Splunk Search

Discussions

Thread Info

Break Events from a single Event

Hi, I have this weird logging from one of the application where it is logging multiple users in a single event with a...

by Explorer in

Why is there an issue with Enterprise Security access for lookups created by DB Connect?

Hello, We have an issue with the access to lookup tables generated by Splunk DB Connect. The tables are shared for...

by Communicator in

How to do field extraction and event exclusion?

Need help with field extractions. Need to extract the fields in bold. Here are two sample events Sample1 40.156.20...

by Contributor in

External Lookup python script

Hi, I have python script that make query to ip2location. The script work something like that (from IP2Location ...

by New Member in

DB Query with time parameter

Hi! I have installed the DB Connect App and want to use a Query in which I have to pass a time based value as a Pa...

by Communicator in

Change Modal Value of Chart

Is there a way to change value of pop up display when you hover a chart value like in screenshot below. I'm trying...

by Path Finder in

How to change the Y-axis label on a chart overlay?

I have this chart the Y-axis on the right should display time. I added :00 using the JavaScript code below. Proble...

by Path Finder in

How to show a table listing FIELDA values when FIELDB equals 00.000?

Hi all I have read the documentation and tested for hours but I am somehow not grasping how searching works. I hav...

by Explorer in

chart count by Department,Project

Dear ALL, Need your support for calculating Column sum in last column.. I have employee master table.. need sum of...

by Explorer in

Extract pairs of values multiple times but keep pairs together

I have many events that look like this: 18-Jun 10:15:21.236 [ Id: CA15000740, Place: CI21 ], [ Id: CA14105879, Pla...

by Explorer in

How to restrict events based on the time range?

Hello, I have a script which runs every 4 hours and the output is written to Splunk, Everyday six are being writte...

by Path Finder in

Grouping multiple pie charts and adding them in the drop down menu

Hello, I have a couple of dashboards which contains two pie charts of two nodes. I want to merge these dashboards ...

by Path Finder in

Change the Name of Each Column in a Column Chart

Is it possible to change the name of individual columns in Splunk? They're automatically filled in by a field but I ...

by Explorer in

How to find the time delta of each user is taking between different notable status in incident review.

by Explorer in

Eval fields to get count and then chart

I know I'm doing wrong but I cant get it exactly right Here's what I'm trying to do. | eval status=if(QuestionAnsw...

by Communicator in

How to extract the all the field using rex?

How to extract success and fatal into one field and also extract two Fields after FATAL 2018-06-18 02:06:34,606|2...

by Builder in

Comparing values between two different fields in ad-hoc search and inputlookup

Hello Splunkers, I am attempting to match values (IP addresses) between FieldA in a search, and FieldB in an input...

by Explorer in

Search strings which are not starting with ****

Tthere are logs like below three lines user name is "fgt56wer" user name is "****89g4ty5" user name is "jks4qw" ...

by New Member in

Why am I getting an error when doing field extraction with the field extractor tool?

I'm trying to extract a field with the field extractor tool, however, keep getting errors back This is a part of t...

by New Member in

Why are Splunk custom polygons not showing up on a choropleth map?

I was trying to do a Choropleth map with county I found in this blog article. http://blogs.splunk.com/2015/10/01/u...

by Explorer in

Hit limits in the subsearch filters used to boost first pipe search command performance. Alternatives?

Hello! We are using many savedsearches to perform daily detection queries over huge datasets. Concretely, the anat...

by Path Finder in

How to get the field value substring?

I have a field whose values show DNS query information for example: [{"type":"A","**response**":"204.2.232.240","a...

by Loves-to-Learn in

How do you find the average delta of sum of fields in multiple events?

I need to be able to find the average of the daily delta of the sum of all BCP* fields and I am trying to do somethin...

by New Member in

How to escape the end bracket using rex?

I've read the threads on escaping the parens and the such. But I'm trying to do the "]". I thought I would be able to...

by Engager in

Can we use DBconnect lookup for correlation of lookup file data with DB input data before indexing?

Hello, I just want to know if this scenario can be achieved in splunk with DB connect Lookups . I am getting data ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Break Events from a single Event

Why is there an issue with Enterprise Security access for lookups created by DB Connect?

How to do field extraction and event exclusion?

External Lookup python script

DB Query with time parameter

Change Modal Value of Chart

How to change the Y-axis label on a chart overlay?

How to show a table listing FIELDA values when FIELDB equals 00.000?

chart count by Department,Project

Extract pairs of values multiple times but keep pairs together

How to restrict events based on the time range?

Grouping multiple pie charts and adding them in the drop down menu

Change the Name of Each Column in a Column Chart

How to find the time delta of each user is taking between different notable status in incident review.

Eval fields to get count and then chart

How to extract the all the field using rex?

Comparing values between two different fields in ad-hoc search and inputlookup

Search strings which are not starting with ****

Why am I getting an error when doing field extraction with the field extractor tool?

Why are Splunk custom polygons not showing up on a choropleth map?

Hit limits in the subsearch filters used to boost first pipe search command performance. Alternatives?

How to get the field value substring?

How do you find the average delta of sum of fields in multiple events?

How to escape the end bracket using rex?

Can we use DBconnect lookup for correlation of lookup file data with DB input data before indexing?

Observability Release Update: AI Assistant, AppD + Observability Cloud Integrations & ...

Stay Connected: Your Guide to February Tech Talks, Office Hours, and Webinars!

Preparing your Splunk Environment for OpenSSL3

field extraction

Replicating the Output of a Field Popup/Bubble?

tstats with | search()

Search for triggered save searches and their actio...

MLTKC error for 'Functional' object has no attribu...