Splunk Search

Discussions

Thread Info

error in timechart graph

Hi all, We are having trouble regarding a query in which we need to display multiple metric_labels of a host in a sin...

by Explorer in

Two searches with different source and producing results in form of filename in column A and B respectively.

There are 2 searches from 2 different sources that are fetching file name details in column A and B respectively. We...

by New Member in

Not able to generate timechart from a multivalue field

I am getting my input in json format like below, {"message":{"SID":"DEV","TIMESTAMP":1563095600,"PARAMS":[{"PROC_C...

by Communicator in

Feasibility of regex to keep specific events and discard the rest

I want to keep specific events which contains few strings in event but around 30 OR statement I have to write in rege...

by Builder in

Help with eval division calculation

Hey all, I need an eval expression for the below output: _time minutes bminutes 2019-06-01 1349511.54 105472800...

by Path Finder in

whats preventing me to get the desired output

Hi Team, I am not able to get the values for SLA Time and time_diff_epoch. when i am running two queirs indvidu...

by Explorer in

CWE-610, CWE-918 vulnerabilities?

Hello, my red team just did an engagement against Splunk and among their findings is a SSRF vulnerability and so far,...

by Engager in

Can we include OR/AND operator in a transaction

I have the following log sets, one for success case and one for the failure case Success: id=11111 msg=Begin proce...

by Explorer in

How to use the INPUTLOOKUP command on Splunk Cloud

Hi Everyone, So we are using SPlunk Cloud and I have created a dashboard that searches for the top 100 most reoccurri...

by New Member in

eval if(X,Y,Z) always returns Z whether X matches or not

https://docs.splunk.com/Documentation/Splunk/7.3.0/SearchReference/ConditionalFunctions#if.28X.2CY.2CZ.29 I'm tryi...

by Communicator in

Use makemv on all fields

I have quite a bit of single-value fields in my dataset which really should be multi-value fields. They are all forma...

by Path Finder in

Age calculation based on Date

Hi, I have a field in my data that is called "date". This "date" is when a vulnerability was seen the first time. ...

by Builder in

How to rename column values when making a chart

I have a table which has a store_id, a shopper_id. For example (1, 5231). Each store_id corresponds to a the store na...

by Explorer in

How to regex the raw data?

hi all, I am trying to extract field from Splunk "extract more fields" feature, its not showing as the logs in events...

by Path Finder in

Is it possible to parse daily log file to report the time between OffHook and OnHook event

Did a little bit of searching, but didn't really find what I needed, but I also don't know if I'm even searching the ...

by New Member in

What is the best way to find searches without sourcetype or index defined?

I know that indexed fields accelerate search performance. Many searches take advantage of this with host, source, and...

by Ultra Champion in

Issue with stats count with multiple fields

I am using the stats count function to get a count of unique events. as part of the list I am want to show additional...

by Path Finder in

Use saved search (reports) as lookup

I have a savedsearch (reports) that i want to use as lookup, it is possible? Should i use it as subsearch?

by Path Finder in

How can we show all fields, including rare ones?

I'm running - index=<indexname> | fields or index=<indexname> | fieldsummary They don't show the field...

by Motivator in

compare a time in a log file to time now

Hello splunk communitie, i am trying to make a comparison between the time in a event named Account_Expires agains...

by Explorer in

How do I filter Event Log with blacklists in inputs.conf

I'm trying to create a blacklist for several Event IDs to exclude any events with multiple user accounts. For example...

by New Member in

column in search needs to be populated by another search

I have a search that tells me if an index hasn't received data from a log on a server. This allows me to monitor the ...

by Explorer in

Help in writing eval

I have a string like ABC:BOOT3RDSUNMONTH_MAINT2_sadasdczxc1and I want to put the jobs which have boot in their string...

by New Member in

Duration between first occurence of one event and occurence of another event

I want to get the duration between two different events. In a simplified structure my events have a timestamp and a s...

by Engager in

How to drilldown in pie chart based on the selection made

Hi , I have a pie chart with different dataservices and its size percentage. I am trying setup drilldown for each ...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

error in timechart graph

Two searches with different source and producing results in form of filename in column A and B respectively.

Not able to generate timechart from a multivalue field

Feasibility of regex to keep specific events and discard the rest

Help with eval division calculation

whats preventing me to get the desired output

CWE-610, CWE-918 vulnerabilities?

Can we include OR/AND operator in a transaction

How to use the INPUTLOOKUP command on Splunk Cloud

eval if(X,Y,Z) always returns Z whether X matches or not

Use makemv on all fields

Age calculation based on Date

How to rename column values when making a chart

How to regex the raw data?

Is it possible to parse daily log file to report the time between OffHook and OnHook event

What is the best way to find searches without sourcetype or index defined?

Issue with stats count with multiple fields

Use saved search (reports) as lookup

How can we show all fields, including rare ones?

compare a time in a log file to time now

How do I filter Event Log with blacklists in inputs.conf

column in search needs to be populated by another search

Help in writing eval

Duration between first occurence of one event and occurence of another event

How to drilldown in pie chart based on the selection made

Reduce and Transform Your Firewall Data with Splunk Data Management

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions