Splunk Search

Ask a Question

Discussions

Thread Info

What is an easy way to determine what searches are filling up the dispatch directory?

I'm seeing lots of dispatch directory threshold errors. Is there an easy way to see what searches or reports are dri...

by Path Finder in

Stats count & chart over combo?

I'ma beginner with Splunk hoping someone can help me with my syntax around the following query. I have queries wit...

by Path Finder in

How to find out the top 30 applications by bandwidth

Hi. I'm new to splunk and trying to code a search for top 30 applications by bandwidth. So far I have the following c...

by New Member in

How to join metric data

I have several types of metric data going into a metric index. One has 'username' and 'DimA' as dimensions, and 'Valu...

by Explorer in

Efficiency of REGEX = . vs REGEX = .* vs REGEX = (.*)

Which of the following (in terms of the REGEX) is the most efficient? I've seen examples of all of them. And is there...

by SplunkTrust in

Proofpoint Campaign Data Ingestion

I need to ingest Proofpoint Campaign data and it seems that there is no canned TA/App for this. What have other done ...

by Builder in

How to format SPL Search Query as code ??

HI All i am creating a dashboard in SPLUNK .. i am trying capture the API counts and response time . here is a sam...

by Path Finder in

Transactions and mvexpand on _raw

While there was a good question related to my problem, the answers aren't solving my problem. I need to constrain ...

by Path Finder in

How to change colors in a table?

Hi , I have a statistics table in which each column contains different value for eg: Application Name Applicati...

by Explorer in

help with table column transformation needed

Hello, I need to transform the table I have from: _time avg1 avg2 avg3 t1 v11 v21 v31 t2 v12 ...

by Builder in

timechart per minute by multiple fields

Hi, I have two fields with different values and I want count on both basis. These are events and hosts occured in ...

by Path Finder in

How to filter my search that finds VPN User Session Count by Country to only show users with sessions in multiple countries?

I have this search which shows the user sessions count by Country for the date range specified. I am trying to filter...

by Explorer in

Join is breaking multivalues...?

It looks like a join will break multivalues. And I thought mvexpand couldn't get any more dangerous or misleading tha...

by Motivator in

Carbon footprint for a splunk search

Hi, We are about to start up a new project where the project manager need to know the carbon footprint of the work...

by New Member in

Cascade Table View

Hello everyone, I am trying to put a table view together with no luck. The view is rather simple in theory but I c...

by Explorer in

How to combine two searches to form an alert

Query 1: (sourcetype="PAYA:Enterprise:CDE:Web:App:Gateway.Bankcard" OR sourcetype="PAYA:Enterprise:CDE:Web:App:Ga...

by Observer in

How to remove everything after a specific character in a line

Currently i am not familiar with REx and replace commands in splunk. Can someone help me here i want to replace to b...

by Explorer in

How to parse a field to use later in a table

Can someone please help me parse the field of FunctionArn for the account id value ( "65123456723" in the example) fr...

by Explorer in

How to list indexers that my search head is connected to?

Is there any Splunk search which lists all the active indexers that my search head can pull the data?

by Builder in

Extract a Value from a Field

I have a situation where I have a defined field that has a large amount of data but I am interested in only one part ...

by New Member in

help on eval command

Hi I dont know why my eval command doesnt return any resulys `index` | lookup tutu.csv HOSTNAME as host output S...

by Motivator in

Can I remove a part of a string?

Hi, Is there an eval command that will remove the last part of a string. For example: "Installed - 5%" will be ...

by Explorer in

Splitting or searching a MV JSON

I have a json array like: How can I search or split that? The search: index=jira "issues{}.fields.customfield_1...

by Path Finder in

field extraction

Hello i have this part of event : "POST /posts/posts/explore HTTP/1.0" i need to extract the part between "POS...

by Communicator in

How to sort a statistics based on 2 columns

I have written a command to get the timings of particular log from different servers. I want to sort it based on host...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

What is an easy way to determine what searches are filling up the dispatch directory?

Stats count & chart over combo?

How to find out the top 30 applications by bandwidth

How to join metric data

Efficiency of REGEX = . vs REGEX = .* vs REGEX = (.*)

Proofpoint Campaign Data Ingestion

How to format SPL Search Query as code ??

Transactions and mvexpand on _raw

How to change colors in a table?

help with table column transformation needed

timechart per minute by multiple fields

How to filter my search that finds VPN User Session Count by Country to only show users with sessions in multiple countries?

Join is breaking multivalues...?

Carbon footprint for a splunk search

Cascade Table View

How to combine two searches to form an alert

How to remove everything after a specific character in a line

How to parse a field to use later in a table

How to list indexers that my search head is connected to?

Extract a Value from a Field

help on eval command

Can I remove a part of a string?

Splitting or searching a MV JSON

field extraction

How to sort a statistics based on 2 columns

Best Strategies to Optimize Observability Costs

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...