Splunk Search

Ask a Question

Discussions

Thread Info

How to create Reports from a seed file?

I have six different SPL queries that I run on a specific IP Address. Is it possible to save a search as a report, s...

by New Member in

Lookup search from another index

There are some values of IP addresses from `cim_Authentication_indexes`. This index is for look up. I want...

by Explorer in

How to extract file name from the below raw data?

Hello, Can anyone help me to extract the below file name which is OU_..... from the below raw data. 12:04:19.85 1...

by Explorer in

How to check continuous increase of values of a field.

Please help me on how I can check if the field value is continuously increasing for 3 hours. tried below query but...

by Communicator in

How to exclude search results based on conditions?

I have a below Splunk query which gives me the result. My SPL searches the " eventType IN (security.threat.detecte...

by Loves-to-Learn Lots in

Tempory output storage

Hello, I was aware that splunk is very versatile application which allows the users to manipulate the data is many ...

by Loves-to-Learn Everything in

How to add another field using top limit command?

Hello! I need some help from splunkers!!! I'm using the search index=notable | search status_label=Closed | top...

by Engager in

How to Combine column from multiple search results?

Hello, I have the following search index=wineventlog EventCode=4728 OR EventCode = 4731 OR EventCode...

by Explorer in

I am getting "Could not load lookup=LOOKUP-pulse_connectsecure_action_lookup"

in my search I have no lookup command. Anyone knows why I am getting this error.

by Path Finder in

How to use timechart or bucket span to view the result every 30 mins using below query?

Hi, I want to use timechart or bucket span to view the result every 30 mins using below query. Could you please...

by Engager in

How does rex fails to match files (regex expression works as expected on regex101)?

Hello, There must be something `rex` specific with my query below since it is not extracting the fields, while the re...

by Engager in

How to sort data?

Hello, I wonder if somebody can please help me to sort the following data: Into this table: Any...

by Explorer in

Timezone issue: Is there a search to convert to common utc value?

Timezone issue --------different data is visible to different location users, when I select previous month.. condi...

by Loves-to-Learn Everything in

Rex match if else style

Here are three lines of the file to illustrate what I'm going for: Line from fileDesired fieldURI : https://URL.net...

by Path Finder in

how do I make my macro available all app

I try change permission to all app option but I don't see the option. I s anyother way make my macro available for al...

by Path Finder in

How to create new columns by adding columns from a timechart output?

Good day, I have this SPL: index=test_7d sourcetype= "Ibm:BigFix:CVE" earliest = -1d ...

by Path Finder in

How to outputlookup csv with permission?

Hello,How to outputlookup csv with permission? ***Note that I am not Splunk admin - I only have access to Splunk GUI...

by Builder in

Search performance impact & How to find user deploying high impact searches

Hello Splunkers, I have two questions today, concerning user's queries and performance impact. I couldn't find a c...

by Path Finder in

How to extract fields from logs using rex.

How to extract fields which comes under message and failedRecords.

by Path Finder in

How to use a list of output as the input parameter for a URL?

Dear all, I have a list of latitude and longitude pairs from my observed events and try to get the corresponding s...

by Path Finder in

What is the basic search for detecting Multiple HTTP errors from unique IP?

Hello Splunkers, Can someone help me with a query to detect multiple http errors from single IP , basically when t...

by Explorer in

help on eval command

Hi When I run the command below, it works fine index=toto event_id=4688 | eval file_name=if(event_id==468...

by Motivator in

Why Stats count command is counting events that are missing in other searches?

The first search query returns a count of 26 for domain X : index="web" sourcetype="weblogic_stdout" loglevel IN (...

by Engager in

Why are Splunk queries not returning anything in table?

Splunk queries not returning anything in table. I see events matching for these queries but nothing under 'Statistics...

by Explorer in

how to set specific colors to 3 pie charts trellis with 4 dynamic labels ?

Hi, I'm trying to set a specific color to each one of 4 my dynamic labels of my 3 trellis pie charts. I already a...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to create Reports from a seed file?

Lookup search from another index

How to extract file name from the below raw data?

How to check continuous increase of values of a field.

How to exclude search results based on conditions?

Tempory output storage

How to add another field using top limit command?

How to Combine column from multiple search results?

I am getting "Could not load lookup=LOOKUP-pulse_connectsecure_action_lookup"

How to use timechart or bucket span to view the result every 30 mins using below query?

How does rex fails to match files (regex expression works as expected on regex101)?

How to sort data?

Timezone issue: Is there a search to convert to common utc value?

Rex match if else style

how do I make my macro available all app

How to create new columns by adding columns from a timechart output?

How to outputlookup csv with permission?

Search performance impact & How to find user deploying high impact searches

How to extract fields from logs using rex.

How to use a list of output as the input parameter for a URL?

What is the basic search for detecting Multiple HTTP errors from unique IP?

help on eval command

Why Stats count command is counting events that are missing in other searches?

Why are Splunk queries not returning anything in table?

how to set specific colors to 3 pie charts trellis with 4 dynamic labels ?

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6