Splunk Search

Ask a Question

Discussions

Thread Info

Data Exfiltration via E-Mail

Hey everyone, I am currently trying to write a search that monitors outgoing E-Mail traffic. The goal is to see if ...

by New Member in

Get values Time range

I have a survey that has a date field deletion_date. How can I filter this field by theTime range? sour...

by Explorer in

How to display 2 fields from different sources into a table?

Hi all, I have the following query: index=wineventlog source=wineventlog:security EventCode=4688 [search inde...

by Explorer in

Display all results if text field is * , or partials results based on any part of phone number entered

I'm trying to have the dashboard return all results if the text field is * or return all phone numbers with a partial...

by Observer in

How to replicate a kvstore from a Splunk HF to the SHC?

I am reviewing a previously created lookup that is based on a KV-store collection. There is a custom script (contai...

by Communicator in

How can I hide '_time' field from report table?

by Path Finder in

Run lookup before streaming command (anomaly)

Hello Team, I need to run anomaly command on the top of results returned by the lookup. My lookup is geo: enrichi...

by Path Finder in

How to create bins of values surround a single event

Good day, I'm trying to think of how I can write a search to find a specific event and then take all the events...

by Path Finder in

max values from two weeks using timechart

Hello Everyone, i have a dataset where I'm generating a column of number of servers per day. using a timechart com...

by Explorer in

Mvexpand

Hello I have this search | inputlookup defender_onboard.csv| fillnull value=NA| search Region="***" 4LetCode="*"| s...

by Path Finder in

Savedsearch next scheduled time is different from cron schedule set

Hi All,I have scheduled a splunk report to run at 11 AM IST everyday (cron schedule : 0 11 * * *). Search Head time z...

by Path Finder in

drilldown and panel depend not working when clicking chart

Hi, I am doing an initial search based off of initial field inputs within a dashboard. The issue I am having is af...

by Explorer in

Question regarding search using IN

Hello: I have a query that extracts a set of 5 request_ids based on certain criteria. I then need to include these...

by New Member in

Multiselect filter. Select all matches in classic dashboard.

Hi Splunkers :-), We have nice feature it dashboard studio - "Select all matches" in multiselect filter. But, unf...

by Path Finder in

Can not configure any external lookup - can not find executable

Hello Team Splunk 9.4.0. Running as root. All in one. Seems super simple problem. I am not able to have maxmind l...

by Path Finder in

Large JSON payloads don't always perform field extractions

I have some rather large json data payloads being sent over to Splunk. I've seen payloads around 1MB in size. It took...

by Explorer in

Need help in query

Need help for the below Query index=na sourcetype=na:co state=down host_state_type="HARD" [| tstats prestats=f values...

by Path Finder in

Replace in SPL2 not working like SPL

Hi, I am having trouble getting replace to work correctly in Ingest Processor and have this example. In SPL I can...

by Path Finder in

Determine which site's search is taking time

I have a multisite setup. Each site has 3-4 indexers, with a Replication Factor = 2. Search Factor is = 1. When q...

by Engager in

spl qquery

Hi Need help in finding DistinctAdminUserCount and DistinctAdminUserNames of each associated Name inside test or pr...

by Communicator in

matching hostnames issue

Hi i have a list of servers coming from two different sources list A has server without domain names and list B has...

by Explorer in

Wildcard in the middle of hostname

Below is my search | inputlookup uf_ssl_kv_lookup| search hostname=AB100*TILL* hostname!=AB100*TILL100 hostname...

by Engager in

Search numbers of messages received by application based on json message

Hello All, This is my first post . I have just started learning writing splunk query . Ok so we have one ap...

by Observer in

How to Improve a search with Join or suggest alternate way

Hello, I'm trying to join based on a common field using a similar query like below, however, the in the result i on...

by Explorer in

Odd Behavior using tstats with a datamodel

Splunk: 8.0.3 (I know its old we're working on approvals to upgrade)We’re receiving behavior I have never encountered...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Data Exfiltration via E-Mail

Get values Time range

How to display 2 fields from different sources into a table?

Display all results if text field is * , or partials results based on any part of phone number entered

How to replicate a kvstore from a Splunk HF to the SHC?

How can I hide '_time' field from report table?

Run lookup before streaming command (anomaly)

How to create bins of values surround a single event

max values from two weeks using timechart

Mvexpand

Savedsearch next scheduled time is different from cron schedule set

drilldown and panel depend not working when clicking chart

Question regarding search using IN

Multiselect filter. Select all matches in classic dashboard.

Can not configure any external lookup - can not find executable

Large JSON payloads don't always perform field extractions

Need help in query

Replace in SPL2 not working like SPL

Determine which site's search is taking time

spl qquery

matching hostnames issue

Wildcard in the middle of hostname

Search numbers of messages received by application based on json message

How to Improve a search with Join or suggest alternate way

Odd Behavior using tstats with a datamodel

What’s New in Splunk Enterprise 9.4: Tools for Digital Resilience

Get Schooled with Splunk Education: Explore Our Latest Courses

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...