Splunk Search

Thread Info

Help with search to take in key, extract the domain column matching the key and filter the search based on the extracted domain

I have a CSV file which has ID, KEY, DOMAIN as its columns. Using dropdown for inputing certain field for the CSV ...

by Path Finder in

Show only first and last values in in a time chart

I'm working on a time chart and I need to show only the first and last values in my time line. <title>Capacit...

by Path Finder in

Websites that describes about Interesting Fields?

Is there a website on Splunk docs that describe about interesting fields and what each field is about? I did research...

by New Member in

How can we define -- to be a comment?

We would like to set -- to be a comment in SPL. Can we do that and if so what's needed. We are on 7.3.

by Motivator in

How to calculate employee retention from previous month

Hello, We are trying to calculate employee retention by the department for the previous month. The challenge is tryin...

by Path Finder in

How to build custom charts using Splunk Highcharts

I need to develop a custom donut chart using Highcharts API. I came to know that Splunk internally uses Highcharts fo...

by New Member in

Is it possible to integrate two splunk instances with a single service now instance?

I am trying to integrate two splunk instance with a single Service Now module. One SPL instance is an ITSM module and...

by New Member in

How does a Splunk server decide which IP to use when it connects to a master node?

We have two IPs for a single indexer host. We are using this command to add a peer to the indexer cluster: /opt...

by Path Finder in

Results in percentage

Hello fellow Splunkers. I made a query that shows the right results. I would like to show these results in percentage...

by Engager in

help with outputcsv and map commands needed

Hello, I desperately search the way to overcome the issue with the map command overwriting the variable values. I ...

by Builder in

licensing question concerning fields from HEC?

All, Just curious if "cool-fields" are billed against our license in the example below? curl -k https://hec....

by Builder in

Convert single and multivalue JSON to table

Hi all, I haven't been able to work this out and I was hoping someone can help answer. I am looking to create a ta...

by Engager in

Cisco syslog only send console logs even if already set to debugging level.

Hello we are having a problem on cisco syslog. We set the syslog level to debugging but we are not receiving anyt...

by Explorer in

what is the best way to enrich events from another search?

I have two data sources Source A time action src_ip session user - "action" varies between (logon, logoff and relo...

by Splunk Employee in

chart over multiple counts of string values - single row

the events data set looks like this: 2:05:34.067 PM 3DS: auth_validate_success Proceeding with payment authorizati...

by Explorer in

How to split field into multiple fields for comparison

Hello, need help from the experts. My search results (_raw) is this: Event 1 minute ago, vmrit-c4ca0001.lm.lmig.co...

by Explorer in

[Search & Reporting] Coodinates

Hi, I have a fleet of scotter who are geolocated. My sourcetype is like this: 20190101150909 49.86587 2.32952 NGQ 201...

by New Member in

Splunk extract exact match for a customer name

Here is my splunk log line {"line":"2019-08-15T17:48:28.935Z LCS {\"configName\":\"Apple-SQS\",\"customerName\":\"...

by Path Finder in

distinct first n characters of string

Lets say .. My result would produce a.log a.log.1 a.log.2 a.log.3 b.log b.log.1 b.log.2 b.log.3 c.log c.log.1 c.l...

by Contributor in

search in the training does not return any results

Hi I started the Fundamentals 1 training a couple a weeks ago. I had to stop until today. So I started up by reviewin...

by New Member in

Timechart bug.

index="iedss_was_prd" OR index=iedss_mule_prd | rex field=source "(?P<logType>[^\\\]+)$" | eval raw_len=len(_raw) ...

by Contributor in

Modifying Splunk query to include multiple host from Production and DR app servers without duplicating data

I have a dashboard prepared in Splunk Enterprise for Production where input data is coming from one of my application...

by New Member in

Multivalued fields in a lookup file

I have a csv file like : User_id,emails 375352,foo@foo.com foo@foo.ca foobar@foobar.co.uk 872352,toto@foo.com note...

by Explorer in

Why count searchmatch return double counts?

the events data set looks like this: 2:05:34.067 PM 3DS: auth_validate_success Proceeding with payment authorizati...

by Explorer in

Calculate % of each field as ratio?

I have the table: _time Ip_1 Ip_2 Ip_3 a 36 40 31 b 37 39 21 I want to take the percentage of each IP instead cou...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

Help with search to take in key, extract the domain column matching the key and filter the search based on the extracted domain

Show only first and last values in in a time chart

Websites that describes about Interesting Fields?

How can we define -- to be a comment?

How to calculate employee retention from previous month

How to build custom charts using Splunk Highcharts

Is it possible to integrate two splunk instances with a single service now instance?

How does a Splunk server decide which IP to use when it connects to a master node?

Results in percentage

help with outputcsv and map commands needed

licensing question concerning fields from HEC?

Convert single and multivalue JSON to table

Cisco syslog only send console logs even if already set to debugging level.

what is the best way to enrich events from another search?

chart over multiple counts of string values - single row

How to split field into multiple fields for comparison

[Search & Reporting] Coodinates

Splunk extract exact match for a customer name

distinct first n characters of string

search in the training does not return any results

Timechart bug.

Modifying Splunk query to include multiple host from Production and DR app servers without duplicating data

Multivalued fields in a lookup file

Why count searchmatch return double counts?

Calculate % of each field as ratio?

Buttercup Games: Further Dashboarding Techniques (Part 7)

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

Mastering Data Pipelines: Unlocking Value with Splunk

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...