Splunk Search

Community Activity

How to build a chart on unique field I am trying to achieve building multiple area graph on one chart where my input is: foo=blue foo=purple foo=red foo=... by wish2hate New Member in Splunk Search 10-09-2019 0 1	0	1
How to Calculate Splunk User Password Age Greetings, I use Splunk local authentication mode and have enabled password policy. I want to calculate the password... by marcus_santos_s Path Finder in Splunk Search 10-09-2019 0 5	0	5
eliminate some value in fields in stats count. index=* \| spath msg.uri \| rename msg.uri as url \| rex field=url "shop(?<ex_url>[a-zA-Z\/\-0-9\.]+)" \| rex field=ex... by sandeepmakkena Contributor in Splunk Search 10-09-2019 0 2	0	2
Installing Boss of the SOC (BOTS) Investigation Workshop Despite the number of links: https://www.splunk.com/blog/2018/05/25/boss-of-the-soc-bots-investigation-workshop-for-s... by therevenant New Member in Splunk Search 10-09-2019 0 1	0	1
Nested case -> match within mvjoin Hello, I'm trying to create an multi-value field 'category' which takes its value from a 'case(match(' that queries a... by Dworsnop Path Finder in Splunk Search 10-09-2019 0 4	0	4
Not getting proper output of query Hello everyone, In my query if my field value(Current_Day,Current_Day_Actual,Current_Day_Average,DifferenceFromAvera... by punyanit Path Finder in Splunk Search 10-09-2019 0 4	0	4
getting results in verbose mode but not in smart or fast mode I have indexed file using INDEXED_EXTRACTION=csv in props.conf when I search index=abc field_name=123 I get results ... by ips_mandar Builder in Splunk Search 10-09-2019 0 2	0	2
How can I expand/unfold all fields in all events in list view? I have many events as the following in my search: All fields are collapsed at the beginning and I have to unfold e... by nikosattlermhp Engager in Splunk Search 10-09-2019 0 1	0	1
High quality chart export Hi community, Do you know if there is a reliable or supported way to export charts from a dashboard in a high qualit... by davidemagni Explorer in Splunk Search 10-09-2019 0 1	0	1
How to assign colors for a choropleth map based on the range of counts? Hi, I have a choropleth map, in which I have count like 0,179, 10, 65, 10 So , I want to put the color red if it is... by abhayneilam Contributor in Splunk Search 10-09-2019 2 3	2	3
How to compare multiple values of a field with the corresponding values of another field and add a new value based on the comparison result? I want to check for list of applications installed and its versions from all the PCs in my environment. If all the li... by sureshmurgan Path Finder in Splunk Search 10-09-2019 0 5	0	5
custom field values with space character i can not search custom field values(with space character) that JSON type data coming from jira app. for example cu... by rarki Explorer in Splunk Search 10-09-2019 0 3	0	3
How to create a pie chart with only true false values I am working with this search: index=lab-testresults type=browser NOT(browser="UK" OR browser="Firefox") suiteID="... by disillusioned New Member in Splunk Search 10-09-2019 0 2	0	2
Why is stats count by sourcetype missing some sourcetypes? index=app_xxxxxxxxx_products cluster_name=dxx-exx-awslab sourcetype=xxxxxxx:deployment-info \| stats count by sourcety... by dilpreetsingh Engager in Splunk Search 10-09-2019 0 1	0	1
Can anyone please help with with the issue , Getting the below error under Search head Search peer ###############.com has the following message: Failed to register with cluster master reason: failed meth... by Inayath_khan Path Finder in Splunk Search 10-08-2019 0 1	0	1
TSTATS with count zero and APPENDCOLS error Now i have a case: - count call API "XXX/authen" (not session) by src_ip (1) \| tstats summariesonly count from datamo... by longnh26 New Member in Splunk Search 10-08-2019 0 1	0	1
splunk SPL my search \| stats count(eval(Code="3011648")) as "Incorrect login code" I am counting incorrect login code from thi... by vikram1583 Explorer in Splunk Search 10-08-2019 0 5	0	5
How to get events around identified event Hello, I have a dashboard that identifies Windows hard shut downs (event code=41). However, we want to see the windo... by jamesvz84 Communicator in Splunk Search 10-08-2019 1 3	1	3
How does dedup treat multivalue fields? Which events are removed when multivalue comes into play? by landen99 Motivator in Splunk Search 10-08-2019 0 1	0	1
Lookup Tables - Dedup Hello, I Googled and checked several answer posts, but perhaps I am not wording it correctly in the search engines. ... by genesiusj Builder in Splunk Search 10-08-2019 0 2	0	2
Stats 2 results together and filling in the blank fields with dynamically-generated values I need to create volume-base alerts so we know when volume drops. The services we need to monitor are usually suffix... by weidertc Contributor in Splunk Search 10-08-2019 0 4	0	4
How to detected a Deviation of 20% vs weekly average? Hi team! I need to do that: Eventcode = 4624 and 4634 with Logon Type = 10. An event will be generated if an access... by christianubeda Path Finder in Splunk Search 10-08-2019 0 2	0	2
Lookup values not shown on result table Hello all, I am searching in Splunk for the last login date of a User and export it into a table: ... \| eval date=s... by dunick Engager in Splunk Search 10-08-2019 0 3	0	3
How to get a table to show more than 100 rows Is there any way i can increase the number of rows in a Table to 1000 instead of 100? by ptadakam New Member in Splunk Search 10-08-2019 0 3	0	3
Compare two sources with multiple value Hi folks, Hi have a case needing to compare 2 sources with CSV type Source 1 has fields as below: start_time_s1, e... by nguyenhuyhoang0 New Member in Splunk Search 10-08-2019 0 3	0	3