Splunk Search

Ask a Question

Discussions

Thread Info

High quality chart export

Hi community, Do you know if there is a reliable or supported way to export charts from a dashboard in a high qualit...

by Explorer in

How to assign colors for a choropleth map based on the range of counts?

Hi, I have a choropleth map, in which I have count like 0,179, 10, 65, 10 So , I want to put the color red if i...

by Contributor in

How to compare multiple values of a field with the corresponding values of another field and add a new value based on the comparison result?

I want to check for list of applications installed and its versions from all the PCs in my environment. If all the li...

by Path Finder in

custom field values with space character

i can not search custom field values(with space character) that JSON type data coming from jira app. for example ...

by Explorer in

How to create a pie chart with only true false values

I am working with this search: index=lab-testresults type=browser NOT(browser="UK*" OR browser="Firefox") suiteID=...

by New Member in

Why is stats count by sourcetype missing some sourcetypes?

index=app_xxxxxxxxx_products cluster_name=dxx-exx-awslab sourcetype=xxxxxxx:deployment-info | stats count by sourcety...

by Engager in

Can anyone please help with with the issue , Getting the below error under Search head

Search peer ###############.com has the following message: Failed to register with cluster master reason: failed meth...

by Path Finder in

TSTATS with count zero and APPENDCOLS error

Now i have a case: - count call API "XXX/authen" (not session) by src_ip (1) | tstats summariesonly count from datamo...

by New Member in

splunk SPL

my search | stats count(eval(Code="3011648")) as "Incorrect login code" I am counting incorrect login code from this ...

by Explorer in

How to get events around identified event

Hello, I have a dashboard that identifies Windows hard shut downs (event code=41). However, we want to see the win...

by Communicator in

How does dedup treat multivalue fields?

Which events are removed when multivalue comes into play?

by Motivator in

Lookup Tables - Dedup

Hello, I Googled and checked several answer posts, but perhaps I am not wording it correctly in the search engines. ...

by Builder in

Stats 2 results together and filling in the blank fields with dynamically-generated values

I need to create volume-base alerts so we know when volume drops. The services we need to monitor are usually suffixe...

by Communicator in

How to detected a Deviation of 20% vs weekly average?

Hi team! I need to do that: Eventcode = 4624 and 4634 with Logon Type = 10. An event will be generated if an ac...

by Path Finder in

Lookup values not shown on result table

Hello all, I am searching in Splunk for the last login date of a User and export it into a table: ... | eval da...

by Engager in

How to get a table to show more than 100 rows

Is there any way i can increase the number of rows in a Table to 1000 instead of 100?

by New Member in

Compare two sources with multiple value

Hi folks, Hi have a case needing to compare 2 sources with CSV type Source 1 has fields as below: start_time_s...

by New Member in

How to get common values in two different fields in two different searches

Hi all, I'd be grateful if you could help me with this. I have read other similar questions but none of them seem to ...

by Engager in

Please help for ssl for splunkd - Splunk runs but cannot log in and is slow

Hello I want to secure splunkd DS->clients with self-signed ssl cert but for some reason it doesn't work. From spl...

by Path Finder in

How to sort the result set or remove paging on trellis chart?

Hi All, I am trying to create a trellis chart to provide the details of 32 components. Trellis chart is showing ju...

by New Member in

Is there a way to automate diag to support?

All, Silly question - Is there a way to automate the sending of diags to Splunk support? I'd like to know they ha...

by Builder in

What is a Workbook in Splunk Investigate?

by Splunk Employee in

How to search two Indexes based on matching fields and add fields from both indexes to a table

I'm new to splunk And i'm trying to add some logic to reduce false positives. I have two indexes Index=A index=B ...

by Observer in

What's the delay between last event written to disk and now()?

All our cyber alerts are now based on the last five minutes of indexed data. Therefore we wondered about a potential ...

by Motivator in

extract uri

/hk-zh/shop/buy-phone/phone-1/5.8-%E5%90%8B%E9%A1%AF%E7%A4%BA%E5%99%A8-256gb-%E9%8A%80%E8%89%B2 1059 /hk/shop/buy-pho...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

High quality chart export

How to assign colors for a choropleth map based on the range of counts?

How to compare multiple values of a field with the corresponding values of another field and add a new value based on the comparison result?

custom field values with space character

How to create a pie chart with only true false values

Why is stats count by sourcetype missing some sourcetypes?

Can anyone please help with with the issue , Getting the below error under Search head

TSTATS with count zero and APPENDCOLS error

splunk SPL

How to get events around identified event

How does dedup treat multivalue fields?

Lookup Tables - Dedup

Stats 2 results together and filling in the blank fields with dynamically-generated values

How to detected a Deviation of 20% vs weekly average?

Lookup values not shown on result table

How to get a table to show more than 100 rows

Compare two sources with multiple value

How to get common values in two different fields in two different searches

Please help for ssl for splunkd - Splunk runs but cannot log in and is slow

How to sort the result set or remove paging on trellis chart?

Is there a way to automate diag to support?

What is a Workbook in Splunk Investigate?

How to search two Indexes based on matching fields and add fields from both indexes to a table

What's the delay between last event written to disk and now()?

extract uri

Can’t make it to .conf25? Join us online!

What Is Splunk? Here’s What You Can Do with Splunk

Level Up Your .conf25: Splunk Arcade Comes to Boston

Manual Instrumentation with Splunk Observability Cloud: How to Instrument Frontend ...

User could not act as admin in splunk

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!