Splunk Search

Ask a Question

Discussions

Thread Info

extracting eval for reuse in other searches

Hi I have a dashboard which shows metrics for an API. It has a graph for response times, tables for min max averag...

by New Member in

Creating a User profile who has access to monitoring console only

Hi All, I checked all the options in Splunk and I am unable to find an option for creating a user with a a role wh...

by New Member in

How to write regex to select specific fields on a search?

hi below is my search, when I do search for Error this is what I get; then I run this search to create "Me...

by Contributor in

how to Union 4 searches with 4 field name

Hi, Good day! have this search: | union [| pivot latest(field0) AS field0 SPLITROW field4 AS field4 ...

by New Member in

When using two lookups in a single search, I'm unable to value from the second lookup. How do I do that?

by Path Finder in

Add a column with a count of unique IP's to a chart

Hi@all, i'm new a splunk and been trying to figure out this for a while now. But for me it is not possible to add ...

by Engager in

lookup file csv

i have a search in splunk search dest_ip=10.10.20.3 OR dest_ip=10.2.3.5 OR dest_ip=10.6.7.4 OR dest_ip=10.0.4.6 . ...

by Path Finder in

need to show completion percentage with the following query

the following produces all of the other stats except completion percentage sourcetype=access_combined | transactio...

by Path Finder in

DNS Names in Events

Hi there, We are migrating from Kiwi syslog and one of the things Kiwi can do is show hostnames instead of IP addr...

by Path Finder in

"outputlookup" vs "action.populate_lookup"?

I'm trying to figure out some discrepancies between the outputlookup search command and the action.populate_lookup sa...

by Super Champion in

How to count from raw lines?

I have a lot of RAW data with this format: date_time,serverA,down date_time,serverB,down date_time,serverA,down date_...

by Engager in

How to build a table from two index sources with a common id

I am completely new to splunk so correct me if i am wrong i have 2 sources of data which contains status codes for th...

by Engager in

Extract multiple file names from email attachments

Trying to extract all email attachments file names. I am no good with Rex/Regex, so I used the automatic extraction i...

by Explorer in

Upgrade from 6.5.2 to 7.0.2 - Process

Just wondering if there is a staged upgrade process for going from 6.5.2 to 7.0.2. Do we have to go to 6.6.0 firs...

by New Member in

How to find queued jobs from audit.log?

Hello, is there a way I can find if a particular job was queued by looking at the audit logs? I never see the status ...

by Explorer in

count of values per event

Hi All , i have an event as below Date first seen Duration Proto Src IP Addr:Port Dst IP Addr:Port Packets Byte...

by Explorer in

How do I remove specific characters from a string?

For example, I have a string "agreementinquiry-web-2.0.3". My result should only have "agreementinquiry".

by New Member in

Counting an event and then averaging it over a month

Hello I'm very new to Splunk and have so far been consuming data as .csv files in order to test things out. I hav...

by Engager in

How to count a pattern in one cell

Hi I have the following data written to one field. When i run source_SERVICES_count=mvcount(source_SERVICES) ...

by Influencer in

How to write the regex to extract a field with optional end anchors?

I haven't a clue why I cannot find this particular issue. I would think it would come up all the time. I want to extr...

by Builder in

Using search result(s) in a second, separate search

Hi All, I am looking to create a dashboard to support ongoing investigations. This dashboard will have many panels...

by Communicator in

How to exclude duplicate field values from different fields

Hi All, I am writing a search string for Windows, which should return events where a privileged user (Source_User)...

by Communicator in

Discrepancy between raw search and accelerated data model search

I have a customer who has tasked me with coming up with a strategy for monitoring that the output of data model searc...

by Builder in

How do I independantly scale x-axis in charts in Trellis?

Hello Splunk Community, I'm trying to display multiple charts of data with Trellis. Example: Chart 1 will have a x-ax...

by New Member in

Add a custom field at index time based on sourcetype or index name

Hi everyone. I've been going back and forth through the docs and other answers posted here, but nothing definitive in...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

extracting eval for reuse in other searches

Creating a User profile who has access to monitoring console only

How to write regex to select specific fields on a search?

how to Union 4 searches with 4 field name

When using two lookups in a single search, I'm unable to value from the second lookup. How do I do that?

Add a column with a count of unique IP's to a chart

lookup file csv

need to show completion percentage with the following query

DNS Names in Events

"outputlookup" vs "action.populate_lookup"?

How to count from raw lines?

How to build a table from two index sources with a common id

Extract multiple file names from email attachments

Upgrade from 6.5.2 to 7.0.2 - Process

How to find queued jobs from audit.log?

count of values per event

How do I remove specific characters from a string?

Counting an event and then averaging it over a month

How to count a pattern in one cell

How to write the regex to extract a field with optional end anchors?

Using search result(s) in a second, separate search

How to exclude duplicate field values from different fields

Discrepancy between raw search and accelerated data model search

How do I independantly scale x-axis in charts in Trellis?

Add a custom field at index time based on sourcetype or index name

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...