Splunk Search

Discussions

Thread Info

Why is lookup command not working in Splunk REST API?

I'm consuming data from Splunk REST API endpoints for other purposes. However, it is throwing this error because I us...

by Communicator in

Taking Count of Response Codes by Endpoints with Endpoints listed as rows and Response Codes listed as columns?

Hello,I am new to Splunk. Please help me write a query to get count of response by ServcieName(displayed in rows) and...

by Observer in

How to apply header color based on the header value on the table?

I have 10 columns and want to color header alone with different color codes based on value of the header since column...

by Builder in

How to search to retrieve the host values from the index data that match the host values in the CSV file?

I have an index named "Linux" and a CSV file called "sample.csv" with multiple columns, including "IP" and "Host." ...

by Communicator in

How to discard users that start with a urn:forms:anonymous#?

I have some users that start with urn:forms:anonymous# in my lookupI was trying to to discard them use urn:forms:anon...

by Engager in

How to extract stats in a multivariate field?

I have the following query that sets 'Results' based on the JSON portion of my logs below: index="internallogs"sou...

by Explorer in

How to pass current year and month to search query dynamically?

Hi Team, I am trying to write a search query where it will find the existing filename is present in the logs or...

by Loves-to-Learn in

How to add total median and min to median and min by month?

Hey guys! I need the statistics of a bunch of data by month. And this is done already. search|eval Month=...

by Explorer in

Why is index missing in list of indexes while editing roles?

We are running splunk 9.0.5 We want to add an index to the default indexes for a user role, but the index does not...

by Engager in

How to extract each set of numbers from a string before space and after a ;(semi-colon)?

Hi, I'm trying to extract the matching patterns 35255955, 35226999, 35162846 ...etc untill end of the string with ...

by Path Finder in

How to match email from index with a lookup file.csv ? same "email prefix" but different email domain.

Hi, I'm trying to use index and lookup function. However values in those fields are not an exact match but those emai...

by Engager in

Log file is importing: How to parse the event?

I am getting the log file imported to Splunk, but each line is an event with no field name. Can I break up the line ...

by Path Finder in

Chart logon session duration:hour of day as x axis and day of the month as y axis, duration of session as a line segment

Hi, I have a couple of logs showing user login and logout sessions. I'm trying to display each session of a specif...

by Engager in

How do you make a table that reduces in height when your dashboard search returns no results?

How to change a Simple XML table height when no data is present? The table should be much smaller when no alerts are ...

by Legend in

How to create common name for 3 different fields in an event?

I have event like below and I am trying to create a common field for CI_Name / Hostname /IP_Address and name it as G...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why is lookup command not working in Splunk REST API?

Taking Count of Response Codes by Endpoints with Endpoints listed as rows and Response Codes listed as columns?

How to apply header color based on the header value on the table?

How to search to retrieve the host values from the index data that match the host values in the CSV file?

How to discard users that start with a urn:forms:anonymous#?

How to extract stats in a multivariate field?

How to pass current year and month to search query dynamically?

How to add total median and min to median and min by month?

Why is index missing in list of indexes while editing roles?

How to extract each set of numbers from a string before space and after a ;(semi-colon)?

How to match email from index with a lookup file.csv ? same "email prefix" but different email domain.

Log file is importing: How to parse the event?

Chart logon session duration:hour of day as x axis and day of the month as y axis, duration of session as a line segment

How do you make a table that reduces in height when your dashboard search returns no results?

How to create common name for 3 different fields in an event?

Splunk Lantern | Getting Started with Edge Processor, Machine Learning Toolkit ...

Enterprise Security Content Update (ESCU) | New Releases

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

comparing two searches and calculate the differenc...

Filtering data for stats purpose

5 or more different destination IP, one IDS attack...

StatsBuffer::read: Row is too large for StatsBuffe...

Search based on a previous conditions. Or alert th...