Splunk Search

Discussions

Thread Info

How do I get min/max of a column chart PER field?

I created values for the average CPU, memory and swap memory usage and managed to get it in a column chart. I'd like ...

by Path Finder in

Why does removing a search term reduce the number of results returned?

My data looks like this: { [-] computer_dns_name: computer.domain.com computer_sid: 22264db9ce...

by Explorer in

How do you search a value from one query in another second query?

We have two different search queries with no unique fields and we would like to get the below info: we would like...

by Engager in

How do I break a chart with too many columns into several charts within the same report?

I created a chart with too many columns, like following: source="/abc/def/aaa.log | chart count(eval(searchmatch("...

by New Member in

How do I show the sum of events that occurred before a specific time on a line chart?

I currently have a search that shows a line chart of events according to a "Created" date field, but would like to sh...

by Engager in

Typecast an integer to a float?

by Motivator in

Best practice for dealing with Unicode codepoints in Splunk ?

Dear Splunkers, I face logs, where special characters have been encoded into Unicode codepoints (e. g. \u0301 inst...

by Explorer in

Can someone help me fix my search that uses the sort command?

I'm getting strange behavior with a sort, and wondered if anyone knows why. If I run: index=os source=/var/log/sla...

by Engager in

OR connection with missing fileds

Hello Folks, i have folowing question I have folowing search index=indexA OR index=indexB OR indexC user=alex OR ...

by Explorer in

How do I filter values with at least one zero in time?

Hello! I want to find local IPs that communicate with outside IPs every 5 minutes, for example: ...

by Communicator in

Can you help me with the following conditional streamstats issue?

Hi splunkers, Suppose I have the following table: Date ItemsPurchased UnitPrice 1/1/1111 20 0.5 2/1/1111 10 1 ...

by Explorer in

Can you help me with a regex expression(multiple in one query)?

Trying to capture multiple groups, basically after the colon MacAddress : 7A:AA:82:31:24:B1 Manufac...

by Contributor in

In a search, Is there an alternative for the eventstats command?

I need to find another way instead of eventstats for my search. Is there a way where I can tag the events and add ...

by Explorer in

Is there a way where I can tag events and add another field based on hierarchy?

is there a way where I can tag events and add another field based on hierarchy? For example: Id 1 has different...

by Explorer in

Can you help me to extract a specific event from a log?

Hello In a report, i used the code below in order to search for an error code in my events. But, when a code is...

by Motivator in

In a search, how do you group similar URL patterns?

I am doing a search and evaluating count, avg RT based on some URL patterns. Below are the URLs for my category pages...

by New Member in

Can you help me with my query that uses multiple where conditions?

I have a search to identify when a particular server activates "hardware mode" and doesn't exit within a certain time...

by Path Finder in

How do I return lookup events only if they match certain field values?

Hi, I have two lookup files below: masterinventory.csv type make model year storeID key...

by Communicator in

How to extract values where the field name has multiple spaces?

Hello, I'm trying to figure out a way to extract values where the field has multiple spaces in it. When I do a...

by Explorer in

i have a join query which i need to optimize using OR and Stats, Since i am dealing with timestamp and fetching last(field), i am struggling, Can any one help?

index="index1 sourcetype="sourcetype1" | join deviceId [ search index="index2" sourcetype="sourcetype2" productFamily...

by New Member in

How can I get time picker earliest and latest epoch values before doing a search?

Hi, How can I get 'raw' earliest and latest value before doing search? I need the epoch seconds format, so -1d@...

by Communicator in

How do you show a row count in a dashboard panel?

Hello All I am not sure how to show the row count in my dashboard. I have one panel that searches a list of ho...

by Contributor in

How do I extract the latest occurrence of a field from multiple lines?

Want to capture the latest occurrence of "working_condition_check - status -" which is "Stopped". Please help me ...

by Explorer in

Can you help me use the rex command to parse API's JSON?

I have the following JSON, but I'm not really familiar with Splunk's rex function. I tried this command without succe...

by New Member in

How to calculate the "number of files" field in the table colunm of "Files & directories

Hi, I would like to know how to calculate the "number of files" field in the table colunm of "Files & directories"...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do I get min/max of a column chart PER field?

Why does removing a search term reduce the number of results returned?

How do you search a value from one query in another second query?

How do I break a chart with too many columns into several charts within the same report?

How do I show the sum of events that occurred before a specific time on a line chart?

Typecast an integer to a float?

Best practice for dealing with Unicode codepoints in Splunk ?

Can someone help me fix my search that uses the sort command?

OR connection with missing fileds

How do I filter values with at least one zero in time?

Can you help me with the following conditional streamstats issue?

Can you help me with a regex expression(multiple in one query)?

In a search, Is there an alternative for the eventstats command?

Is there a way where I can tag events and add another field based on hierarchy?

Can you help me to extract a specific event from a log?

In a search, how do you group similar URL patterns?

Can you help me with my query that uses multiple where conditions?

How do I return lookup events only if they match certain field values?

How to extract values where the field name has multiple spaces?

i have a join query which i need to optimize using OR and Stats, Since i am dealing with timestamp and fetching last(field), i am struggling, Can any one help?

How can I get time picker earliest and latest epoch values before doing a search?

How do you show a row count in a dashboard panel?

How do I extract the latest occurrence of a field from multiple lines?

Can you help me use the rex command to parse API's JSON?

How to calculate the "number of files" field in the table colunm of "Files & directories

Uncovering Multi-Account Fraud with Splunk Banking Analytics

Secure Your Future: A Deep Dive into the Compliance and Security Enhancements for the ...

New This Month in Splunk Observability Cloud - Synthetic Monitoring updates, UI ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...