Splunk Search

Ask a Question

Discussions

Thread Info

How to subtract one date from another?

I hold a list of two dates that I want to subtract one from another these dates are an outcome from: |convert timefo...

by New Member in

How do to a "dedup" on a single event?

I have events which have multiple of the same fields but with different values. E.g; Event 1: deviceName="device1"...

by Communicator in

How to perform search only using PhoneNum?

I have 2 sourcetypes: Eg. sourcetypeA has fields such as ServiceProvider, GroupID, DeviceUsed, DeviceSerialNum source...

by New Member in

Simple Column sorting (with variable column name)

Hi Guys context: i want a table grouped by region, count per region and quarter in a table for example Region, C...

by Path Finder in

How to add a new column to existing stats result after performing a calculation on each value in a column ?

Hi I am new to splunk and still exploring it. How do i create a new result set after performing some calculation on e...

by New Member in

Can I create a threat intelligence lookup that automatically updates the list of known, bad ip addresses from threat intel websites?

I'd like to be able to create lookups of known bad ip addresses (SANS, BOGON, etc) and have the lookups update automa...

by New Member in

How to remove duplicate events in INDEX , not on Search ?

I do have many data including duplicate data , and i want to remove duplicate data from the index , without using the...

by Builder in

Jirarest add-on returning a subset of results

I'm using the Jirarest add-on in the following way, passing through a specific search (sometimes with changelog): ...

by Explorer in

Join two searches that have no fields in common and take the sum of a field from one search + field from the other search

Goal: Build a dashboard that reports on the overall status of a product based on the status of the various services t...

by Engager in

Calculate Days from current date custom date

Hi All, Need help on below query to calculate ticket age from ticket creation date with current date. Please help ...

by Path Finder in

Lookup table query of critical assets

I created a csv file critical.csv with a list of critical assets, and uploaded the lookup table into Splunk. How woul...

by Path Finder in

Return host name in search even if no results are found

Hey, I am very new to Splunk so apologies if this is a very simple question. Currently Splunk is monitoring app...

by New Member in

exclude logs from being tagged

Hello, I'm trying to eliminate the "unknown action, hosts" etc. there is some log's that don't contain an Action, ...

by Engager in

Can I use a wildcard in the field to create a table of hostnames that match entries in the lookup table?

Have seen a lot of Q&A about wildcards in the lookup table; this is the reverse. Here is the scenario. Lookup tabl...

by Explorer in

Subsearch help - find the events from one source type based on the input searched from other source type.

I want to find the number of events occurring in sourcetype=B based on the distinct Device_MAC_Address searched from ...

by New Member in

Has CIDR matching has changed between 6.3.x and 7.x?

So I was doing some debugging for someone on CIDR matching and appeared to get inconsistent results between versions ...

by Path Finder in

evaluate if date field dd/mm is older than 5 working days.

I have case such as : if date is older than 5 working (eg if today is Thursday 19th, then anything older than Thur...

by New Member in

Number of pages visited by each IP

Hi, I am new in splunk and I would like to search for some info in my Logfile. I am just trying to count the total...

by New Member in

how can I change the default search time for all users who are accessing a custom app i created?

I would like to change the default search time for all users who select the custom app i have created from all time t...

by Loves-to-Learn Lots in

Match IP address in Splunk to IP range in CSV

index=logs ip_address=* has single ip addresses like 5.9.100.100 CSV file: range, owner 5.9.0.0/24 Owner1 5.10.64...

by Explorer in

Why shouldn't we search index=*

I'm interested in knowing why it's frowned upon not to search index=*. I was asked by one of our employees and rememb...

by Path Finder in

Why am I losing a field when dedup-ing values from two sourcetypes?

I'm running the following search, but when I add the dedup line my d_name field goes blank. I have two sourcetypes bo...

by Path Finder in

How to compare two searches and count multiple fields and values?

I have combined data from two searches and want to compare them to identify what is new in the second search, what is...

by Path Finder in

litte search: all src-ips whitch alled more than 4 dest. in a short timerange

Hi there, I am new and I expect, that a have only a small Problem. I want to select all Source-IPs, whitch called mo...

by New Member in

How can I use results of a stats table to output to another pipe or timechart?

index=source earliest=-2h sourcetype=e | bucket _time span=1h |stats count by code _time| delta count as difference |...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to subtract one date from another?

How do to a "dedup" on a single event?

How to perform search only using PhoneNum?

Simple Column sorting (with variable column name)

How to add a new column to existing stats result after performing a calculation on each value in a column ?

Can I create a threat intelligence lookup that automatically updates the list of known, bad ip addresses from threat intel websites?

How to remove duplicate events in INDEX , not on Search ?

Jirarest add-on returning a subset of results

Join two searches that have no fields in common and take the sum of a field from one search + field from the other search

Calculate Days from current date custom date

Lookup table query of critical assets

Return host name in search even if no results are found

exclude logs from being tagged

Can I use a wildcard in the field to create a table of hostnames that match entries in the lookup table?

Subsearch help - find the events from one source type based on the input searched from other source type.

Has CIDR matching has changed between 6.3.x and 7.x?

evaluate if date field dd/mm is older than 5 working days.

Number of pages visited by each IP

how can I change the default search time for all users who are accessing a custom app i created?

Match IP address in Splunk to IP range in CSV

Why shouldn't we search index=*

Why am I losing a field when dedup-ing values from two sourcetypes?

How to compare two searches and count multiple fields and values?

litte search: all src-ips whitch alled more than 4 dest. in a short timerange

How can I use results of a stats table to output to another pipe or timechart?

Can’t make it to .conf25? Join us online!

Level Up Your .conf25: Splunk Arcade Comes to Boston

Manual Instrumentation with Splunk Observability Cloud: How to Instrument Frontend ...

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!