Splunk Search

Ask a Question

Discussions

Thread Info

How to find difference in field total over time?

I have event data in below format: Sep 15 2017 07:06:07 app=yahoo dataconsumed=50 Sep 15 2017 08:16:07 ap...

by Explorer in

Is there any more accurate way to correlate it?

Good moring,everyone. I have some events. They come from the same sourcetype.I want to get a detailed registration...

by Communicator in

Stats table manipulation

I created the following search to audit the changes made to our network infrastructure: (index=ise Protocol=Tacacs ME...

by Builder in

Align the first column of the table

Hi Team, I have a table in the dashboard, wherein i want first column to be left aligned and rest all the columns ...

by Communicator in

Rex to optionally extract several fields

I have the need to extract fields between single quotes ( '192.168.0.1', '192.168.0.2') in a field that may contain s...

by Communicator in

Displaying Search peer

Hi Splunkers , In my environment , I have three indexers and two search head in which one is master license server...

by Communicator in

Why does the Splunk Java SDK always return 500k results, but I get 800k results in Splunk Web?

The job returns 800k results in Splunk Web, whereas the Java API always returns 500k.

by Explorer in

Need help with a complicated field-extraction via regex

want to extract a field in splunk however Splunk Regex won't work so I am writing my own Regex. However I am struggli...

by Explorer in

How to distribute an event among many time buckets taking into account the duration of the event?

I have a group of entries that has start_time, end_time , duration and name. Some of them are concurrent some of the...

by Path Finder in

Dashboard Title - Display date as DD/MM/YYYY

Hello there, idk how to display the date in the title of the dashboard format as DD/MM/YYYY, not in epoch format ...

by Path Finder in

Chart Help

index="all_eqt" | stats sum(TotalSquareYards) as TSY by ShopOrder DefectDescription| table ShopOrder DefectDescriptio...

by Path Finder in

Bar chart with single bar does not display

We have horizontal bar charts on our dashboards and when SPL is filtered down to single bar the bar is not displayed....

by Contributor in

Writing reqular expressions

Please help me in writing the regular expression for the below: 2017-11-17 14:20:03 DueDate="11/17/2017", Identifi...

by Explorer in

When should I use search_optimization?

I don't understand when "search_optimization" will be used. And like below situation, there is the scene that search ...

by Builder in

How to use timebased lookup table?

I defined a lookup table as timebased config in transforms.conf as below [swipeR.csv] batch_index_query = 0 case_...

by Communicator in

How to timechart requests count with SLA and latency

How to timechart requests count with SLA and latency based on the time mentioned in the logs. I need to know how many...

by New Member in

how to add more than one matching criteria while getting the count

Hi @somesoni2 Can you help me with a simple search i have following requirement from a single input lookup file...

by Communicator in

Error in multiselect - Could not create search

Below is the code for multiselect which gets populated dynamically based on user selection. The Search query seems to...

by Communicator in

Can a Splunk search call a Python script to perform data manipulation?

Hello, Before I waste too much time trying to get this to work, I'd like to know whether a Splunk search can call ...

by Motivator in

Why am I getting errors writing a query after installing Splunk DB Connect and connecting to Oracle database?

Hello, I have installed splunk db connnect app and connecting to oracle database i am trying to write query selec...

by Contributor in

custom span in timechart

Hi there, I have a set of events say 8 records. One record of particular date and other 7 records of past 7 days. whe...

by Communicator in

Is there a way of ensuring every event has a specific field?

Hi guys, My goal is to use the map command look over all ip addresses and mac addresses that have had the value po...

by Communicator in

timechart - how do I combine these two charts into one?

I have the following query: ... | timechart avg(Latency) Can I combine this with: ... | timechart count by ...

by Engager in

CPU Utilization Query

I am using this query to Fetch CPU Utilization details index=os sourcetype="cpu" | multikv forceheader=1 | eval hu...

by New Member in

Prevent Wildcard In User Input

Hi everyone, I've developed a dashboard with text input for my user. However, I do not want my users to use wildca...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to find difference in field total over time?

Is there any more accurate way to correlate it?

Stats table manipulation

Align the first column of the table

Rex to optionally extract several fields

Displaying Search peer

Why does the Splunk Java SDK always return 500k results, but I get 800k results in Splunk Web?

Need help with a complicated field-extraction via regex

How to distribute an event among many time buckets taking into account the duration of the event?

Dashboard Title - Display date as DD/MM/YYYY

Chart Help

Bar chart with single bar does not display

Writing reqular expressions

When should I use search_optimization?

How to use timebased lookup table?

How to timechart requests count with SLA and latency

how to add more than one matching criteria while getting the count

Error in multiselect - Could not create search

Can a Splunk search call a Python script to perform data manipulation?

Why am I getting errors writing a query after installing Splunk DB Connect and connecting to Oracle database?

custom span in timechart

Is there a way of ensuring every event has a specific field?

timechart - how do I combine these two charts into one?

CPU Utilization Query

Prevent Wildcard In User Input

How to Monitor Google Kubernetes Engine (GKE)

Index This | How can you make 45 using only 4?

Splunk Education Goes to Washington | Splunk GovSummit 2024

How to compare success/failure by status

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data