Splunk Search

Ask a Question

Discussions

Thread Info

Extract the CVE value

From IPS Event How can I extract only CVE value XXXXDxxxre xxxrability (CVE-201x-00xx) (severity = Low) I am wr...

by Communicator in

Only able to extract the first value of a comma separated list for a given field.

I have data in the following format: GenericHostName1=vm1,vm2,vm3,vm4; GenericHostName2=vm5,vm6,vm7; When I se...

by Explorer in

Another time/date/string query

Hi All, I am recently new to SPLUNK and trying to identify a way of doing some time differences. I have done an e...

by Contributor in

timechart avg(bytes) by... not working with predict

I tried various combinations but failed index="flowintegrator" src_port=21 |eval thisUser=src_ip + "="+ dest_ip | ...

by Path Finder in

subsearch with inputlookup

| inputlookup clusName.csv | fields cluster ----works in a dropdown and has around 10 entries Now, I need to use ...

by Explorer in

Extract a number before a string

Completely New to regex, I have a log as below and wanted to extract the percentage i.e. "28" and then check it with ...

by Explorer in

How to search across three sourcetypes using stats, but without using join, append, or subsearch?

I'm currently working on 3 separate data sourcetypes that have similar information Sourcetype 1 - Fields X,Y,Z Sou...

by Explorer in

How can we fetch only 8 rows from a lookup?

Our top user ended up with the following query - | inputlookup WHERE [ | makeresults count=8 | streamstats count ...

by Ultra Champion in

Splunk Regex - Works in regex101 but not Splunk

I've got a regex that's working in Regex101's editor, but when I paste it into Splunk I get garbage or no results: Re...

by Explorer in

HTTP Event Collector: automatic sourcetype detection

When using the HTTP Event Collector, is automatic sourcetype detection possible? Every event at the moment appears...

by Engager in

Regex Performance consideration

Hello All ! I ask myself what is the best approach to extract all fields of logs with regex in general. I speak he...

by Path Finder in

Group results based on criteria

Hi Peeps, source="Log.txt" resp_status=503 | chart count by req_url If I execute the above query I will get the...

by New Member in

How to match fields from indexed data with CSV lookup

I created a list of known malicious domain names and put that information into a CSV. I named the field "dest_hostnam...

by New Member in

What is wrong with my transforms.conf and props.conf settings? I'm getting the wrong data.

Hi All: I am unable to get the metadata host field in Splunk for the value of the database field called "HOSTNAME"...

by Explorer in

How do I append a column to a chart?

I have the following search index=firewall policy_name="/Common/default" request_status=blocked (violations="Acces...

by Explorer in

Timechart not working for 30days and more

My timechart is working perfectly for last 10 days but it is not working for time range above 15 days.Any idea to res...

by Explorer in

Get only one value on drilldown for multiple values in a cell

Hi, I am trying to give cell value using drilldown as parameter to another dashboard. Below is how I have defined it:...

by Communicator in

How to calculate the days between earliest date and now

I have the following search: ..index bla bla... | eval eD_A=strptime(D_A, "%Y-%m-%d %H:%M:%S.%N") , eD_AV=strptime...

by Path Finder in

How to index arbitrary number of fields and do tstats operations on them?

Hi, I've got these strange XML logs, where each log has (among other things) a username and an arbitrary number of...

by Builder in

Matching an IP address from a lookup table of CIDR ranges

I am trying search events where the destination IP is in a lookup table consisting of a list of CIDR ranges (and thre...

by Influencer in

Need Help With Lookup returning multiple values

So I have a lookup with a date field, identified field, and a description field. There are duplicates in this lookup ...

by Path Finder in

Help with if statement and complex | search

$execution$ $host$ $user$ |eval moresearch=if(execution=index=index1,"",($authentication$) OR ($configuration$) OR ($...

by Path Finder in

Lookup table to return column value

I am having issues with displaying data based off the results from the lookup table. I am using this search below, w...

by New Member in

How to calculate the percentage from a dc count?

I have a query as below | metadata type=hosts | search [| inputlookup hosts_test.csv | eval host=lower(my_hostnam...

by Builder in

Using Standard Deviation to track SSH traffic

I'm looking for a way to traffic the average ssh traffic between two IP addresses (source IP and destination IP) and ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Extract the CVE value

Only able to extract the first value of a comma separated list for a given field.

Another time/date/string query

timechart avg(bytes) by... not working with predict

subsearch with inputlookup

Extract a number before a string

How to search across three sourcetypes using stats, but without using join, append, or subsearch?

How can we fetch only 8 rows from a lookup?

Splunk Regex - Works in regex101 but not Splunk

HTTP Event Collector: automatic sourcetype detection

Regex Performance consideration

Group results based on criteria

How to match fields from indexed data with CSV lookup

What is wrong with my transforms.conf and props.conf settings? I'm getting the wrong data.

How do I append a column to a chart?

Timechart not working for 30days and more

Get only one value on drilldown for multiple values in a cell

How to calculate the days between earliest date and now

How to index arbitrary number of fields and do tstats operations on them?

Matching an IP address from a lookup table of CIDR ranges

Need Help With Lookup returning multiple values

Help with if statement and complex | search

Lookup table to return column value

How to calculate the percentage from a dc count?

Using Standard Deviation to track SSH traffic

.conf25 Community Recap

Splunk App Developers | .conf25 Recap & What’s Next

Congratulations to the 2025-2026 SplunkTrust!

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions