Splunk Search

Discussions

Thread Info

How to Convert Existing SPLUNK Trial Version to Paid License Version

Hello, Currently, SPLUNK is installed in one of my AWS EC2 Instances. It's a free 60-day trial version, for my per...

by Motivator in

How do I run a search with today's date in the search itself, not using the time picker?

I currently have this search right now, and I apologize in advance for my poor spl. I would like to know how to run t...

by Explorer in

Why is there Missing data on ingestion?

Brand news servers. Not receiving all data from the UF.Confirmed connectivity.Confirmed inputs via "/opt/splunkforwar...

by Explorer in

Search NOT contain

I'm trying to create an SPL which will give me the results as per below: Search for all users for have visited "sto...

by Observer in

How to get the stats for variable with a certain value ?

Hi, I am building alert in Splunk. I have a log with 6 different variables, but I am actually interested only in 4...

by Path Finder in

How can i create a stacked bar graph showing the different log levels?

How can i create a stacked bar graph showing the different log levels (Error, Info, Debug) generated by each Proce...

by Contributor in

How to Standardize email to output "First Last" to a new field?

I am having issue finding a way to standardize email for a query that will make the output "First Last" to a new fiel...

by Explorer in

How to Generate Roles to Indexes table?

I'm looking for a way to search all indexes available for each role in Splunk (including access inherited from other ...

by Engager in

Why is Splunk giving different result when searching on _bkt field?

While running below search I am not getting any events: index=main_vulnerability_database sourcetype=vulnerability...

by Path Finder in

Random skipped searches, scheduler slowness and UI slowness on SH.

Encountering random skipped searches/ slow ui access.

by Splunk Employee in

Resource monitoring: Why am i only getting timestamps but no other value?

Hello friends, I'm fairly new to Splunk, so please bear with me here. I have the output of the sar -u...

by Explorer in

About Parsing JSON Log in splunk

<6>2023-08-17T04:51:52Z 49786672a6c4 PICUS[1]: {"common":{"unique_id":"6963f063-a68d-482c-a22a-9e96ada33126","time":"...

by Loves-to-Learn Lots in

External search command 'sendemail' returned error code 1

Hi,One of use case giving below error while sending email to recipients.The use case configured to run every 20 mins ...

by Loves-to-Learn Lots in

blacklist regex help

Hello all, I am trying to blacklist an event that is tied to a specific sAMAccountName which is sAMAccountName="Ale...

by Path Finder in

How to convert from horse shoe to stacked bar chart?

I have the below SPL with the regex, which i was using as a horse shoe visualization, but im trying to convert it to ...

by Contributor in

ingest line from log file match with multiple regular expression to splunk indexer

Hi, Below red highlighted is sample log file. Sample LogFile 12:08:32.797 [6] (null) DEBUG Bastian.Exacta.AMAT....

by Loves-to-Learn Everything in

How to create correct format inside a multivalue field?

Hello to all, I have a multivalue field with a date and also a null value. In addition I have the problem that the...

by Explorer in

How to Find new users in the last 24 hours and see if they were subsequently added to two groups?

Greetings! I have been googling, pluralsighting, reading splunk docs and I am extremely new to splunk. I did searc...

by Engager in

How to Extract the data after second special character?

Hello, I want the extract everything after the second slash(/) OR Everything from the last till the first s...

by Path Finder in

How to create a table?

Hi, I need help with creating a table in Splunk that displays all the components below: I too n...

by Explorer in

How to Summarize on distinct value?

Hello there,I would like some help with my query.I want to summarize 2 fields into 2 new columns One field is uniq...

by Path Finder in

Why is splunk.pie is not defined?

Hi I need some help.I have a Splunk add-on that worked fine and showed pie charts and single values in a dashboard.I ...

by Loves-to-Learn in

How to do stats count for different day?

| stats count by field1 field1 field2 field3 only show yesterday count, how can I show count1 for yesterday, count2...

by Engager in

Why am I able to get values via joining on an input lookup command, but cannot get values when using the actual lookup?

I have a sourcetype that is exhibiting very odd behavior. If I try to run a lookup command such as the following: ...

by Contributor in

How To Sum Hourly Column Results In A Separate Column

I am looking to sum up cumulative column totals by hour in a separate column. Here is the search: index=main Comp...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to Convert Existing SPLUNK Trial Version to Paid License Version

How do I run a search with today's date in the search itself, not using the time picker?

Why is there Missing data on ingestion?

Search NOT contain

How to get the stats for variable with a certain value ?

How can i create a stacked bar graph showing the different log levels?

How to Standardize email to output "First Last" to a new field?

How to Generate Roles to Indexes table?

Why is Splunk giving different result when searching on _bkt field?

Random skipped searches, scheduler slowness and UI slowness on SH.

Resource monitoring: Why am i only getting timestamps but no other value?

About Parsing JSON Log in splunk

External search command 'sendemail' returned error code 1

blacklist regex help

How to convert from horse shoe to stacked bar chart?

ingest line from log file match with multiple regular expression to splunk indexer

How to create correct format inside a multivalue field?

How to Find new users in the last 24 hours and see if they were subsequently added to two groups?

How to Extract the data after second special character?

How to create a table?

How to Summarize on distinct value?

Why is splunk.pie is not defined?

How to do stats count for different day?

Why am I able to get values via joining on an input lookup command, but cannot get values when using the actual lookup?

How To Sum Hourly Column Results In A Separate Column

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6