Splunk Search

Ask a Question

Discussions

Thread Info

Why is the walklex command not working?

Hello splunkers, I'm trying to visualize one of my .tsidx file with the splunk "walklex" command, in order to see my...

by New Member in

plus and minus in a trend calcul

Hello In this piece of code, i want to add th possibility to display a percent result with + or - before the perce...

by Motivator in

tstats subsearch

Hi, I have a tstats query working perfectly however I need to then cross reference a field returned with the data ...

by New Member in

How to split the value into title and value?

I have a field that I extract to information from Whois this field every value is write so that the title of the valu...

by Loves-to-Learn in

How to group and count together the rows based on some field value in splunk?

Example: I am having a search in my view code and displaying results in the form of table. small example result: cust...

by New Member in

calculate the percentage of sum of volume between current and the previous month

base search... | eval Month = case(Month = "2018-02","Feb",Month = "2018-03","Mar", Month = "2018-04","Apr") | eval m...

by New Member in

extract date from string

Hello I have string from nessus . Wed Jun 6 02:02:10 2018 . I need to extract the date . strftime and strptim...

by New Member in

i have two different searches there is nothing common between both the search, I want to combine both the result as one.

query 1: index=lenovo sourcetype = ticketmaster | where Status in ("Assigned","In-Progress","New","Pending") | stats...

by New Member in

How do I change the names in the popup while keeping the legend names the same?

When we plot a chart like this | chart count time phase Lets say the legend appears as Foo Bar Hey Day ...

by Path Finder in

Dissimilar results between sid & normal search

I am facing a weird issue with sid. I have a saved sid with yesterday's (00:00 to 23:59) data, which is showing a dip...

by Path Finder in

How to search data on multiple days, days which are determined by another search?

I want to determine the top n days of a time period based on a criteria and then get some statistics only on those da...

by Engager in

How do I add time stamp or label onto my timechart to mark a specific time/event?

Hi! I've got a very simple timechart query that pulls up number of user sessions per day. What I want to do is to add...

by Path Finder in

Using the results of one search to perform another

I want to list ALL customers who bought a watch and then use their userId to list out all of their purchases(not limi...

by Path Finder in

Timechart usind the percentage field

Hi, I am trying to build a timechart but only using the "percent" field according to the example search below. Can...

by New Member in

How to exclude multiple time ranges from multiple searches by defining the time ranges only once?

I have a number of services monitored by Splunk, and as the maintenance breaks should be excluded from performance ca...

by Communicator in

What will be the regex for the below?

I need a regex to capture Parameters list i.e. Name, Category, Publisher, Version,Build Release, Branch, Packaging Da...

by Communicator in

Need help in writing a query in Splunk to display the CPU Utilization of the Splunk forwarder (Universal) resources/process running on a Windows Machine

Logs i am receiving from the Windows machine are like below: (Getting just the "instance=_Total" logs) 02/09/2018 ...

by New Member in

Can I use a lookup table of IP ranges + location names to add a location field to network traffic based on IP range?

I have a lookup table of IP ranges with location names. I'm trying to search network traffic and add a "location" fie...

by New Member in

How to color code a bar charts based on a fields value?

I am have a search as : index="abc" sourcetype="xyz"| stats count by status_code. So how can I change the colo...

by Explorer in

How to calculate the percentage for a trend?

Hello in the request below, i try to calculate a trend between 2 report but i try to do this : - if the data of a ...

by Motivator in

How to build a two way table?

by Path Finder in

Wildcards working for inputlookup but not lookup?

Been targeting the same lookup definition and my lookup just refuses to recognize wildcards in my lookup table. My in...

by Path Finder in

regex not working propoerly

/api/v1/user/engines/forecast/xyz?abc=true For the above URL, I want to display the URL in the table till xyz (/ap...

by Engager in

Dashboard query on showing alternate colour based on extracted string

Hello all, I'm facing a challenge in getting the dashboard requirement done. This is reading from the log, the log...

by Path Finder in

How to change stats/chart tabular format output to bar chart?

Hi, I want to plot values on x axis with their count on y as a bar chart. Both |stats count by val and |...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why is the walklex command not working?

plus and minus in a trend calcul

tstats subsearch

How to split the value into title and value?

How to group and count together the rows based on some field value in splunk?

calculate the percentage of sum of volume between current and the previous month

extract date from string

i have two different searches there is nothing common between both the search, I want to combine both the result as one.

How do I change the names in the popup while keeping the legend names the same?

Dissimilar results between sid & normal search

How to search data on multiple days, days which are determined by another search?

How do I add time stamp or label onto my timechart to mark a specific time/event?

Using the results of one search to perform another

Timechart usind the percentage field

How to exclude multiple time ranges from multiple searches by defining the time ranges only once?

What will be the regex for the below?

Need help in writing a query in Splunk to display the CPU Utilization of the Splunk forwarder (Universal) resources/process running on a Windows Machine

Can I use a lookup table of IP ranges + location names to add a location field to network traffic based on IP range?

How to color code a bar charts based on a fields value?

How to calculate the percentage for a trend?

How to build a two way table?

Wildcards working for inputlookup but not lookup?

regex not working propoerly

Dashboard query on showing alternate colour based on extracted string

How to change stats/chart tabular format output to bar chart?

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services

How to check MQ reconnects after a connection is d...

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown