Splunk Search

Discussions

Thread Info

Stop kv-store lookup from grouping values per key

I have a kv store that has several fields (ip addresses, time stamps etc) tied to a unique key (the default mode) - w...

by Communicator in

Splunk 6.2.4, TA-tippingpoint 3.3.0 - Failed extractions

I have TA-tippingpoint 3.3.0 app installed on Enterprise Splunk 6.2.4, but there are no field extractions for the IPS...

by Engager in

Can you help me search to return results even if there are none available?

I have 2 source types that run every morning at 8:30am. If 1 or more does not, I need to still see the source type...

by Communicator in

In a subsearch, retrieve last-logged-on-user, for IPs in a search for most-blocked connections from Firewall

I have a search that returns the IPs that have recently been blocked the most, and I want to add the "Last Logged On ...

by Path Finder in

Handle 0 Count, No results found & when no data is being indexed

I was displaying the count of certain type of locks using the query below. index=A sourcetype="source" LOCK_MODE!...

by Path Finder in

How to extract values "good" and "bad" from my sample data into a new field named STATUS?

Hi I have a log file in which all the events has this below lines as common; 04:03:28 04/12/2016 good 201961...

by Path Finder in

how to match a specific field in 2 different csv file and 2 different index

Hi I use the search below in order to display in a table a specific EventCode by host I am matching the host with ...

by Motivator in

When I use | spath | search | table search commands I am getting duplicate entries

When parsing information from a _json file when using |spath |search |table I am receiving duplicates. I'm not sure...

by New Member in

Regex in Splunk

Hi, I have the following column: CVSSv2 CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N I want to do something like this: ...

by Observer in

Show an area under a chart

I have a line chart and have to calculate area under this chart. The calculated area must be presented on a chart pan...

by Explorer in

How to schedule PDF report and save locally instead of sending e-mail ?

I have a PDF report scheduled and sending daily e-mail with the PDF report in attachment. I need to automatically sav...

by New Member in

Generate PDF file but NOT email it

Hi, I need to be able to generate PDF files of views, which I can get working, but I don't want them emailed. I wa...

by Explorer in

Having issues reporting information from inner searches in a nested query

Hello all, I will try to explain my issue as concisely as possible. I suspect the issue is attributed to me misund...

by Path Finder in

Create line graph with multiple series

Need assistance creating a line graph with 3 series. I have 1 field with 3 different values. I've tried to do this i...

by New Member in

Having a % to follow number on gauge chart

Current: | search MachineNumber="01" | eval PercentComplete= round(((CountSinceLastTaskCompletion)/MaintenanceFrequen...

by New Member in

Splunk - Object is not iterable

Afternoon Guys, Currently get a strange issue. I noticed we were not ingesting logs from one of our s3 buckets and...

by New Member in

How to remove third Thursday from Splunk results

We would like to remove our monthly patching window from our error report that we receive from Splunk on some of our ...

by New Member in

Splunk Maintenance Window

Hello Splunkers, In my organization Patching activity has been scheduled and under that all my splunk components w...

by Explorer in

get AD Computer with PowerShell

Hello, i have a powershell script that give me ad computer objects back. it works perfect. The Script run every 24...

by Observer in

Can you help me do an outputlookup with a condition?

Hello I use the code below. I'm doing an outputlookup at the end of the query, but I want to do it with a condi...

by Motivator in

comparing multivalue fields

Good day! I need to compare the results of a search query that contains multivalued fields. My search query loo...

by Explorer in

How to join two searches based on two different formatted fields

I have an index which contains field - TXN_ID = "24, 25 " index=index1 TXN_ID ="24,25" I have another event in dif...

by Communicator in

Adding donut chart for a single value

Hi , I need to have a exact full donut chart for a single value . Below is the image https://imgur.com/a/O5tex...

by Path Finder in

COnvert week number to the 1st date in that week

Below is the data. Weeknum is the number of week where 01-05 are week numbers from 2019 and 40-44 are week numbers fr...

by New Member in

I am looking for replacing all the numbers in a field to *. Can anyone help.

Input field value: "this error occured for member123456. While making a payment of 60" Desired input field value:"thi...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Stop kv-store lookup from grouping values per key

Splunk 6.2.4, TA-tippingpoint 3.3.0 - Failed extractions

Can you help me search to return results even if there are none available?

In a subsearch, retrieve last-logged-on-user, for IPs in a search for most-blocked connections from Firewall

Handle 0 Count, No results found & when no data is being indexed

How to extract values "good" and "bad" from my sample data into a new field named STATUS?

how to match a specific field in 2 different csv file and 2 different index

When I use | spath | search | table search commands I am getting duplicate entries

Regex in Splunk

Show an area under a chart

How to schedule PDF report and save locally instead of sending e-mail ?

Generate PDF file but NOT email it

Having issues reporting information from inner searches in a nested query

Create line graph with multiple series

Having a % to follow number on gauge chart

Splunk - Object is not iterable

How to remove third Thursday from Splunk results

Splunk Maintenance Window

get AD Computer with PowerShell

Can you help me do an outputlookup with a condition?

comparing multivalue fields

How to join two searches based on two different formatted fields

Adding donut chart for a single value

COnvert week number to the 1st date in that week

I am looking for replacing all the numbers in a field to *. Can anyone help.

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6