Splunk Search

Ask a Question

Discussions

Thread Info

Insert one search into other search as a new column

My code: My basic search| rex "maingroupNo>(?.+)\(?.+)\(?.+)\" | convert timeformat="%H:%M:%S" dur2sec(TimeInSec) |...

by Path Finder in

Percent search

Hello , I have a table, each line of this table has a specific value, I need a search command to calculate the pe...

by Path Finder in

How to covert GMT Time(0-12:00) to PST time.

My result is giving me the output for GMT time for the given time what I have defined.

by New Member in

How to expand the count field and show all the events as a search result?

There is my search result in the attached image. What I want to do is to expand the count field and show all event...

by Path Finder in

count duplicate instances of multivalue field

Hello. I have events that have a field "Security_ID" that is a multi value field. It may contain something like: ...

by Explorer in

Find latest data for each grouped item

Oct 26 10:40:50 m eg[0]: group:group1 name:name1 size:10 speed:20 Oct 26 10:40:50 m eg[0]: group:group2 name:name...

by New Member in

Reverse sorts are honored and regular sorts are not honored in a base search?

*Working: base: ... | sort - first_login_epoch post: | table first_login_epoch *Not working base: ... | sort first_l...

by Motivator in

X Axis (x-axis) don't show up in chart

I have created a chart (Bar) with the following: chart count(ProductName) over ProductCalss BY StoreZones There...

by New Member in

How to split count of field1 where (field2=value1) and count of field1 where (field2=value2) without appending?

I want to find how many times an event happens based on the value of another field. Basically a count of IP addresses...

by Contributor in

Don't understand how to use splunk join, want to merge two tables

Hello, I have this index=myindex eventtype="perfmon_windows" object="LogicalDisk" counter="% Free Space" instan...

by Explorer in

How to use the head command with group by?

Hi All We are building a security toolkit that performs a number of different scans as part of the application bui...

by Explorer in

eval strftime search assistance

Hello, I’m hoping for some suggestions for the process that I am trying to accomplish. I have a universal forwarde...

by New Member in

What is an efficient way to exclude multiple string criteria from a field in search?

Need to exclude field results based on multiple string-matching cirteria (OR): -Not equals to any one of several n...

by Explorer in

how to show a substr

I am doing a substr and want to see that in a table, however it just gives no results baseSearch | eval id = subst...

by Explorer in

How to fill empty fields with data from a specific event field?

Date...............Time.....................UserID.........................Function.....Main...Sub...Serie...Type 20...

by Path Finder in

whitelist regex help with multiple strings

Trying to build a rather simple inputs.conf (or so i thought) to grab two statis named files, and the last file has a...

by Communicator in

Each File as One Single Splunk Event

Hi everyone, I need solve a issue as simple as that: my system generate many files and each file is a isolated eve...

by Engager in

How to regex the field?

How to regex the field? refId=Id-214f1652024d824e1f4cef63be666139\x00 What i used: rex field=_raw "refId=Id-(?\...

by Builder in

Relation between mongod and scheduled searches

Hi to all, is there some relation with mongod and scheduled searches? In our environment we always had mongod disable...

by Communicator in

Sendmail - [Errno 101] Network is unreachable while sending mail

I'm trying to use sendmail command with the gmail smtp server. I use the "Search & Reporting" App to apply the fo...

by Path Finder in

Can't get every values for a field in lookup

Hello, I have a lookup filled with IP's and time that the event happens on that time. I have a search that gets IP's ...

by Explorer in

I have a tstats search that works for me (admin) but not other users (who inherit role from 'user). Why is that?

I have a user who is asking how to show earliest logs indexed by the indexer for a particular host. I tried this simp...

by Motivator in

splunk replace the content of viz after search query execution completed

I need to remove the ": 1" in content "CHG0014888 (N): 1" HTML Content: <tr> <td rowspan="2"></td> <td rows...

by Path Finder in

How to drilldown from table with specific search?

I am displaying a table list and I would like to be able to click an individual row in the list and display a chart f...

by New Member in

Splunk RestAPI Python script for geting search (https://www.splunk.com/blog/2011/08/02/splunk-rest-api-is-easy-to-use.html) not working

I am using below scripts provided in https://www.splunk.com/blog/2011/08/02/splunk-rest-api-is-easy-to-use.html . I ...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Insert one search into other search as a new column

Percent search

How to covert GMT Time(0-12:00) to PST time.

How to expand the count field and show all the events as a search result?

count duplicate instances of multivalue field

Find latest data for each grouped item

Reverse sorts are honored and regular sorts are not honored in a base search?

X Axis (x-axis) don't show up in chart

How to split count of field1 where (field2=value1) and count of field1 where (field2=value2) without appending?

Don't understand how to use splunk join, want to merge two tables

How to use the head command with group by?

eval strftime search assistance

What is an efficient way to exclude multiple string criteria from a field in search?

how to show a substr

How to fill empty fields with data from a specific event field?

whitelist regex help with multiple strings

Each File as One Single Splunk Event

How to regex the field?

Relation between mongod and scheduled searches

Sendmail - [Errno 101] Network is unreachable while sending mail

Can't get every values for a field in lookup

I have a tstats search that works for me (admin) but not other users (who inherit role from 'user). Why is that?

splunk replace the content of viz after search query execution completed

How to drilldown from table with specific search?

Splunk RestAPI Python script for geting search (https://www.splunk.com/blog/2011/08/02/splunk-rest-api-is-easy-to-use.html) not working

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions