Splunk Search

Discussions

Thread Info

I have 4 columns with 1 data in each, I wrote this query with the help of AppendCols and populate my results, please check below for more details.

I have 4 columns with 1 data in each, I wrote this query with the help of AppendCols and populate my results, now I w...

by New Member in

How to change timechart data points to reflect full timestamp instead of date_hours

Disclaimer - very green to Splunk My timechart is built with the following $search | timechart avg(date_hour) ...

by New Member in

Creating a table with chronological headers

Given a week worth of timestamped data like the following: 1st FEB Time = "010219 0100" Category = "A" Value = "1....

by Communicator in

How to calcualte the count diff between 2 searches?

index=A | stats count as count1 index=A | dedup field1 field2 | stats count as count2 This 2 searched have same in...

by Engager in

Show ratio in map and Change marker size and color based on ratio percentage

Hi, I'm trying to show ratio of active vs total count of students by school in a map. Whereever the ratio is less tha...

by New Member in

help to rename automatically random pie label

Hi I use the search below [| inputlookup host.csv | table host] index="x" sourcetype="x" | bucket _time sp...

by Motivator in

save search results into index

i want save search results data into my index. how can i do it... (|crawl ... |input add index=myindex) is not workin...

by New Member in

Unable to build query using append/appendpipe to get desired percentage of stats

Given: index=log category=Price | eval PriceStatus=case(activity=="approve" AND event=="complete", "Price Approve...

by Engager in

How to write custom Text for a Search result?

For my Dashboard I ping a Source and want to see to Text-States: UP or DOWN. My search statement looks similar lik...

by Explorer in

field value is being extracted as fieldname in regex

I am trying to extract xml fields using regex but I am encourtering this issue for this specific tags, It is working ...

by Path Finder in

How to sort search results by numbers

The rounding of search results has already been discussed numerously. But unfortunately, it doesn't work for me. I wa...

by Explorer in

showing result quarterly

I am new in splunk i want to calculate the quarter data based on all people and what are the highest planned and lowe...

by New Member in

Missing original value after using distinct query

Hi, I am having the following issue that need your help. The scenario is: I am working on the report of firewall data...

by New Member in

Unique requests

Need creating a search query for Splunk that results in a list of unique requests that have been completed.

by Engager in

How to get count of multiple strings with common index and source type?

I'm trying to create a dashboard which will display pie-charts from different results. For this, I've multiple string...

by Explorer in

Does the Trellis visualisation work with real time searches?

I am attempting to make a trellis visualization off the sample data : * clientip=* | iplocation clientip | looku...

by Path Finder in

Get average connections for the past few days, compare to current connections

I have the following search, I'm trying to get it to show the src, dst, current amount of connections, and then an av...

by Path Finder in

Splunk not able to recognize the JSON file source type and index it

I am trying to monitor a folder containing JSON files in it. But, I observed that files are not getting indexed. Whe...

by New Member in

search peers sick

Hi im having this issue : The times on the system clocks for the machines running this search head and the intende...

by Builder in

timechart with WHERE clause not behaving as expected

I have a fairly straightforward query using timechart to count the top 10 users triggering an event. ( Sanitized ) ...

by New Member in

start a search certain number of hours/days/weeks from time picker set value

Good day everyone, I am dealing with a challenge and really hope i can get an answer here. I am running a Join search...

by Path Finder in

Unable to extract common values by joining indexes?

index=abc sourcetype=xyz | eval is_passed=if(label=="PASS", 1, 0) | eval is_failed=if(label=="FAIL", 1, 0) | stats...

by Explorer in

About usage of {} in eval

I recently saw the manual of eval, and I found the following description. To specify a field name with multiple wo...

by Builder in

Getting the wrong fields extracted from my props and transforms conf files

So i'm trying to extract and ip address from a multi-value field and my transforms stanza is something along these li...

by Explorer in

how to find third largest salary from a salary field

Please help me in Finding the 3rd or nth largest value from a field... SALARY 10000 30000 20000 80000 60000 930...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

I have 4 columns with 1 data in each, I wrote this query with the help of AppendCols and populate my results, please check below for more details.

How to change timechart data points to reflect full timestamp instead of date_hours

Creating a table with chronological headers

How to calcualte the count diff between 2 searches?

Show ratio in map and Change marker size and color based on ratio percentage

help to rename automatically random pie label

save search results into index

Unable to build query using append/appendpipe to get desired percentage of stats

How to write custom Text for a Search result?

field value is being extracted as fieldname in regex

How to sort search results by numbers

showing result quarterly

Missing original value after using distinct query

Unique requests

How to get count of multiple strings with common index and source type?

Does the Trellis visualisation work with real time searches?

Get average connections for the past few days, compare to current connections

Splunk not able to recognize the JSON file source type and index it

search peers sick

timechart with WHERE clause not behaving as expected

start a search certain number of hours/days/weeks from time picker set value

Unable to extract common values by joining indexes?

About usage of {} in eval

Getting the wrong fields extracted from my props and transforms conf files

how to find third largest salary from a salary field

.conf25 Registration is OPEN!

Detecting Cross-Channel Fraud with Splunk

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

MLTK - What algorithm should I use?

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions