Splunk Search

Community Activity

a button to toggle dark/light mode Adding stylesheet=dark.css does make my dashboard dark. However , not all users like dark mode. Can we have a button ... by zacksoft Contributor in Splunk Search 01-09-2020 0 1	0	1
How to aggregate results based on a set of values Hello all, I have the following query: index=someIndex "attr1"=aConstant attr2="aValue" filterCriteria="Criteria1" ... by alejandrome New Member in Splunk Search 01-09-2020 0 2	0	2
How to combine messages in a log file that match an ID into a single event ? I am currently testing forwarding logs from a file I am monitoring, but the software that generates those logs create... by ricotries Communicator in Splunk Search 01-09-2020 0 1	0	1
Splunk search throwing Job Terminated Unexpectedly Hi Team, I have a simple search with index=test which is returning 2587 events with Timeframe of Week to Date. Same ... by poddraj Explorer in Splunk Search 01-09-2020 0 0	0	0
How to construct URL How to construct the URL from the following curl command /usr/bin/curl -s -k -u user1:passwd https://splunk.ce.c... by pratapa Explorer in Splunk Search 01-09-2020 0 1	0	1
Show column depends on the role Hi Team, I have table with 10 column, but want to show the column depends on the Splunk role. Sample xml for my req... by SathyaNarayanan Path Finder in Splunk Search 01-09-2020 0 4	0	4
Multi Value Fields Extraction using Props and Transform Hi, I have log in the following format: time=12345678\|hostname=shayh\|product=blade1<>blade2<>blade3\|username:sha@gm... by shayhibah Path Finder in Splunk Search 01-09-2020 0 7	0	7
sourcetype not applying eval and field alias Hello All, i am trying to customize a sophos TA and i have an issue with EVAL and field alias. My props are like bel... by ranjitbrhm1 Communicator in Splunk Search 01-09-2020 0 1	0	1
dynamic valueSuffix tag Hello, I have this checkbox in my dashboard: <input type="multiselect" token="t_case" searchWhenChanged="true"> ... by fsaporito Explorer in Splunk Search 01-08-2020 0 2	0	2
Splunk Query to compute the count of consecutive hourly violations per day I have data like this... Date - Hour - Sample Number05/01/2014 - 10 - 20005/01/2014 - 11 - 20105/01/2014 - ... by iTechEvent Explorer in Splunk Search 01-08-2020 0 3	0	3
How to create a table cell conditional drilldown on click Hi Experts , I am preparing a very simple dashboard this will have 2 input text box elements and one table which has... by vikas_gopal Builder in Splunk Search 01-08-2020 0 2	0	2
Using regex on Extracted field Hi, I have incoming syslog events for which I've used the Field Extraction wizard in SPLUNK to separate a the filenam... by 373782073 Explorer in Splunk Search 01-08-2020 0 4	0	4
Higher Skipping Searches from Datamodel Acceleration Searches We have more than 90% of skipping rate from our datamodel acceleration searches, and most of them show like 99.96% co... by lucas4394 Path Finder in Splunk Search 01-08-2020 0 0	0	0
Can you put a non-tabled field in an alert title? I want to be able to put a token in my alert title that is derived from a field NOT in the displayed results table. ... by nick405060 Motivator in Splunk Search 01-08-2020 1 3	1	3
How to get ratio of different values in the same field? How do I get the ratio for two values of the same field? When I run the following command: host=web_app action=* fi... by constantinetabs New Member in Splunk Search 01-08-2020 0 1	0	1
how to insert a macro name as field value if the results on the search match to a macro? I have a query which displays some statistical results. Now I want to add a column macro_match which contains the mat... by pavanae Builder in Splunk Search 01-08-2020 0 1	0	1
How to join below 2 indexes? Join below 2 indexes on basis of user index=_internal sourcetype=splunkd_ui_access q!="" \| rex field=uri_query "disp... by utkarsh_s New Member in Splunk Search 01-08-2020 0 1	0	1
how to convert sumologic query to splunk? Hi, How to convert this sumologic query to splunk _collector="M2" "Memory Monitor" \| parse ",DB Job-Connection-Poo... by dbashyam Explorer in Splunk Search 01-08-2020 0 3	0	3
Splunk Transaction command for events multiple time/day I am using this query "index=oswin* source="WinEventLog:System" (EventCode=6005 OR EventCode=1074 OR EventCode=6006) ... by sarwshai Communicator in Splunk Search 01-08-2020 0 1	0	1
Calculate percentage from 2 tstats searches EDIT: The below search suddenly did work, so my issue is solved! So I have two searches in a dashobard, but resultin... by ftonen Explorer in Splunk Search 01-08-2020 0 7	0	7
Aws dns field extraction We are trying to do field extraction of the aws dns events, currently we are getting the events with below indexname,... by martinnepolean Explorer in Splunk Search 01-08-2020 0 6	0	6
Problem With keeping relevant data in the same row while expanding multi value fields Hello, i have been trying to expand multi value fields from different source-type. Problem is that when i do expand ... by sharif_ahmmad Explorer in Splunk Search 01-07-2020 0 3	0	3
LOOKUP operation in default/props.conf disable FIELDALIAS in local/props.conf Hi, I upgrade in 7.3.3 and i have a problem with one fieldalias I know the ASNEW settings since 7.2.4 restore old b... by secuc2r83 Path Finder in Splunk Search 01-07-2020 0 0	0	0
Data not being displayed with previous working query. Hi Community, I've been using Splunk enterprise search and reporting since a month now and now when I try to search w... by siddharth1479 Path Finder in Splunk Search 01-07-2020 0 8	0	8
Highlight line chart depending on value from 2nd column. I have 2 columns. First column has values on which my splunk line chart is dependent on. Second column has values onl... by raj00350 New Member in Splunk Search 01-07-2020 0 2	0	2