Splunk Search

Discussions

Thread Info

Why is an unknown value showing up in my search?

One of my dashboards reflects some data which actually isn't present in the data input. It might have been present be...

by Path Finder in

How can I build a regex to extract xml field value?

I want to extract XML field value ItemType and ItemNo from following XML. How can I build the Regular expression? ...

by Path Finder in

Problem with agent

Hi Splunk Team. I have a problem with the agent as follows: I added a monitor to the directory, then 2 hours I ...

by New Member in

get the list of keyword values which is present in one query and not present in second query

we have two queries . both the queries have same keyword with value.so we would like to list the values of the keywor...

by Engager in

How to average fields together across multiple columns grouped together by the field name containing a specific string ?

I am trying to average fields together across multiple columns based on a specific string (A_Field and B_Field) Fo...

by Engager in

calculate concurrency of transactions

Hi Splunk people. I am trying to map the number of concurrent transactions. This is not exactly the same than the ...

by Splunk Employee in

How do you calculate the time between events with the streamstats command?

Hello guys, I have data like this using Splunk 7.1 and I would like to calculate minutes between start and end of ...

by Motivator in

Joining values from two indexes and returning just specific values

Hello fellow Splunkers I'm trying to figure out how to join values from 2 indexes and return one field (from one o...

by Path Finder in

Cisco WSA - the WSA TA add on App(verison 3.3) is not extracting fields

I am using souretype cisco:wsa:squid, however I tried all the cisco:wsa:w3c as well, no luck so far? No sure where am...

by New Member in

What is the difference between format and return in subsearch?

i am new to Splunk. Please let me know when to use format and return in a Splunk subsearch.

by New Member in

How do I pass a single value query output to a field?

I have a requirement to print the source count from how many hosts we are collecting. Expected output: source_coun...

by Communicator in

How do I extract the following fields using the rex command?

I want to extract Balance (Entered)="10008.1311701944" and Balance (Functional)="11648.1319999944" fields from below ...

by Explorer in

In the following Splunk search, how can I only show those users that had a count > 1 in any given _time period?

Given the following: index=myindex source=mysource MYSEARCHTERM | stats count by _time MyField Which gives th...

by Path Finder in

Can anyone help with how to access properties of Splunk inputs like link list

Can anyone help with how to access style properties of Splunk inputs like 1. link list 2. Radio Button 3. Dropdown 4...

by Path Finder in

timechart issiue

Hi , i have 3 fields host , swapfree, memoryfree in my index i want to display count like this : timechart spa...

by Path Finder in

Datamodel is giving results outside of the constraints given in Summary Range

I have accelerated my data model for 7 days period and Rebuild the datamodel. After its completion, I have executed ...

by Explorer in

Why doesn't my columnchart show all events?

For monitoring purposes I have a columnchart showing the number of events per minute for the last 30 minutes ("30 min...

by New Member in

How do I get data from a stats table to send as a token?

Hi , I have a table with a single data value inside. |makeresults |eval value=1 I just want to get the...

by Builder in

Why does the "transaction" command return different results by search mode(fast,smart,verbose) OR whether using optimization?

My environment : splunk stand-alone ver7.1.4 *I found same phenomenon in ver7.1.3 I executed search below by using...

by Builder in

Grouping panels from different rows into one panel?

Need your help friends. I have data appear as mentioned below. But i have requirement that instead of displaying s...

by Builder in

How to search for and trigger an email alert when there are no logs generated in a directory?

I am needing to create an Alert to run every 30 minutes to monitor the file size of all the log files in a directory ...

by New Member in

Predict Command - Alert when value breaches upper95

Hi All, I'm trying to write a search that looks at creating an alert where there is a significant spike in HTTP PO...

by Communicator in

Predict Command: Endpoint Communicating with Excessive Hosts

Hi team, I hope that we are all well? I'm looking to develop a use case designed to identify where an endpoint ...

by Communicator in

How can I obtain a list of values returned by one query, but not another?

I have one query that returns SESSION_IDs of attempted orders: index=my_index "abc" | rex field=_raw "(?<SESSION_I...

by Path Finder in

How do you join a field which does not exist in the subsearch?

I need help with the following scenario. I want to join one of the fields of the main search to the sub search,l w...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why is an unknown value showing up in my search?

How can I build a regex to extract xml field value?

Problem with agent

get the list of keyword values which is present in one query and not present in second query

How to average fields together across multiple columns grouped together by the field name containing a specific string ?

calculate concurrency of transactions

How do you calculate the time between events with the streamstats command?

Joining values from two indexes and returning just specific values

Cisco WSA - the WSA TA add on App(verison 3.3) is not extracting fields

What is the difference between format and return in subsearch?

How do I pass a single value query output to a field?

How do I extract the following fields using the rex command?

In the following Splunk search, how can I only show those users that had a count > 1 in any given _time period?

Can anyone help with how to access properties of Splunk inputs like link list

timechart issiue

Datamodel is giving results outside of the constraints given in Summary Range

Why doesn't my columnchart show all events?

How do I get data from a stats table to send as a token?

Why does the "transaction" command return different results by search mode(fast,smart,verbose) OR whether using optimization?

Grouping panels from different rows into one panel?

How to search for and trigger an email alert when there are no logs generated in a directory?

Predict Command - Alert when value breaches upper95

Predict Command: Endpoint Communicating with Excessive Hosts

How can I obtain a list of values returned by one query, but not another?

How do you join a field which does not exist in the subsearch?

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Buttercup Games: Further Dashboarding Techniques (Part 5)

Customers Increasingly Choose Splunk for Observability

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...