Splunk Search

Discussions

Thread Info

Multiple Searches with BRO LOGS - Trying to correlate certificate data.

In BRO 2.5.X there are about 3 or 4 log files that have SSL Certificate information: x509.log, ssl.log, conn.log and ...

by Explorer in

How to run two searches and table the results?

Good afternoon Guys, Second question in as many days, but this one is puzzling me and my tiny useless uneducated ...

by Explorer in

tstats in macro without pipe

Hello, is it normal that tstats must be without pipe | to run in a macro? The macro is scheduled. Thanks.

by Motivator in

How can we only see results when they are NOT found?

I have a large CSV lookup table operational and working well but would like to run a search on my data that only show...

by Explorer in

Subsearch in eval not working

I'm trying to get the eval value in subsearch and use it for further searching in the query. I guess there is issue w...

by Communicator in

Increasing the number of ad-hoc searches for the user

Is it possible to increase the number of concurrent ad-hoc searches for the user, without increasing the number of sc...

by Path Finder in

Finding the minimum and maximum value

Hi All, I have 3 files in one index, Cycle 10.csv, Cycle 11.csv, and Cycle 12.csv. All of the 3 files have a "...

by Path Finder in

Can you display a long list using multiple columns to fit more data on the screen

I have a table that has 2 narrow columns. Is there a way to get splunk to display the output in multiple columns of t...

by Path Finder in

how do I know if a search head restart did make my results incomplete?

My admin team frequently needs restart our search heads while I have a long running query still running. When this ha...

by Builder in

Transaction missing fields

I have a search defining a Transaction across (2) different log files. The problem is that some fields (not all) are ...

by Path Finder in

Why does the map command return no results?

Hi everyone, I have a use case where I need to iterate over multiple query strings and execute each of them, so I ...

by Path Finder in

How to change the position of splunk loginform?

HI! Could you help me changing the position of the splunk loginform in the top right corner of the splunk login pa...

by Explorer in

Put the time a the top of a timechart

Hello, How can I have a table like the picture with the time a the top, the type on the right side and a count by dat...

by Explorer in

how can I save rex to IFX?

I am using rex to split an existing field,can I use the same rex in IFX ? | rex field="External ID" "(?.*)_" I ...

by Builder in

Events from 2008 r2 fileshare to splunk

hi All, i have a 2008 r2 server that is a file share, i have setup a universal forwarder to send logs to splunk. T...

by New Member in

How can I run searches against the Splunk API?

I want to run searches against the Splunk API. How can I do this?

by Splunk Employee in

Formatting output in table

Hi all, I've a request to come out with a table with information as below. My query so far is to extract the re...

by Path Finder in

How do I subtract two fields containing %m%d%y format time values to get the age of an event?

I'm trying to create a new field that is the result of the Current Date minus the time stamp when my events were crea...

by Communicator in

How to add a static value to a table with one column?

I'm trying to add a single value to a table I use to dynamically populate a selector in a dashboard. The search I use...

by Communicator in

How to find time range duration or value?

In searching, I understand that I can specify the time range using one of the presets (like "Last 4 hours") or set it...

by Explorer in

How do I chart 2 searches on one chart?

Searches index=nix sourcetype=cpu host="host a" CPU="all" | eval Percent_CPU_Load = 100 - pctIdle | timechart lim...

by Path Finder in

updating geolocation DB

Currently, we are running 6.6.2 and are using the geolite2 DB to do the iplocation mapping. I have read the follo...

by Engager in

How to extract a field with date string values?

I extracted a field SNDateCreated (regex shown below), the values in this field are represented as strings. index...

by Explorer in

How to trigger map only when variable value exists?

This query capture the id from logs and make a search in the database, when there is a id value in logs it works well...

by Communicator in

Universal Forwarder blacklist - Can anyone help with a simple regex?

Hi everyone, On my Universal Forwarder, I'm able to effectively blacklist Windows event codes when I do it based o...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Multiple Searches with BRO LOGS - Trying to correlate certificate data.

How to run two searches and table the results?

tstats in macro without pipe

How can we only see results when they are NOT found?

Subsearch in eval not working

Increasing the number of ad-hoc searches for the user

Finding the minimum and maximum value

Can you display a long list using multiple columns to fit more data on the screen

how do I know if a search head restart did make my results incomplete?

Transaction missing fields

Why does the map command return no results?

How to change the position of splunk loginform?

Put the time a the top of a timechart

how can I save rex to IFX?

Events from 2008 r2 fileshare to splunk

How can I run searches against the Splunk API?

Formatting output in table

How do I subtract two fields containing %m%d%y format time values to get the age of an event?

How to add a static value to a table with one column?

How to find time range duration or value?

How do I chart 2 searches on one chart?

updating geolocation DB

How to extract a field with date string values?

How to trigger map only when variable value exists?

Universal Forwarder blacklist - Can anyone help with a simple regex?

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

New Release | Splunk Cloud Platform 10.1.2507

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions