Splunk Search

Discussions

Thread Info

Help with regex to extract words before column"

Events: com.texh.servers.policy.assertion.ServerAuditDetailAssertion: 9879: com.texh.log.custom.Applications: 9999: ...

by Path Finder in

How to use self join

Hi All, I have table in which I have columns such as name, id, type, business group etc type field has 2 values 'user...

by Path Finder in

largest single day result in a 90 day period

I have a search to find total ingest into splunk, which i can run for a day or against a longer period by using the t...

by Path Finder in

Field extraction based on position of character

Hi, I have field that gives me NETBOS of a Host. Sample Host Name: 123456W12345678 The 7th character makes t...

by Builder in

How to pass values from previous search into map search

Hello all, my search is below: index=tcxelevate_webpos registerType=kioskBridge registerNbr=* countryCode=US tagNa...

by Explorer in

Help creating a search for events when a field value changes

Is there a Splunk search idiom that I can use to get all the events in a dataset whenever a particular field value A ...

by Engager in

Splunk regex error: Missing terminating ] for character class

Hey Splunkers, Noob. Trying to only retrieve the log names (ex. utility.log) after the last slash blah\blah\bla...

by Communicator in

Can I pass a time/date into the "latest" time modifier

I have a search created that alerts when a user has used remote desktop to log into a domain controller. It works spl...

by Explorer in

Typing and Index queue shows 100%

I have noticed that Splunk is running relatively slow as of recently and found that the typing queue and indexing que...

by Explorer in

How to reduce the width of bars in column chart?

I have plotted a column chart. I need to reduce the width of bars. I have tried with "columnSpacing" and "param". Bot...

by Explorer in

can we give colors in Geostats based on ranges of some value?

Hi. Can we use rangemaps to give colors to the charts in the geostats map. I am having some range values. they sho...

by Contributor in

Cannot sum two numbers

I have the following problem: I have a variable "number_of_past_events" which comes from a "| inputlookup file.csv" a...

by Path Finder in

Using span option with timechart causes incorrect column names.

Splunk Ver : I tested in 7.3.0 and 6.6.12. Timezone : I don't know if it’s relevant to this problem, but it is JST ...

by Builder in

Using timechart earliest/latest with lookup files

Hi all, I've created a _time field and timechart works for me, but the earliest/latest command does not. Here is m...

by Explorer in

How to reduce the width of bars in column chart?

I have plotted column chart. I need to reduce the width f bars. I have tried with "columnspacing" ,"param". Both are ...

by New Member in

How do you find the percent of each srcip within a stats command?

base search | stats values(srcip) as Source count by catdesc Above is my search. The results now yield each catego...

by Explorer in

help on if condition for results = 0

hello In a panel table, I need to display every key_path even if the key_path result = 0 I have done an if conditi...

by Motivator in

search on variable

I have a dashboard where I select the type of item I want to look for in an IIS log. What I look for is a regular exp...

by Explorer in

how to display a line in a table panel even if there is no results

hi I need that the stats command below display a line with 0 if there is no results How can I do please?? index="x...

by Motivator in

passing a query string as token

how to extract the query stored in form of a key value pair in a lookup and execute the query in a single go in searc...

by Explorer in

Receiving error in search to compare two fields

Where is the error? (index=paloalto sourcetype="pan:threat" action=allowed severity=critical src_interface="ether...

by New Member in

Do splunk commands send output to stdout?

When you run ‘splunk status’ or ‘splunk start’ etc., is the output sent to stdout? I’m working with an automations sc...

by Communicator in

How to build a chart on unique field

I am trying to achieve building multiple area graph on one chart where my input is: foo=blue foo=purple foo=red fo...

by New Member in

How to Calculate Splunk User Password Age

Greetings, I use Splunk local authentication mode and have enabled password policy. I want to calculate the passwo...

by Path Finder in

eliminate some value in fields in stats count.

index=* | spath msg.uri | rename msg.uri as url | rex field=url "shop(?<ex_url>[a-zA-Z\/\-0-9\.]+)" | rex field=ex...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Help with regex to extract words before column"

How to use self join

largest single day result in a 90 day period

Field extraction based on position of character

How to pass values from previous search into map search

Help creating a search for events when a field value changes

Splunk regex error: Missing terminating ] for character class

Can I pass a time/date into the "latest" time modifier

Typing and Index queue shows 100%

How to reduce the width of bars in column chart?

can we give colors in Geostats based on ranges of some value?

Cannot sum two numbers

Using span option with timechart causes incorrect column names.

Using timechart earliest/latest with lookup files

How to reduce the width of bars in column chart?

How do you find the percent of each srcip within a stats command?

help on if condition for results = 0

search on variable

how to display a line in a table panel even if there is no results

passing a query string as token

Receiving error in search to compare two fields

Do splunk commands send output to stdout?

How to build a chart on unique field

How to Calculate Splunk User Password Age

eliminate some value in fields in stats count.

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!