Splunk Search

Discussions

Thread Info

How to extract fields in a file?

I need to extract each filed in "monitoringdata" in file. belo is sample of data: {"@timestamp":"2018-07-27T16:06:...

by Contributor in

Alert suppression

What is the best way to run a search to be alerted/emailed between 4pm-6am M-F, weekend and holidays? Should the sear...

by New Member in

Why is _time is NULL when using JOIN?

I have this search query: | inputlookup "asset-list" | SEARCH PROD_CAT_2="Database" PROD_CAT_3="SQL Server" STATU...

by Path Finder in

How to search with a fixed time span timechart everyday?

I am trying to find my average response time of everyday events (not avg of all the events of that day , but the even...

by Contributor in

Change the color of rows in a table based on text value in Splunk Enterprise v6.4

My Table is as follows RAG status Count Red 1 Amber 4 Green 10 Grey 7 I ...

by Explorer in

Could you help me create a search query which fetches Saved Searches with enabled Email Ids?

We have configured around 700+ Searches and Reports (Saved searches) in our Search Head server and, for most of those...

by Path Finder in

How do you set the order of queries to be run in a Splunk dashboard?

We have 2 different searches which are interrelated. 1st search is called through a macro which publishes its resu...

by Splunk Employee in

How do you set up a timechart with multiple rows?

I am trying to setup a timechart and I am a beginner in Splunk. I'd like to show a timechart with two rows, i.e., two...

by Engager in

Extraction: How to split the values and search for specific words?

Hello, I have got a few events with the fields "Information" and "Name". Few events look like below, and I have many ...

by Path Finder in

What is the best way to get the running average and standard deviations for HTTP request character length?

What would be the best way to search for anomalies/outliers for HTTP request character length by source IP? Looking f...

by Influencer in

How to extract multiple values from a multi-value field and use these in a table?

I have a multivalue field (custom_4) separated by dollar signs that I have separated in to separate values with the b...

by New Member in

Timechart as VS Timechart by

Over the last 3 days I was trying to create dashboard with single value + trends. The query was something like thi...

by Path Finder in

Can I REGEX a string and assign to field?

I have Graylog forwarding Windows events and I use this command in my props.conf to parser FIELDALIAS-winlogbeat_...

by Path Finder in

Is there a way to avoid the join command between indexes?

I'm trying to get my head around the alternatives, but can't see how I could get rid of the join in the following que...

by Explorer in

Can someone help me chart JSON values?

I have a JSON just like this. I want to chart data of the values inside values key. The keys of the data in the value...

by Explorer in

Lookup matching question

Hi, I used the code below. In a first version of the code, my code began by | inputlookup append=t NZDL.csv And afte...

by Motivator in

Is it possible to extract dimensions from the source field for metrics imported from CSV files?

We already use a custom CSV formt to report application metrics. The format is very similar to the one introduced in ...

by Communicator in

How to check if the field exists and extract the value?

Hi. I need to use IP Address in iplocation, but O365 returns 2 different logs. one with "ClientIP" field and others w...

by Engager in

Remove CN= string and the rest from my search results

Hi guys! I'm loking for a search like this: source="WinEventLog:Security" name = "A member *group*" Group_Name=...

by Path Finder in

Find Hosts which do their searches in alphabetical order

Hi there I have many log-entries with the two fields "host_address" (an IP address) and "query" (a search query). ...

by Explorer in

How to join two searches that both have subsearches and transactions

I have an index with email data. With it, I have two separate searches that utilize subsearches to put together a set...

by Builder in

Why doesn't "Wrap results" fit to the screen (or is there a way?)

After I perform a search and click the "Format" Icon above the search results, there is an option for "Wrap Results"....

by Contributor in

charts: How can I calculate median for each type on the hourly aggregation?

Dear all, There are three columns with data: time (time scale in steps of 10 minutes) , val (amount of transaction...

by New Member in

How to use stats as a filtered self join?

I have groups of events that have the same GroupID field. For events matching given criteria I need to find anoth...

by Communicator in

Dbxlookup Functioning

When we call a dbxlookup in a search query, does the lookup search for the matching filed values in the entire databa...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to extract fields in a file?

Alert suppression

Why is _time is NULL when using JOIN?

How to search with a fixed time span timechart everyday?

Change the color of rows in a table based on text value in Splunk Enterprise v6.4

Could you help me create a search query which fetches Saved Searches with enabled Email Ids?

How do you set the order of queries to be run in a Splunk dashboard?

How do you set up a timechart with multiple rows?

Extraction: How to split the values and search for specific words?

What is the best way to get the running average and standard deviations for HTTP request character length?

How to extract multiple values from a multi-value field and use these in a table?

Timechart as VS Timechart by

Can I REGEX a string and assign to field?

Is there a way to avoid the join command between indexes?

Can someone help me chart JSON values?

Lookup matching question

Is it possible to extract dimensions from the source field for metrics imported from CSV files?

How to check if the field exists and extract the value?

Remove CN= string and the rest from my search results

Find Hosts which do their searches in alphabetical order

How to join two searches that both have subsearches and transactions

Why doesn't "Wrap results" fit to the screen (or is there a way?)

charts: How can I calculate median for each type on the hourly aggregation?

How to use stats as a filtered self join?

Dbxlookup Functioning

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Buttercup Games: Further Dashboarding Techniques (Part 5)

Customers Increasingly Choose Splunk for Observability

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...