Splunk Search

Community Activity

Range Marker I am trying to achieve the same visualization as documented over here: https://wiki.splunk.com/Community:Search_Repor... by Stevelim Communicator in Splunk Search 12-16-2019 0 3	0	3
Is there an Equivalent of splParser? I am trying to parse Splunk queries, is there an equivalent of splParser ? splParser outputs parse trees of SPL queri... by rosh_dsa New Member in Splunk Search 12-16-2019 0 1	0	1
How to configure props.conf and transforms.conf to route data matching a certain regex to a specific index and drop all other events? Hi, I'm running a test setup with some live syslog data and I want to do the following on my forwarder: 1) Route al... by Sloefke Path Finder in Splunk Search 12-16-2019 1 5	1	5
network device Inventory check with splunk Hi I would like to know what is best way to get network inventory on splunk? Just started some search and it appear... by hanyeolk Observer in Splunk Search 12-16-2019 0 1	0	1
US state abbreviations to full state names - Choropleth map I have a field [Driver State] which contains all the US states in abbreviated format (MD = Maryland). I want to gener... by corky42 Engager in Splunk Search 12-16-2019 0 3	0	3
Search Event from ID in a lookup Hello everybody ! probably this is a very easy thing to do, however I'm struggling here as my experience in splunk is... by Oaknoy New Member in Splunk Search 12-16-2019 0 3	0	3
Remove highlight from table most left column Hi, In my dashboard I have a table with 5 columns. Once I hover with my mouse on one of the cells, 2 cells are highl... by shayhibah Path Finder in Splunk Search 12-16-2019 0 2	0	2
Displaying results for events in same index but having different data format We had a report for which the input CSV data format was 'value-only', but the format was modified to 'key-value' pair... by swarjs Explorer in Splunk Search 12-16-2019 1 2	1	2
Why do we get a "Failed to create a bundles setup with server name GUID" message? We get a message such as - *[indexer name] Failed to create a bundles setup with server name GUID : Using peer's loca... by ddrillic Ultra Champion in Splunk Search 12-16-2019 0 5	0	5
Why is base search only showing several hours of events instead of 24 hours? I have a dashboard where I have used base search in each panel. Within the dashboard, I have 40 different panels and ... by Snigdha95 New Member in Splunk Search 12-16-2019 0 2	0	2
Is a lookup definition necessary? I've uploaded a lookup csv file, and was immediately able to use it from a inputlookup and lookup (referencing the fi... by Junie Loves-to-Learn in Splunk Search 12-16-2019 0 1	0	1
How do I find top 10 ports used by attackers? I'm not using Regex. There are over 370,00 events, and the payload of the data reads like this: payload: {"attackerP... by jpsnlyle New Member in Splunk Search 12-15-2019 0 4	0	4
How to show all current day transactions whose amount is higher than the previous month average Hi all, I have a bank transaction XML log with DATE, CC, AMOUNT. I need to show all transactions of the current day ... by dorismustovic New Member in Splunk Search 12-15-2019 0 5	0	5
Help with lookup Hi. Please I need some help. Different devices, all with different port numbers. How to create a single search that... by hank72 Path Finder in Splunk Search 12-15-2019 0 1	0	1
How to check log volume indexed per day in a particular index I want to calculate the total volume of logs index per day for a particular index. is there any search query for the ... by asharma21193 New Member in Splunk Search 12-14-2019 0 2	0	2
field extraction on specific path Hi I have some log files with different name that copy into the Splunk server "/opt/splunk/logs" daily. when I extra... by indeed_2000 Motivator in Splunk Search 12-14-2019 0 1	0	1
How to combine Multiple joins with subsearch? Hi , I have 3 joins with subsearch ,how can I combine those 3 joins and make as one join? join new1 max=0 [search i... by ravikanthbadugu New Member in Splunk Search 12-14-2019 0 8	0	8
Modify X-axis with an interval from 0 to 100 Hello, I'm new here,I would like to know how to modify the X-axis. I don't want to group by host or time, I want an i... by remyjuvenals New Member in Splunk Search 12-13-2019 0 2	0	2
How to rename label in splunk legend that not effected the lookup name? Hi, I would like to display each plugname on the legend instead of plug1, plug2, plug3 and so on using timechart. I ... by matoulas Path Finder in Splunk Search 12-13-2019 1 18	1	18
What is the best practice for donut charts? Hi, I have read different documentation on donut charts, but it's not very clear. What is the better solution for do... by jip31 Motivator in Splunk Search 12-13-2019 0 1	0	1
Using a transform to set index from event field. How to fall back to a certain index? I have events with a field that contains a desired destination index (see index=* below). [timestamp] index=layer1... by juniormint Communicator in Splunk Search 12-13-2019 2 10	2	10
How to sort a chart based on a sum? I dump Splunk daily indexing into a summary index for long term retention and quicker searching. But now I'm trying t... by jeck11 Path Finder in Splunk Search 12-13-2019 0 16	0	16
Eventtype 'msad-dc-health' does not exist or is disabled. After deploying windows infrastructure application i got blocked dashbords with this error message " Eventtype 'msad-... by baroudiem New Member in Splunk Search 12-13-2019 0 1	0	1
help on stats command hello I use the search below in order to count a number of events by SITE If I search a specific site (example \| sea... by jip31 Motivator in Splunk Search 12-13-2019 0 10	0	10
Looping a "forecasting" column using stats Hello all, I just cannot wrap my head around how splunk does looping. Below is what I'm currently trying to do: ... by dojiepreji Path Finder in Splunk Search 12-13-2019 1 9	1	9