Splunk Search

Discussions

Thread Info

Drilldown on results of a subsearch not working

Woodcock - As a new question to the previous one that you help resolve - do you have any idea why the drilldown isn't...

by Engager in

How to use a different time range within a subsearch?

Splunk rookie here, so please be gentle. I am hoping someone can help me with a date-time range issue within a subsea...

by Engager in

How to add % symbol with data labels in charts?

I want to add % symbol with both the y-axis legend and data labels Thanks in advance!

by Path Finder in

How to get Splunk btool command to return an exact match?

Hi, I have savedsearches like: dev_sudo dev_sudo mod dev_sudo mod2 How to dump the first with btool? If I u...

by Communicator in

How do you extract a hostname from a source path?

Hello all , I've configured Splunk to monitor directory , i.e. /usr/home/test/* for new CSV files ( periodically ...

by New Member in

Join Earlier Joins with Later

I'm doing a join where I want to only get subsearch events that happened before the parent search event. Thus, I'm us...

by New Member in

How to trigger the DMC Alert - Near Critical Disk Usage alert on the monitoring console?

Hello, I've been asked to set up an alert for disk space exceeding 80%. I enabled the DMC Alert - Near Critical ...

by Path Finder in

Why am I seeing several thousand skipped searches per day in the Splunk Deployment Monitor app?

Using Splunk 7.2.0. While looking at the Monitoring Console and performing this search (see below) , I see almost ...

by New Member in

Subsearch leading to

I notice that the below query results in 0 events, whereas the baseSearch alone results in 11 events and the sub-sear...

by Engager in

How can I make my table results in 3s time intervals?

Query I am running: index="dcg-video-eng-live-services-stage" | spath "message.req.originalUrl" | search "message....

by Path Finder in

How can I split JSON into multiple events?

Hi, can anyone help me a bit? i am trying to split an event in more lines or more events, every events got multipl...

by Path Finder in

How do I convert epochtime = -1 to a human readable format?

I am creating a dashboard for Tenable results and some entries have a Patch Publication Date value of -1. I'm having ...

by Explorer in

How should I rename a dynamic value after using the timechart count by?

Hi All, I am using this search string as below : (some data- index, host, etc)............. | xmlkv | search "ns0:...

by New Member in

How do I make a query which finds logs where the value for a field matches?

Log1: id=5 errorA Log2: id=5 errorB I would like a query to return the logs with the same id value grouped togethe...

by Explorer in

How do I search for events within _indextime?

I understand the behavior of Splunk when using _indextime, but I want to know what query would do what I really am lo...

by Engager in

Is there a way to draw the line of where the cutoff point for outliers is?

I refer to the outlier command https://docs.splunk.com/Documentation/Splunk/7.0.4/SearchReference/Outlier *Is ther...

by Motivator in

How do I extract a value from the the following JSON?

I want to extract the following values from below JSON. Values needs to be extracted from the highlighted text in Bol...

by Explorer in

Why is my join query pulling results correctly sometimes while other times, it's not?

Join query return weird result. Sometime its pull correct result & if I execute the same query after 2 mins. Some of ...

by New Member in

Json array to multiple events

virus_type {"Troj/DocDl-QUA": 4, "CXmail/OleDl-AU": 44, "CXmail/EncDoc-B": 6, "Troj/DocDl-QVV": 10, "Troj/DocDl-QVQ...

by Path Finder in

How do I get unique values of different types of events without duplicates?

Hello, I have got events with two different types: Type=First and type=Second I would like to get the consolida...

by Path Finder in

Dashboard - PIE Chart

In PIEchart dashboard, I can view the details of all the slices properly. But while trying to export as PDF.. only 12...

by New Member in

creating JobStatus module in 7.x versions

I created a dashboard and is there any way to add jobstatus module for whole dashboard. Is it also possible to add pr...

by Path Finder in

Transaction mvindex sort order?

Hey Base, I encountered a problem with the transaction command. Here is the scenario: I have a group of 3 corre...

by Path Finder in

How do I combine data from two different sources without the append or the union command?

Hi, is there any way to combine data from two different sources without the append or the union command? I have...

by New Member in

Slack alert in Splunk 6.4 or 6.5.5

Hello all, I am getting the below error when I trigger alert from Slack alert app. I tried from Splunk 6.4 and 6.5...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Drilldown on results of a subsearch not working

How to use a different time range within a subsearch?

How to add % symbol with data labels in charts?

How to get Splunk btool command to return an exact match?

How do you extract a hostname from a source path?

Join Earlier Joins with Later

How to trigger the DMC Alert - Near Critical Disk Usage alert on the monitoring console?

Why am I seeing several thousand skipped searches per day in the Splunk Deployment Monitor app?

Subsearch leading to

How can I make my table results in 3s time intervals?

How can I split JSON into multiple events?

How do I convert epochtime = -1 to a human readable format?

How should I rename a dynamic value after using the timechart count by?

How do I make a query which finds logs where the value for a field matches?

How do I search for events within _indextime?

Is there a way to draw the line of where the cutoff point for outliers is?

How do I extract a value from the the following JSON?

Why is my join query pulling results correctly sometimes while other times, it's not?

Json array to multiple events

How do I get unique values of different types of events without duplicates?

Dashboard - PIE Chart

creating JobStatus module in 7.x versions

Transaction mvindex sort order?

How do I combine data from two different sources without the append or the union command?

Slack alert in Splunk 6.4 or 6.5.5

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6