Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Use subsearch with stats command to dynamically search for list of events

|inputlookup test_results |where build == [|inputlookup test|stats first(build)] I'm trying to do something like t...

by Path Finder in

1 column have mutli

i have a table record is date, product, price 20171015, ABC,10 20171015, CDE,9 20171016, ABC,8 20171017, CDE,10 an...

by New Member in

Build Chart (Score Sheet) that shows all assignments (even missing)

So I have score information for a variety of challenges completed by a number of people. I want to build a chart show...

by Explorer in

What should be added to my search to convert all the results to be lower case?

I have a Splunk query as follows | inputlookup hosts.csv | rename Hostname as my_hostname |rex mode=sed field=my_...

by Builder in

How do you specify x-axis intervals on ChartView (type column)?

Hi all, I am using the object ChartView (type column) however I am not able to set the intervals (units) in axis X...

by Communicator in

How to extract password field in the events with regex? (Password is a string of numbers)

How to extract password field in the events? I need to extract " 123456-222245-666565-151063-123456-222365-333111-...

by Builder in

How to regex events with "==========================" as event breaker?

How to break the events with using regex with "==========================" as event breaker? event: PS C:\tetst...

by Builder in

How to create a table depending on quarters and intervals?

Hi Team, I have data of several years sorted by specific dates and numbers. And I would like to display them on q...

by New Member in

How can I search for all domains for "All Time" and limit results by second criteria -- First seen date of today or yesterday?

Hey All, Sorry if this is a duplicate, or already been answered, but I've tried numerous ideas from posts, and the...

by Explorer in

How do you write rex to extract unstructured field?

I have the below log. I want to extract the sixth column as a field, in that column I have different types values. So...

by New Member in

Search data for All Time but only graph a specified time range

Hello, I am charting IT help desk tickets and I need to make a chart showing how many tickets are opened and close...

by New Member in

Need to make a new field with values of new made fields from two indexes

Hi, Maybe a simple question, but im struggling with it. I would like to make a new field with eval which consist o...

by New Member in

How to filter out the list of hosts that are in the lookup but not in my search result?

I have a query as follows which displays the list of hosts and their host details as follows host field_A fi...

by Builder in

streamstats and exclude field values that changed their state to a particular value

Hi All, I am hoping you can help me out with the following : I am preparing a report from the logs of our moni...

by Path Finder in

How can I create a table with the currently logged in VPN users?

Hi, I wanted to display in a form of a table the current logged in VPN users. my search command is this hos...

by Explorer in

eval wildcards

I have a search that uses some wildcards: sourcetype="EPPWEB" source="/opt/log/*/web_server/info.log" WAT | rex f...

by Builder in

Combining unique field values

I have the following problem I would like to solve Numbers1 Numbers 2 1 6 2 7 3 8 4 9 5 10 I want to concatena...

by Path Finder in

My count is double. Can I use field from search to search lookup table?

1) I have got a query whose output are events that contains a field called CV4_TExCd. The base query looks like this:...

by Explorer in

Linechart with multiple lines of data on one chart?

Dummy question. I have a CSV file that contains three columns (fields) <date>, <value>,<group> 2017-01-01, 10...

by New Member in

Is there any benefit to explicit field extraction vs letting splunk do it on it's own?

All, I have a soucetype that is quite complex. So I need to leave autoKV extractions on. In one of the logs there...

by Builder in

Splunk Search

Discussions

Use subsearch with stats command to dynamically search for list of events

1 column have mutli

Build Chart (Score Sheet) that shows all assignments (even missing)

What should be added to my search to convert all the results to be lower case?

How do you specify x-axis intervals on ChartView (type column)?

How to extract password field in the events with regex? (Password is a string of numbers)

How to regex events with "==========================" as event breaker?

How to create a table depending on quarters and intervals?

How can I search for all domains for "All Time" and limit results by second criteria -- First seen date of today or yesterday?

How do you write rex to extract unstructured field?

Search data for All Time but only graph a specified time range

Need to make a new field with values of new made fields from two indexes

How to filter out the list of hosts that are in the lookup but not in my search result?

streamstats and exclude field values that changed their state to a particular value

How can I create a table with the currently logged in VPN users?

eval wildcards

Combining unique field values

My count is double. Can I use field from search to search lookup table?

Linechart with multiple lines of data on one chart?

Is there any benefit to explicit field extraction vs letting splunk do it on it's own?

Splunk lab module 4

Datamodel acceleration date range forced to last m...

How to reassign orphaned search in splunk light?

Splunk dashboard single value trendinterval time a...

How do I monitor & troubleshoot if all data source...