Splunk Search

Discussions

Thread Info

eliminate some value in fields in stats count.

index=* | spath msg.uri | rename msg.uri as url | rex field=url "shop(?<ex_url>[a-zA-Z\/\-0-9\.]+)" | rex field=ex...

by Contributor in

Installing Boss of the SOC (BOTS) Investigation Workshop

Despite the number of links: https://www.splunk.com/blog/2018/05/25/boss-of-the-soc-bots-investigation-workshop-for-s...

by New Member in

Nested case -> match within mvjoin

Hello, I'm trying to create an multi-value field 'category' which takes its value from a 'case(match(' that queries a...

by Path Finder in

Not getting proper output of query

Hello everyone, In my query if my field value(Current_Day,Current_Day_Actual,Current_Day_Average,DifferenceFromAve...

by Path Finder in

getting results in verbose mode but not in smart or fast mode

I have indexed file using INDEXED_EXTRACTION=csv in props.conf when I search index=abc field_name=123 I get results i...

by Builder in

How can I expand/unfold all fields in all events in list view?

I have many events as the following in my search: All fields are collapsed at the beginning and I have to unf...

by Engager in

High quality chart export

Hi community, Do you know if there is a reliable or supported way to export charts from a dashboard in a high qualit...

by Explorer in

How to assign colors for a choropleth map based on the range of counts?

Hi, I have a choropleth map, in which I have count like 0,179, 10, 65, 10 So , I want to put the color red if i...

by Contributor in

How to compare multiple values of a field with the corresponding values of another field and add a new value based on the comparison result?

I want to check for list of applications installed and its versions from all the PCs in my environment. If all the li...

by Path Finder in

custom field values with space character

i can not search custom field values(with space character) that JSON type data coming from jira app. for example ...

by Explorer in

How to create a pie chart with only true false values

I am working with this search: index=lab-testresults type=browser NOT(browser="UK*" OR browser="Firefox") suiteID=...

by New Member in

Why is stats count by sourcetype missing some sourcetypes?

index=app_xxxxxxxxx_products cluster_name=dxx-exx-awslab sourcetype=xxxxxxx:deployment-info | stats count by sourcety...

by Engager in

Can anyone please help with with the issue , Getting the below error under Search head

Search peer ###############.com has the following message: Failed to register with cluster master reason: failed meth...

by Path Finder in

TSTATS with count zero and APPENDCOLS error

Now i have a case: - count call API "XXX/authen" (not session) by src_ip (1) | tstats summariesonly count from datamo...

by New Member in

splunk SPL

my search | stats count(eval(Code="3011648")) as "Incorrect login code" I am counting incorrect login code from this ...

by Explorer in

How to get events around identified event

Hello, I have a dashboard that identifies Windows hard shut downs (event code=41). However, we want to see the win...

by Communicator in

How does dedup treat multivalue fields?

Which events are removed when multivalue comes into play?

by Motivator in

Lookup Tables - Dedup

Hello, I Googled and checked several answer posts, but perhaps I am not wording it correctly in the search engines. ...

by Builder in

Stats 2 results together and filling in the blank fields with dynamically-generated values

I need to create volume-base alerts so we know when volume drops. The services we need to monitor are usually suffixe...

by Communicator in

How to detected a Deviation of 20% vs weekly average?

Hi team! I need to do that: Eventcode = 4624 and 4634 with Logon Type = 10. An event will be generated if an ac...

by Path Finder in

Lookup values not shown on result table

Hello all, I am searching in Splunk for the last login date of a User and export it into a table: ... | eval da...

by Engager in

How to get a table to show more than 100 rows

Is there any way i can increase the number of rows in a Table to 1000 instead of 100?

by New Member in

Compare two sources with multiple value

Hi folks, Hi have a case needing to compare 2 sources with CSV type Source 1 has fields as below: start_time_s...

by New Member in

How to get common values in two different fields in two different searches

Hi all, I'd be grateful if you could help me with this. I have read other similar questions but none of them seem to ...

by Engager in

Please help for ssl for splunkd - Splunk runs but cannot log in and is slow

Hello I want to secure splunkd DS->clients with self-signed ssl cert but for some reason it doesn't work. From spl...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

eliminate some value in fields in stats count.

Installing Boss of the SOC (BOTS) Investigation Workshop

Nested case -> match within mvjoin

Not getting proper output of query

getting results in verbose mode but not in smart or fast mode

How can I expand/unfold all fields in all events in list view?

High quality chart export

How to assign colors for a choropleth map based on the range of counts?

How to compare multiple values of a field with the corresponding values of another field and add a new value based on the comparison result?

custom field values with space character

How to create a pie chart with only true false values

Why is stats count by sourcetype missing some sourcetypes?

Can anyone please help with with the issue , Getting the below error under Search head

TSTATS with count zero and APPENDCOLS error

splunk SPL

How to get events around identified event

How does dedup treat multivalue fields?

Lookup Tables - Dedup

Stats 2 results together and filling in the blank fields with dynamically-generated values

How to detected a Deviation of 20% vs weekly average?

Lookup values not shown on result table

How to get a table to show more than 100 rows

Compare two sources with multiple value

How to get common values in two different fields in two different searches

Please help for ssl for splunkd - Splunk runs but cannot log in and is slow

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

Splunk Community Badges!

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

Search for triggered save searches and their actio...

Splunk Search

Are you a member of the Splunk Community?

Discussions