Splunk Search

Thread Info

How do I modify my geostats search so my map shows the field values for each country based on latitude and longitude from a lookup?

Hello all, I have an issue trying to visualize data on a map. Now, I'm trying to get the lat and long from a looku...

by Explorer in

customizing limits.conf for number of searches

hi! I am currently creating a dashboard where I run a total of 14 concurrent real time searches. whenever I run the d...

by Communicator in

How to group multiple field values into one field

I have logs where I want to count multiple values for a single field as "start" and other various values as "end". Ho...

by Builder in

Exclude from search values from lookup table

Hello, I have a lookup table which i test it like this : |inputlookup approved_s3_buckets.csv and display the ...

by New Member in

How to use a drop-down token to pick different searches to run and populate a chart panel?

I have a dashboard that is populated only by a drop-down input and a chart panel. What I want to do is have severa...

by New Member in

Can you help me compare how much data was ingested in GB from an index today and yesterday?

by Path Finder in

Gathering Six Months of Trend Data

I'm still relatively new to Splunk and am having trouble understanding Timechart and the proper syntax for it. I'm lo...

by Explorer in

Calculate TopN hosts but add to that TopN based on a key=value pair

Is there a way to get a Top Hosts count and add to each hosts count using a value from a k/v pair in the event itself...

by Engager in

predict per host

There are already some similar questions here, but we're not getting to an answer so far. We would like to predict wh...

by Explorer in

distinct count

I have events which contain batches. There are several batchtypes. For example Batch; A01,A02,A03. When a batch is st...

by Path Finder in

How to check and count the status before a certain event?

Our log looks like as following after basic search: Date..............Time...........................UserID..........

by Path Finder in

How to make a field as index time field extraction?

I have a log with events as below Mar 18 10:48:31 XXXXXXXXXXXXXXX 1,2019/03/18 10:48:31,012501002228,\,url-filter...

by Path Finder in

search comparison to validate all forwarders point to indexers in the idx cluster

GM, through the years we have added several indexers to our cluster. we are no looking to retire a few generation 1 i...

by Contributor in

Overcome truncated result for timeseries chart

Hi guys, I'm currently facing an issue. I have csv logs being ingested every 1 min with the status of some service...

by Explorer in

How to do a lookup between two searches and combine the data in a single line in a table

Can someone give me the basics to do something like find THIS in search number 1, match it to THAT in search numbe...

by Explorer in

How to do Lookup single field comparison?

I apologize for the banal question on the lookup. Not so long ago, I began to learn how to filter events by lists thr...

by New Member in

Scheduled SPL Search Results with it's Scheduled Search Time

Hello Splunkers, Is it possible to accomplish my question in the title ? My SPL DOES NOT contain any date field, b...

by Path Finder in

Performing calculations on multi-valued fields

Hello, I am trying to perform calculations on multiple fields. I am working with data in the format of Key='value...

by New Member in

Add search field based on value of another field

I have a dashboard panel with a radio input. If the user choose Selection A (4624), I need to add a field to the sear...

by New Member in

How do you build a regex to index only specific files?

Hello, i have these 3 stanzas in my transforms.conf file: [set_f270_header] REGEX = (^\$\w+\s\d+|^\-\-\-\-\- h...

by Communicator in

Break events based on a string

hi , Below is my single event indexing into splunk.I want to break the events into single events .It should break ...

by Path Finder in

How to write an eval condition to replace a field ?

I have a query which displays some tabular results and when a certain condition is matched for 2 field values I want ...

by Builder in

Retrieve TransactionId from the following string through regex

Wanted to retrieve the transaction id from the given string Level="ERROR", Date="2019-03-25 23:02:59,600", Messag...

by Path Finder in

How to show threat names in field1 and not in field2?

I have 2 different fields that both contain threat names. I want to show which of the threat name are in field1 and n...

by Loves-to-Learn in

How to list out all users who access a particular IP?

How to search all users who access a particular domain/ip I have a list of source ips and i wish to find users who...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

How do I modify my geostats search so my map shows the field values for each country based on latitude and longitude from a lookup?

customizing limits.conf for number of searches

How to group multiple field values into one field

Exclude from search values from lookup table

How to use a drop-down token to pick different searches to run and populate a chart panel?

Can you help me compare how much data was ingested in GB from an index today and yesterday?

Gathering Six Months of Trend Data

Calculate TopN hosts but add to that TopN based on a key=value pair

predict per host

distinct count

How to check and count the status before a certain event?

How to make a field as index time field extraction?

search comparison to validate all forwarders point to indexers in the idx cluster

Overcome truncated result for timeseries chart

How to do a lookup between two searches and combine the data in a single line in a table

How to do Lookup single field comparison?

Scheduled SPL Search Results with it's Scheduled Search Time

Performing calculations on multi-valued fields

Add search field based on value of another field

How do you build a regex to index only specific files?

Break events based on a string

How to write an eval condition to replace a field ?

Retrieve TransactionId from the following string through regex

How to show threat names in field1 and not in field2?

How to list out all users who access a particular IP?

Buttercup Games: Further Dashboarding Techniques (Part 7)

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

Mastering Data Pipelines: Unlocking Value with Splunk

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...