Splunk Search

Community Activity

Can I use a lookup table of IP ranges + location names to add a location field to network traffic based on IP range? I have a lookup table of IP ranges with location names. I'm trying to search network traffic and add a "location" fie... by md_zali New Member in Splunk Search 07-04-2018 0 4	0	4
How to color code a bar charts based on a fields value? I am have a search as : index="abc" sourcetype="xyz"\| stats count by status_code. So how can I change the colors o... by Arpmjdr Explorer in Splunk Search 07-04-2018 0 3	0	3
How to calculate the percentage for a trend? Hello in the request below, i try to calculate a trend between 2 report but i try to do this : - if the data of a re... by jip31 Motivator in Splunk Search 07-04-2018 0 3	0	3
How to build a two way table? Hi ! I am trying to build a two way table like : \| \| Male \| Female \| Total \| \| Child \| 2 \| 3 \| ... by Clovisa Path Finder in Splunk Search 07-04-2018 0 2	0	2
Wildcards working for inputlookup but not lookup? Been targeting the same lookup definition and my lookup just refuses to recognize wildcards in my lookup table. My in... by jpawloski Path Finder in Splunk Search 07-03-2018 0 3	0	3
regex not working propoerly /api/v1/user/engines/forecast/xyz?abc=true For the above URL, I want to display the URL in the table till xyz (/api/... by prannoy93singh Engager in Splunk Search 07-03-2018 0 4	0	4
Dashboard query on showing alternate colour based on extracted string Hello all, I'm facing a challenge in getting the dashboard requirement done. This is reading from the log, the log p... by krusovice Path Finder in Splunk Search 07-03-2018 0 2	0	2
How to change stats/chart tabular format output to bar chart? Hi, I want to plot values on x axis with their count on y as a bar chart. Both \|stats count by val and \|chart co... by dhruv101 Path Finder in Splunk Search 07-03-2018 0 4	0	4
Unable to divert events at index time to different sourcetypes from single source Log contains a hodgepodge of different logger events. Using transforms and props I am still unable to assign the sou... by Cuyose Builder in Splunk Search 07-03-2018 0 10	0	10
For multiple single value chart use one drilldown table when all chart having drilldown In my dashboard i have 5 single value chart and all 5 having drilldown so i have 5 drilldown table i want to combine ... by anjneesharma New Member in Splunk Search 07-03-2018 0 5	0	5
Overlaying on chart with a previous years data when x-axis do not match I am displaying some data by Month for 2018/2019 (i.e. 01-2018, 02-2018) on a barchart. Search Query: ( sourcetype=s... by jackreeves Explorer in Splunk Search 07-03-2018 0 1	0	1
How to extract with rex from the beginning of a string to delimiter or the end of line? How do I write a rex command to extract from up to a particular delimiter (such as comma) or (if there is no delimite... by pm771 Communicator in Splunk Search 07-03-2018 1 4	1	4
How to use different time ranges in sub-queries in savedsearches.conf I am using a composite query which has join to another query. I need to use a longer time range in the main/outer que... by isamrat Explorer in Splunk Search 07-03-2018 0 1	0	1
In field extraction, how to do the matching between them and increment the result? Hi everyone, I'm looking to have this result: For that I have 2 lines in my file: Question: Service + IdTransac... by omarka New Member in Splunk Search 07-03-2018 0 11	0	11
Translating string in search string In my search strings I often rename columns using "AS". Is there a way I can expose those as parameters so that when ... by derekf Explorer in Splunk Search 07-03-2018 0 3	0	3
where clause evaluates differently with presence of fields in prior table command I am putting a query to findout all SSH connection between internal network and external network. Logic I am trying... by sdesigowda New Member in Splunk Search 07-03-2018 0 4	0	4
How do you turn this test string into a regular expression Hello How do you convert the following test string to a regular expression, if the test string contains spaces? Beca... by Danielle2018V New Member in Splunk Search 07-03-2018 0 2	0	2
How to plot max system load against the actual load? I have the following simple query: index=os sourcetype=vmstat tag=dcv-na \| eval MaxLoad = 28 \| timechart max(loadA... by jackpal Path Finder in Splunk Search 07-03-2018 0 3	0	3
How can I use the value of previous records field as new field value? I have a tabled data set like: ID Assessment Name Workflow Name Phase Name Process Name Step Name Step Owne... by tkwaller_2 Communicator in Splunk Search 07-03-2018 0 2	0	2
How can I concatenate tables from the same search at different time periods ? Hi, I am trying to compare the top sales of the latest week to the top sales of the previous week. I am trying to ge... by Clovisa Path Finder in Splunk Search 07-03-2018 0 2	0	2
Using Lookups in Splunk with CASE statements I am using CASE statements to evaluate value of msgcode variable below. Can this set of CASE-like statements be repla... by JuhiSaxena Explorer in Splunk Search 07-03-2018 0 2	0	2
Rex field extraction Could someone help me extract the two bold words from the following sample SAMPLE EVENT 1 2018-07-02 08:51:44,648 ht... by zacksoft Contributor in Splunk Search 07-03-2018 0 11	0	11
Multiple stats counts on different criteria Hi all, first question on Splunk Answers. I just finished the Fundamentals I training and am now wanting to do some m... by guythomasdavis Explorer in Splunk Search 07-03-2018 0 4	0	4
How to limit runtime for a search? Hi, Is there a setting to limit max runtime for a search? I don't see anything obvious. by a212830 Champion in Splunk Search 07-03-2018 0 4	0	4
Fetch the latest _raw event I have query which goes like this sourcetype="A" host=B \|rex "^(?:[^ \n]* ){2}(?P<user>\w+)"\|rex "^(?:[^... by zacksoft Contributor in Splunk Search 07-03-2018 0 1	0	1