Splunk Search

Discussions

Thread Info

Using the dedup command

How do I count the number of unique recipients of each type of unique attachment from emails. The same user could rec...

by Engager in

How do you change a span of 1 week time to start from Saturday to friday?

I have data and I need to visualize for a span of 1 week. I.e: it takes data from Sunday to Saturday. But, I want ...

by Builder in

Can I use CIDR in the deployment server?

Is is possible to specify a client group using a CIDR pattern to simplify app deployment to a network segment?

by Super Champion in

Add a day counter to a list/table.

Hello I am trying to add some logic/formatting to my list of failed authentications.Heres my search query.| tstats su...

by Engager in

How to concatenate fields from JSON

I have an inputlookup table, in this lookup table there is a JSON array called "Evidence" There is two field I woul...

by Engager in

Not all fields in log line extracted

Hi, I have two problems with a log line. 1) I have a log line that occasionally is inserted. It is a schedu...

by Communicator in

I have a field from one query that gets appended with another field coming from second query.How do I filter those value

I am appending results from below query,which will display difererent objectypesuppliedMaterial: ...

by Communicator in

long base search does not work in drop down list?

Hello,Why does long base search not work in drop down list?For example if the base query on id="StudentName" has a lo...

by Motivator in

Email count

How do I count the number of emails from a search but only get recipients that received ten or more emails?

by Engager in

Incomplete UserID

How to I eliminate partial user id characters coming out of a search query? Here are examples of incomplete userIDs...

by Explorer in

can we increase lookup table maximum matches to 2000?

Lookup table max match can be 1 to 1000, I want to increase it to 2000. Is it possible? When I increase the max_match...

by Explorer in

How to apply regex to lookup table field?

Hello All, I have a lookup file with multiple fields. I am reading it using inputlookup command and implementing so...

by Contributor in

How to achieve conditional formatting of values with eval if and regex?

Hello everyone, I have the following field and example value: sourcePort=514.000 I'd like to format these field...

by Engager in

Remove specific strings from raw events based on other fields

Firewall logs needs some purification for threat monitoring, below are couple events, From the events below action...

by Path Finder in

using 'values' in stats shows values merged

Hello Experts, I was wondering if you can help me figure out how do I show the merged values in a field as 'unm...

by Path Finder in

Need help in merging the queries

Hi, i need to add two queries so that they could come in different fields in one visualization, one will be the err...

by Path Finder in

Regex not workin

Hi All, Here is my how my event looks like - 20/11/2023 12:47:05 (01) >> AdyenProxy::AdyenPaymentResponse...

by Communicator in

How to build multiple timecharts in dashboard from one field?

Hello All, I have a lookup file with multiple columns: fieldA, fieldB, fieldC. I need to publish timechart for ea...

by Contributor in

How to associate two data set when one set need to lookup for associated key but the other data set doesn't need ?

Dear All, I have one index and I use this index to store messages and summary report as well. In report="report_b...

by Path Finder in

How to get the target Account Name from WinEventLog:Security

This is an example of an event for EventCode=4726. As you see there are two account name fields which the Splunk App ...

by Contributor in

Get Invidiual Totals when stats count has a field that logs errors

Hello Experts, This is a long searches, explored query that I am getting a way around. If we do a simple quer...

by Path Finder in

limit timechart with span and per_hour to 2 decimal values

I have below query which shows values in line chart with up to 5 decimals and I want to limit it to max 2 decimals. ...

by Explorer in

Splunk HF UI issue

hello Splunk team, As picture, I found UI duplication problem in selecting data type module. I tested different bro...

by Loves-to-Learn in

Compare values at two different timestamps and output diffs into a table

Hi Folks, I am trying to figure out how to compare a single field based off another field called timestamp. I pul...

by Loves-to-Learn Lots in

How to Combine Events with matching data

Hi, I have a union'ed search where I am wanting to link different events based on fields that have matching values.My...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Using the dedup command

How do you change a span of 1 week time to start from Saturday to friday?

Can I use CIDR in the deployment server?

Add a day counter to a list/table.

How to concatenate fields from JSON

Not all fields in log line extracted

I have a field from one query that gets appended with another field coming from second query.How do I filter those value

long base search does not work in drop down list?

Email count

Incomplete UserID

can we increase lookup table maximum matches to 2000?

How to apply regex to lookup table field?

How to achieve conditional formatting of values with eval if and regex?

Remove specific strings from raw events based on other fields

using 'values' in stats shows values merged

Need help in merging the queries

Regex not workin

How to build multiple timecharts in dashboard from one field?

How to associate two data set when one set need to lookup for associated key but the other data set doesn't need ?

How to get the target Account Name from WinEventLog:Security

Get Invidiual Totals when stats count has a field that logs errors

limit timechart with span and per_hour to 2 decimal values

Splunk HF UI issue

Compare values at two different timestamps and output diffs into a table

How to Combine Events with matching data

CX Day is Coming!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions