Splunk Search

Community Activity

help on if condition for results = 0 hello In a panel table, I need to display every key_path even if the key_path result = 0 I have done an if condition... by jip31 Motivator in Splunk Search 10-09-2019 0 3	0	3
search on variable I have a dashboard where I select the type of item I want to look for in an IIS log. What I look for is a regular ex... by scottfoley Explorer in Splunk Search 10-09-2019 0 3	0	3
how to display a line in a table panel even if there is no results hi I need that the stats command below display a line with 0 if there is no results How can I do please?? index=... by jip31 Motivator in Splunk Search 10-09-2019 0 11	0	11
passing a query string as token how to extract the query stored in form of a key value pair in a lookup and execute the query in a single go in searc... by ManishVilla7 Explorer in Splunk Search 10-09-2019 1 1	1	1
Receiving error in search to compare two fields Where is the error? (index=paloalto sourcetype="pan:threat" action=allowed severity=critical src_interface="etherne... by gustavobrgyn New Member in Splunk Search 10-09-2019 0 2	0	2
Do splunk commands send output to stdout? When you run ‘splunk status’ or ‘splunk start’ etc., is the output sent to stdout? I’m working with an automations s... by tsheets13 Communicator in Splunk Search 10-09-2019 0 2	0	2
How to build a chart on unique field I am trying to achieve building multiple area graph on one chart where my input is: foo=blue foo=purple foo=red foo=... by wish2hate New Member in Splunk Search 10-09-2019 0 1	0	1
How to Calculate Splunk User Password Age Greetings, I use Splunk local authentication mode and have enabled password policy. I want to calculate the password... by marcus_santos_s Path Finder in Splunk Search 10-09-2019 0 5	0	5
eliminate some value in fields in stats count. index=* \| spath msg.uri \| rename msg.uri as url \| rex field=url "shop(?<ex_url>[a-zA-Z\/\-0-9\.]+)" \| rex field=ex... by sandeepmakkena Contributor in Splunk Search 10-09-2019 0 2	0	2
Installing Boss of the SOC (BOTS) Investigation Workshop Despite the number of links: https://www.splunk.com/blog/2018/05/25/boss-of-the-soc-bots-investigation-workshop-for-s... by therevenant New Member in Splunk Search 10-09-2019 0 1	0	1
Nested case -> match within mvjoin Hello, I'm trying to create an multi-value field 'category' which takes its value from a 'case(match(' that queries a... by Dworsnop Path Finder in Splunk Search 10-09-2019 0 4	0	4
Not getting proper output of query Hello everyone, In my query if my field value(Current_Day,Current_Day_Actual,Current_Day_Average,DifferenceFromAvera... by punyanit Path Finder in Splunk Search 10-09-2019 0 4	0	4
getting results in verbose mode but not in smart or fast mode I have indexed file using INDEXED_EXTRACTION=csv in props.conf when I search index=abc field_name=123 I get results ... by ips_mandar Builder in Splunk Search 10-09-2019 0 2	0	2
How can I expand/unfold all fields in all events in list view? I have many events as the following in my search: All fields are collapsed at the beginning and I have to unfold e... by nikosattlermhp Engager in Splunk Search 10-09-2019 0 1	0	1
High quality chart export Hi community, Do you know if there is a reliable or supported way to export charts from a dashboard in a high qualit... by davidemagni Explorer in Splunk Search 10-09-2019 0 1	0	1
How to assign colors for a choropleth map based on the range of counts? Hi, I have a choropleth map, in which I have count like 0,179, 10, 65, 10 So , I want to put the color red if it is... by abhayneilam Contributor in Splunk Search 10-09-2019 2 3	2	3
How to compare multiple values of a field with the corresponding values of another field and add a new value based on the comparison result? I want to check for list of applications installed and its versions from all the PCs in my environment. If all the li... by sureshmurgan Path Finder in Splunk Search 10-09-2019 0 5	0	5
custom field values with space character i can not search custom field values(with space character) that JSON type data coming from jira app. for example cu... by rarki Explorer in Splunk Search 10-09-2019 0 3	0	3
How to create a pie chart with only true false values I am working with this search: index=lab-testresults type=browser NOT(browser="UK" OR browser="Firefox") suiteID="... by disillusioned New Member in Splunk Search 10-09-2019 0 2	0	2
Why is stats count by sourcetype missing some sourcetypes? index=app_xxxxxxxxx_products cluster_name=dxx-exx-awslab sourcetype=xxxxxxx:deployment-info \| stats count by sourcety... by dilpreetsingh Engager in Splunk Search 10-09-2019 0 1	0	1
Can anyone please help with with the issue , Getting the below error under Search head Search peer ###############.com has the following message: Failed to register with cluster master reason: failed meth... by Inayath_khan Path Finder in Splunk Search 10-08-2019 0 1	0	1
TSTATS with count zero and APPENDCOLS error Now i have a case: - count call API "XXX/authen" (not session) by src_ip (1) \| tstats summariesonly count from datamo... by longnh26 New Member in Splunk Search 10-08-2019 0 1	0	1
splunk SPL my search \| stats count(eval(Code="3011648")) as "Incorrect login code" I am counting incorrect login code from thi... by vikram1583 Explorer in Splunk Search 10-08-2019 0 5	0	5
How to get events around identified event Hello, I have a dashboard that identifies Windows hard shut downs (event code=41). However, we want to see the windo... by jamesvz84 Communicator in Splunk Search 10-08-2019 1 3	1	3
How does dedup treat multivalue fields? Which events are removed when multivalue comes into play? by landen99 Motivator in Splunk Search 10-08-2019 0 1	0	1