Splunk Search

Thread Info

How do I create a Splunk query that generates an overview of field combinations?

Hi, I'm having difficulty creating a Splunk query that generates an overview of field combinations using regular e...

by New Member in

How can I merge two columns in a timechart?

I'm using the timechart command and I have a chart that looks something like this: _time ...

by Path Finder in

Over a week's timespan, how do I display how many restarts are happening per day on a host?

I am getting a bunch of nulls in my results and I'm not sure why. I am trying to build a graph that will show over a ...

by Explorer in

How do you use the where clause in a cluster map?

I'm trying to make a cluster map in Splunk by their IP address. I grouped the IP by id number, and I want to only...

by Explorer in

Can you help me design an event count summary?

Currently, we have about 100 applications writing about 50 million events to a logging index/sourcetype per day. It w...

by Communicator in

How do you compare the last two recent events for different devices sending data to Splunk?

Hey, i have different devices that are sending temperature data to my Splunk instance. For alarming, I want to com...

by Path Finder in

How to group events and extract a field when grouped events contain a specific value?

We have some overnight jobs that run and log out to Splunk. On top of this, we have a dashboard which groups by the j...

by Engager in

Why are my events not in time order?

We just upgraded our Splunk server to version 7.0. I created a query that has a time range Between 05/19/2018 04:28:0...

by New Member in

Search returning duplicated/wrong results after upgrading to 7.1

For some reason, after upgrading Splunk to 7.1 some searches no longer return the results for certain days; instead o...

by Explorer in

Field name getting reflected in the same field value

While listing out the values of a field in a table, the name of the field is getting listed in the field values. does...

by Path Finder in

Filter consumed event types and/or collect start date?

Hi, Is it possible to configure this app to only collect logs from a particular start date as opposed to all histo...

by Explorer in

Create data table conditinally

My logs are below content : Export of US successfully transferred to FR Import successfully ended on US from expor...

by Contributor in

How do I rename a hostname in Splunk?

Hi, How do I rename hostname in Splunk? I am trying to enroll a particular syslog in Splunk. I want to rename a ho...

by Explorer in

Sorting the data values in a stacked timechart

How do I order the horizontal slices in a stacked timechart by value? The working search string looks like this: ...

by New Member in

How do you rename count of field values conditionally?

Hi, I have below data in below format using stats count command Date - FR GE SP UK NULL 16/11/18 - 0 1 1 1 1 17/11...

by Contributor in

How do I combine multiple rex commands into a single one?

Hello, I am working with some unstructured data so I'm using the rex command to get some fields out of it. I need thr...

by Motivator in

Can you help me build a regex that extracts an IP Address from a log message?

How do I extract an IP address from a log message using regex? All the four octets need to be pulled at a time, re...

by New Member in

How do you make a search that returns hosts that haven't checked in to an external source within a certain time frame?

Hello All, I am relatively new to Splunk and need some help on this search query. I have hosts that are required t...

by New Member in

Could I save the predicted value after using ML model?

As title, I am using Splunk Machine Learning Toolkit now. I'm confused about whether I could save the result of predi...

by Explorer in

How to search a query and a lookup file with common columns?

][1] So, I would like to run my query below(which would return IP Addresses) and match the results to the input fi...

by New Member in

How can I perform math calculations within my XML dashboard?

I would like to use a drilldown token created from clicking a bar on a timechart and add 1800 to the value and use it...

by New Member in

Return message based on what is NOT showing in Subsearch

I have a subsearch returning all files imported per client as the value "Client_File". It's value will look like ABC_...

by Path Finder in

Lookup command - multiple input fields

Hi, is it possible to use more than one input field within a lookup command? The lookuptable looks like this: ...

by Motivator in

Multiple sums in stats query

Hi! I'm attempting to take an existing query and update it to do the following: For the last 24 hours, sum and...

by New Member in

DB Connect Temporal Lookup - does it exist?

Hi. I am trying to figure out how to put together a time based lookup using the DBX conduit, connected to a radiu...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

How do I create a Splunk query that generates an overview of field combinations?

How can I merge two columns in a timechart?

Over a week's timespan, how do I display how many restarts are happening per day on a host?

How do you use the where clause in a cluster map?

Can you help me design an event count summary?

How do you compare the last two recent events for different devices sending data to Splunk?

How to group events and extract a field when grouped events contain a specific value?

Why are my events not in time order?

Search returning duplicated/wrong results after upgrading to 7.1

Field name getting reflected in the same field value

Filter consumed event types and/or collect start date?

Create data table conditinally

How do I rename a hostname in Splunk?

Sorting the data values in a stacked timechart

How do you rename count of field values conditionally?

How do I combine multiple rex commands into a single one?

Can you help me build a regex that extracts an IP Address from a log message?

How do you make a search that returns hosts that haven't checked in to an external source within a certain time frame?

Could I save the predicted value after using ML model?

How to search a query and a lookup file with common columns?

How can I perform math calculations within my XML dashboard?

Return message based on what is NOT showing in Subsearch

Lookup command - multiple input fields

Multiple sums in stats query

DB Connect Temporal Lookup - does it exist?

Detecting Brute Force Account Takeover Fraud with Splunk

Buttercup Games: Further Dashboarding Techniques (Part 9)

Buttercup Games: Further Dashboarding Techniques (Part 8)

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...

Splunk Search

Are you a member of the Splunk Community?

Discussions