Splunk Search

Discussions

Thread Info

how to add Sourcetype Cli command

hi i would like add some sourcetype. Adding thoungh Web Browser is easy, just click create sourcetype button and no...

by Explorer in

How to get results only from latest source file of particular sourcetype

HI, I got an index which send data to sourcetype with new source file every week. what I want is to my dashboard sear...

by Explorer in

Add a dynamic label to show percentage increase from the same month from last year inside an area chart

I need to find a way to show the percentage of increase/decrease inside the label when a certain point of a graph is ...

by Path Finder in

How to change the row value to column value ?

I have the following query host=*localTest* sourcetype="perf" Path "/api/*/" cache="MISS" OR cache="HIT" | stats ...

by Path Finder in

Can I use an average in maps+ instead of count?

While using maps+ the clusters it makes show count of events in it. How can i use average of the values for a particu...

by Explorer in

Adding two field values

I have been unable to add two field values and use the new value of a new column I'm trying to take one field, mul...

by Explorer in

How to sort groups by group total

Hi, I want to display the count of occurrences of logline* for each user per date but sort the groups by total cou...

by Path Finder in

List of user who have logged into Splunk in the last 30 days and what Apps/Indexes they accessed.

Hi, Looking to get some help with a query for the following. List of user who have logged into Splunk in the last ...

by Path Finder in

Getting an Error in 'eval' command: The expression is malformed. Expected ).

Hello, So I know this exact same error has been brought up by others here. However, my query is a simple one and t...

by Loves-to-Learn Lots in

How to create backgrounded search with javascript?

All is in the title  I often have to launch long time running search. Instead of waiting for results on dashboards, ...

by Path Finder in

Transforms to Remove HTML Tags

Hello- I'm importing data from a SQL database that includes HTML tags. Here is an example: NoteText="This is my...

by Communicator in

Wildcard search from lookup

Hi, Is there any way to get all the values in the column from the lookup table to build the default choice option in ...

by Explorer in

How to compare two fields from two different searches and display results field not exist?

I am running 2 different searches and have to compare the each value in one field with the values in the other field....

by Path Finder in

How to show an IP is associated with multiple usernames

I have one source type and 2 field values, username and IP. How do I show IP that is associated with multiple userna...

by New Member in

Basic lookup command

Hi all, I am curious the best way to write the following lookup query. I have a 1 column lookup of firewall rul...

by Path Finder in

value of field

Hi, I need to take data from field Source and calculate this data : http_400*100/Total+http_500*100/Total+http_300*1...

by Explorer in

How to resolve the below issue ?

I have the following query which is giving me all the api which cache value is HIT or MISS. host=*localTest* sourc...

by Path Finder in

Stand out values in Splunk

Hi, I have an out of the box query in Splunk. I am trying to find out a way using which we can stand out or highlight...

by Explorer in

Time coversion not working

index=asg Process_name=WLR_22-15_Rating earliest =-5m | convert timeformat="%d-%M-%Y-%H:%M:%S" mktime(start_dtm) mkti...

by Engager in

Why is timechart showing OTHER for some values?

process_inst_id=258600,process_def_id=30,process_name=MIWrite,start_dt=08-OCT-2019-07:39:49,end_dt=,completed=N,runni...

by Engager in

Help with regex in getting the value out of a certain word

Hi everyone. Im not very good in doing regex. I would like to ask for you help here. The situation is to get a certai...

by Explorer in

Match partial value of 2 fields

Hi All, I have a dashboard that accepts user input for a username to search emails. Im trying to display Recipient...

by Path Finder in

Splunk Query

The Splunk report below returns ‘shipping points’ (warehouse codes). Using the lookup table (also below), our job is ...

by Explorer in

pie chart problems

Hi, I'm trying to create a pie chart and running into unexpected problems. I have a search that gives me the prope...

by Champion in

Discrepany in "Count"

My requirement is to detect login attempts by a disabled user. Typically this could be found using eventcode 4768 and...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

how to add Sourcetype Cli command

How to get results only from latest source file of particular sourcetype

Add a dynamic label to show percentage increase from the same month from last year inside an area chart

How to change the row value to column value ?

Can I use an average in maps+ instead of count?

Adding two field values

How to sort groups by group total

List of user who have logged into Splunk in the last 30 days and what Apps/Indexes they accessed.

Getting an Error in 'eval' command: The expression is malformed. Expected ).

How to create backgrounded search with javascript?

Transforms to Remove HTML Tags

Wildcard search from lookup

How to compare two fields from two different searches and display results field not exist?

How to show an IP is associated with multiple usernames

Basic lookup command

value of field

How to resolve the below issue ?

Stand out values in Splunk

Time coversion not working

Why is timechart showing OTHER for some values?

Help with regex in getting the value out of a certain word

Match partial value of 2 fields

Splunk Query

pie chart problems

Discrepany in "Count"

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions