Splunk Search

Ask a Question

Discussions

Thread Info

Why am I losing table formatting when using the replace command?

Hello, I have a search that i want to take zeros off of. But, when i do it with replace, it loses its table forma...

by Path Finder in

Timechart, 2nd field value on the chart

I have a timechart, But I've liked to display another field value directly on one chart line. (see the picture) ...

by New Member in

Using the inputlookup command, how do I get a "Null result" or "0" as output for rows which are not selected in a time range?

After applying the time range 01/10/2018 to 05/10/2018, I am not able to get s3,s5 in output. I am getting output ...

by Engager in

How do you group two queries from different sourcetypes and events?

Hello. I am having trouble with a complicated query. Here's what I'm trying to do: We have events from IIS w3svc1 ...

by Builder in

In a Splunk search, how do I modify the date so that the week numbers match up to actual week numbers in Calendar?

I have the following query: | eval week=relative_time(_time,"@w1") | eval week=strftime(week,"%m%d %V") | stats su...

by Path Finder in

How do I Hide Table Headers?

I'm trying to hide some table headers in a dashboard. Below is my javascript code: require(['jquery', 'splunkjs/mv...

by Explorer in

How to convert the GMT timezone to EST timezone at search time?

Hi, I have a field named "statusChanged" as shown below. I need to convert this (GMT) to EST . please help on the ...

by Communicator in

When converting time to epoch, why am I getting weird results?

Hi All, I am experiencing somewhat weird results when converting time to epoch in our Splunk environment. I tried ...

by Path Finder in

How can i separate Total row in sorting so Total row will not be taken affect when the sort caret is clicked in the header

Here are the example images That is the example output then the second one should not be like this Th...

by Path Finder in

How do I search for multiple files in Splunk?

I have one Excel sheet in which there are around 1150 bum IDs. One of example given below. bum_id a62f1ede-e3c2-41...

by Communicator in

How do I alert if cpu is greater than 97% for more than 15m?

Splunkers, Looking for some kind of time modifier that will allow the following alert to fire only if CPU has been...

by Path Finder in

What is the Splunk regular expression to remove characters/number after second space?

i want the data to be deleted after a second space. EX:data is like this "lenovo thinkcentre 6.7" and i want "leno...

by Builder in

After upgrading our Splunk version from 6.5 to 7.0.3, why did some rex queries in our dashboards stop working?

We recently upgraded our Splunk version from 6.5 to 7.0.3 and this then caused some rex queries in dashboards to stop...

by New Member in

Can you help me make a timechart that calculates work hours for employees?

Hi all, I need to make a bunch of graphs for days, weeks and months per employee. But first things first, i nee...

by Communicator in

Can you help me change the format of this date field?

I have a modify date field in my ingested data. The date format of this field is MMDDYY with no "/" or "-". Is th...

by Explorer in

How do you create a regex expression which creates a field and returns text after a backslash?

Hey, i need assistance in trying to figure out how to create a field and extract the text after that. I am not sur...

by Explorer in

How to compare two columns in splunk such that it compares the values of one server with values for different other servers and stop untill it gets a different value and display the message as "Not same"?

I want to compare two columns in splunk such that it compares the values of one server with values for different othe...

by Communicator in

How do I group per N minutes and remove duplicates within those?

The inital search is this: index=myindex myapplication UID=* IDX=* IDOK=* | dedup IDX | table _time,UID,IDX,IDO...

by Contributor in

Can you help me with the following stats data query?

Hello, I use the request below index=windows sourcetype="wineventlog:system" SourceName="Disk" (EventCode=7 OR ...

by Motivator in

How can I use SDK or RESTfulAPI to retrieve the SPL definition inside a panel of a dashboard?

by Splunk Employee in

Histogram of transaction durations

Hi, I have this query that finds the duration of the transaction times. index=wholesale_app buildTarget=* prod...

by Motivator in

With the transaction command, how do I get the duration between the first startswith to the last endswith?

query like below: | transaction startswith="Init" endswith="FINISHED" by ip | table duration ip Each IP has mu...

by Path Finder in

How do I count each value of a multi-value field and show the top 30 with percentage?

Dear Community, So far, I have gone through the posted QnAs, but haven't yet found a way to make it work with my d...

by Explorer in

How do you extract fields from an existing field's value?

I have a field that contains one long string looks like below 18/10/2018 03:42:26 - Chirs Lee (Work notes) comment...

by Communicator in

Can you help me use the inputlookup command to return results from one table but not another?

I have two tables. How can I use the inputlookup command so I only get results of the entries that are NOT in the 2nd...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why am I losing table formatting when using the replace command?

Timechart, 2nd field value on the chart

Using the inputlookup command, how do I get a "Null result" or "0" as output for rows which are not selected in a time range?

How do you group two queries from different sourcetypes and events?

In a Splunk search, how do I modify the date so that the week numbers match up to actual week numbers in Calendar?

How do I Hide Table Headers?

How to convert the GMT timezone to EST timezone at search time?

When converting time to epoch, why am I getting weird results?

How can i separate Total row in sorting so Total row will not be taken affect when the sort caret is clicked in the header

How do I search for multiple files in Splunk?

How do I alert if cpu is greater than 97% for more than 15m?

What is the Splunk regular expression to remove characters/number after second space?

After upgrading our Splunk version from 6.5 to 7.0.3, why did some rex queries in our dashboards stop working?

Can you help me make a timechart that calculates work hours for employees?

Can you help me change the format of this date field?

How do you create a regex expression which creates a field and returns text after a backslash?

How to compare two columns in splunk such that it compares the values of one server with values for different other servers and stop untill it gets a different value and display the message as "Not same"?

How do I group per N minutes and remove duplicates within those?

Can you help me with the following stats data query?

How can I use SDK or RESTfulAPI to retrieve the SPL definition inside a panel of a dashboard?

Histogram of transaction durations

With the transaction command, how do I get the duration between the first startswith to the last endswith?

How do I count each value of a multi-value field and show the top 30 with percentage?

How do you extract fields from an existing field's value?

Can you help me use the inputlookup command to return results from one table but not another?

Developer Spotlight with Brett Adams

Index This | What can you do to make 55,555 equal 500?

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...