookup table. However, my key field is sometimes blank and I get an e...

by Explorer in

Is there any way to set the semi-permanent variables exists to 0 until a specific event comes up?

Hello!I currently have this eval in a search of mine: | eval exists=if(like(_raw, "%xa recovery%"), 0, 1)...

by Observer in

How do I list value in the table as I want order to be?

I want to be the order I list below? Very High High Medium Low Very Low Info

by Path Finder in

How to link dynamically the range time picker with a relative time?

hi as you can see I use a relative time in my search in order to filter events on today between 7h and 19h ...

by Motivator in

Why is Splunk ignoring timestamp in message?

Good afternoon, I have already raised a similar topic. The last time I was cleared up the situation, but the problem ...

by Communicator in

How to consolidate two columns into a single column without losing data?

We have a data source which contains two columns, both of which contain valuable information. In any event, either on...

by Builder in

How to move all of the different searches to a single/couple of base searches and then post processing?

hi I am trying to get my dashboard better and move all of the different searches to a single/couple of base searche...

by Explorer in

How to extract dynamic key from nested json?

sample json: Hosts: { [-] Nodepool1: { [-] Cluster: xyz1 Accountid: idxyz Nodepool3: { [-] Cl...

by Loves-to-Learn Lots in

How to create custom field on Splunk cloud?

i am trying to create a custom field like host and source by making changes in atteched photos of entrypoint.sh and ...

by Loves-to-Learn Lots in

How to use "where" and "not in" and "like" in one query?

I have the following query :sourcetype="docker" AppDomain=Eos Level=INFO Message="Eos request calculated" | eval Val_...

by Path Finder in

Why doesn't replace work on a nested field?

Sample event { durationMs: 83 properties: { url: https://mywebsite/v1/organization/41547/buildings } corr...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to search weekly trending for the past 30 days?

How to Group and count values by group?

Timechart RAM or CPU usage by Linux process

How to search field output?

How do you combine a pair of 2 fields into a column?

Can someone help me with stats dc with subsearch?

Why doesn't my post process search work when using timechart command?

How to search string abc/efg in log using multiselect field?

How to test if a lookup does exist?

How to to add a field to a search using a lookup table?

Is there any way to set the semi-permanent variables exists to 0 until a specific event comes up?

How do I list value in the table as I want order to be?

How to link dynamically the range time picker with a relative time?

Why is Splunk ignoring timestamp in message?

How to consolidate two columns into a single column without losing data?

How to move all of the different searches to a single/couple of base searches and then post processing?

How to extract dynamic key from nested json?

How to create custom field on Splunk cloud?

How to use "where" and "not in" and "like" in one query?

Why doesn't replace work on a nested field?

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

Alert action

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...