Splunk Search

Discussions

Thread Info

How do you set up a timechart with multiple rows?

I am trying to setup a timechart and I am a beginner in Splunk. I'd like to show a timechart with two rows, i.e., two...

by Engager in

Extraction: How to split the values and search for specific words?

Hello, I have got a few events with the fields "Information" and "Name". Few events look like below, and I have many ...

by Path Finder in

What is the best way to get the running average and standard deviations for HTTP request character length?

What would be the best way to search for anomalies/outliers for HTTP request character length by source IP? Looking f...

by Influencer in

How to extract multiple values from a multi-value field and use these in a table?

I have a multivalue field (custom_4) separated by dollar signs that I have separated in to separate values with the b...

by New Member in

Timechart as VS Timechart by

Over the last 3 days I was trying to create dashboard with single value + trends. The query was something like thi...

by Path Finder in

Can I REGEX a string and assign to field?

I have Graylog forwarding Windows events and I use this command in my props.conf to parser FIELDALIAS-winlogbeat_...

by Path Finder in

Is there a way to avoid the join command between indexes?

I'm trying to get my head around the alternatives, but can't see how I could get rid of the join in the following que...

by Explorer in

Can someone help me chart JSON values?

I have a JSON just like this. I want to chart data of the values inside values key. The keys of the data in the value...

by Explorer in

Lookup matching question

Hi, I used the code below. In a first version of the code, my code began by | inputlookup append=t NZDL.csv And afte...

by Motivator in

Is it possible to extract dimensions from the source field for metrics imported from CSV files?

We already use a custom CSV formt to report application metrics. The format is very similar to the one introduced in ...

by Communicator in

How to check if the field exists and extract the value?

Hi. I need to use IP Address in iplocation, but O365 returns 2 different logs. one with "ClientIP" field and others w...

by Engager in

Remove CN= string and the rest from my search results

Hi guys! I'm loking for a search like this: source="WinEventLog:Security" name = "A member *group*" Group_Name=...

by Path Finder in

Find Hosts which do their searches in alphabetical order

Hi there I have many log-entries with the two fields "host_address" (an IP address) and "query" (a search query). ...

by Explorer in

How to join two searches that both have subsearches and transactions

I have an index with email data. With it, I have two separate searches that utilize subsearches to put together a set...

by Builder in

Why doesn't "Wrap results" fit to the screen (or is there a way?)

After I perform a search and click the "Format" Icon above the search results, there is an option for "Wrap Results"....

by Contributor in

charts: How can I calculate median for each type on the hourly aggregation?

Dear all, There are three columns with data: time (time scale in steps of 10 minutes) , val (amount of transaction...

by New Member in

How to use stats as a filtered self join?

I have groups of events that have the same GroupID field. For events matching given criteria I need to find anoth...

by Communicator in

Dbxlookup Functioning

When we call a dbxlookup in a search query, does the lookup search for the matching filed values in the entire databa...

by Builder in

From fields values make a table with calculated fields

Hi Everyone, I'm new to Splunk: our Data looks like this: > id;name;Field1;Field2;Field3;Field4;field5;field6;...

by New Member in

Table Row Highlighting, using non numeric

I am using the table_row_highlighting.js and the table_decorations.css from the 'latest Splunk 6.x Dashboard examples...

by Path Finder in

JSON Field Extraction and Charting

I have a sample JSON just like this. {"Domain":"DotComMobile","Metrics":"city","Brooklyn":782,"Bronx":450,"New Yor...

by Explorer in

How do I capture the repeating pattern on multiple lines with REX?

With this dataset, the linebreaker is zone: zone: zone_1wwns 00:00:00:00:00:00:00:01 zone: zone_2wwns...

by Contributor in

Get top combination from a multi value field

Hi, I have a multi value field who has data something like below which has been extracted from some web service. I a...

by Explorer in

Is there a regex available to drop service account events from active directory to be used on the universal forwarder?

Our security events count is in millions and we observed that we have more then 600 service accounts in our environme...

by Communicator in

Visualizations: How do you display all accounts in the same chart at the same time?

How do I display all accounts in the same chart at the same time? There are three accounts！ account1 have 10000...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do you set up a timechart with multiple rows?

Extraction: How to split the values and search for specific words?

What is the best way to get the running average and standard deviations for HTTP request character length?

How to extract multiple values from a multi-value field and use these in a table?

Timechart as VS Timechart by

Can I REGEX a string and assign to field?

Is there a way to avoid the join command between indexes?

Can someone help me chart JSON values?

Lookup matching question

Is it possible to extract dimensions from the source field for metrics imported from CSV files?

How to check if the field exists and extract the value?

Remove CN= string and the rest from my search results

Find Hosts which do their searches in alphabetical order

How to join two searches that both have subsearches and transactions

Why doesn't "Wrap results" fit to the screen (or is there a way?)

charts: How can I calculate median for each type on the hourly aggregation?

How to use stats as a filtered self join?

Dbxlookup Functioning

From fields values make a table with calculated fields

Table Row Highlighting, using non numeric

JSON Field Extraction and Charting

How do I capture the repeating pattern on multiple lines with REX?

Get top combination from a multi value field

Is there a regex available to drop service account events from active directory to be used on the universal forwarder?

Visualizations: How do you display all accounts in the same chart at the same time?

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions