Splunk Search

Ask a Question

Discussions

Thread Info

How to filter table results?

Hi all! I have a table as a search result: date Country cs_username 2018-06-12 Mexico mendoza 2018-06-12 ...

by Path Finder in

How to ignore days with no data in timechart?

Hello, I want to be able to ignore days where data was not collected. I am using the following search: index="x...

by Explorer in

can anyone direct me to an autolookup example please?

does anyone know where I might be able to find a 'dummies' guide to autolookup, with a simple example if possible? I ...

by New Member in

Cannot transform string with regex

Hi I am trying to transform a couple of strings that are being capture in my Splunk logs The string are similar...

by New Member in

assign value from subsearch to outer search eval

I want to get a value from subsearch assigned to outer search. I am trying like this index=OUTER sourcetype=OUTER_...

by Path Finder in

Enchance search results with subsearch on different sourcetypes? (DNS src ip & timestamp with DHCP ip & timestamp)

Hello Splunkers! For some time I'm trying to figure out how to feed results of a DNS blacklist check versus DHCP l...

by Explorer in

How do I remove all 1 and 2 character words from a field?

Hello, I have a string field containing many words and I would like to remove all 1 and 2 character words from it. Ho...

by Motivator in

Parameter passing between 2 searches as input as well as output

HI All, I need to give input from search1 to search2 and then get a single result from search 2 with the values fr...

by Communicator in

Why am I seeing Incorrect stats with appendcols/append in a pie chart?

I have been trying to prepare pie chart with proper stats on types of database errors. For some unknown reasons, I am...

by Explorer in

How do I pass in a default value for a single value chart?

How do I pass in a default value for a single value chart? As in I am not looking to search anything for now in the ...

by Path Finder in

Search with multiple trivial 'append' commands taking much longer in Splunk 7.1

We have a dashboard that lists a series of events representing alarms that need to be 'cleared' by the user as non-is...

by Path Finder in

How to create a regex that removes everything after a second underscore?

I have a regex that should remove everything after a second underscore. When I try to search with the regex, it doesn...

by Path Finder in

How to split values within a field that are not separated by any characters?

Hello everyone, I have this field with values that are retrieved withing "" but not separated by any character, and I...

by Path Finder in

append data from two indexes

i have two indexes: index#1 contain raw event log. from this event log i calc for every domain the number of events s...

by Loves-to-Learn in

Getting Duplicate message when doing search for User ID (title)

This is the search I used: |rest /services/authentication/users splunk_server=local |fields title |rename title as u...

by Path Finder in

How to use radio button choices in case statements?

Hi, I have a simple checkbox as shown below - <input type="checkbox" token="eventtype" searchWhenChanged="true...

by Path Finder in

How to drop field name from a lookup table similar to the return function?

Hi All, To give some context, the return function in Splunk when used with a subsearch allows you to drop the fiel...

by New Member in

geostats individual markers (stop binning)

I would like to plot all of my locations on a map, with an individual marker for each one. I know there is binspanlat...

by Explorer in

How to search for average data indexed over 30, 60, 90 days by index?

Splunkers, Looking for a search string that will allow me to use the time picker to see how much data has been ind...

by Path Finder in

Input multiple values into a dashboard input

I want to be able to pass multiple values to a field in a dashboard "Endpoint" . Like in the Endpoint Input I want to...

by Explorer in

Why am I getting "The lookup table '...' does not exist." errors after upgrading from Splunk 6.0.1 to 6.2.1?

These are the errors I am getting: The lookup table 'endpoint_change_object_category_lookup' does not exist. It is...

by New Member in

Retrieve lookup data with JS

Hello splunkers, i'm gonna try to be short, I'm trying to create an HTML homepage for Splunk APP and I've been trying...

by Path Finder in

How to round a millisecond output?

Does anyone know how to round a time readout from 00:07:06.53846153846155 to 00:07:06.54?

by Path Finder in

Avoiding CSV lookup replication errors

I've got a medium-sized (50MB) CSV lookup file with two columns (email address and server name) that I want to use. I...

by Path Finder in

Not able to override default font colour of single-value label field

Hi Team, I am using dark.css in y dashboard and everything is becoming black including the lable font of a single val...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to filter table results?

How to ignore days with no data in timechart?

can anyone direct me to an autolookup example please?

Cannot transform string with regex

assign value from subsearch to outer search eval

Enchance search results with subsearch on different sourcetypes? (DNS src ip & timestamp with DHCP ip & timestamp)

How do I remove all 1 and 2 character words from a field?

Parameter passing between 2 searches as input as well as output

Why am I seeing Incorrect stats with appendcols/append in a pie chart?

How do I pass in a default value for a single value chart?

Search with multiple trivial 'append' commands taking much longer in Splunk 7.1

How to create a regex that removes everything after a second underscore?

How to split values within a field that are not separated by any characters?

append data from two indexes

Getting Duplicate message when doing search for User ID (title)

How to use radio button choices in case statements?

How to drop field name from a lookup table similar to the return function?

geostats individual markers (stop binning)

How to search for average data indexed over 30, 60, 90 days by index?

Input multiple values into a dashboard input

Why am I getting "The lookup table '...' does not exist." errors after upgrading from Splunk 6.0.1 to 6.2.1?

Retrieve lookup data with JS

How to round a millisecond output?

Avoiding CSV lookup replication errors

Not able to override default font colour of single-value label field

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions