Splunk Search

Ask a Question

Discussions

Thread Info

Automated lookup using KVstore lookup

I have a KV store collection that is populated. I have a lookup definition pointing to the KV store. If you use the...

by Communicator in

Encrypt the Source data

Hi All, My requirement is source data records data need to be encrypted. What does process need to follow? Is t...

by Loves-to-Learn Everything in

How to apply eval to fields with complex names?

I am basically faced with this problem: | makeresults count=3 | streamstats count | eval a.1 = case(cou...

by Path Finder in

Trying to create a custom Field Extraction

I am trying to write a regex to extract a field called "registrar" from some data like i have below. Can you please h...

by Path Finder in

way to detect half-duplex connections

Does anyone know a pattern for detecting half-duplex connections from server/laptop sources to server destinations? n...

by Explorer in

parse ps command

I have events like this : 11/06/2023 12:34:56 ip 1.2.3.4 This is record 1 of 5USER PID %CPU %MEM VSZ RSS TTY STAT S...

by Engager in

splunk merge field values

I have a field called environment which has values like dev,prod,uat,sit.Now I want to create a new_field which all t...

by Explorer in

Comparing every elements in a list with a table

Hello! Could you advise, please, how can I compare results of 2 searches, which returns results in a different for...

by Explorer in

How to limit search results to * % of all results

I've got a search query which outputs 175 rows. I want it to output only top 5%. The row count will change over time ...

by Explorer in

linux splunk Uf 9.1.1 deploy-poll issue

After installing the latest UF 9.1.1 on a linux i tried to connect it to the deployment server ./splunk set deploy...

by Engager in

Calculate average, min, max time in ms based on string in event log

I am a beginner in Splunk queries. I might would be asking for some simple query but I am not able to construct it af...

by Explorer in

Where/Search clause does not work with lookup.

I am having trouble comparing the columns age and expectedAge, where the column expectedAge is a result of a lookup ...

by Explorer in

regex skipping items with square brackets

My regular expression has been working fine.. but now theres data with "[]" and it is being skipped here is t...

by Contributor in

Create a dashboard with timepicker for a field with date/time

Hi All, I have a search query that allows me to pull results from an index summary.One of the fields is a time/date...

by Communicator in

Panel loading without submit button

Hello, I have below code for a dropdown menu and the problem is the moment i select any of the value from drop down...

by Engager in

Why does this work: lookup, outputnew

Apparently my Google-Fu isn't the best and I can't find an explanation. Can someone please enlighten me? I have a ...

by Explorer in

Correlating Data from 3 Indexes (Match Destination IP from Firewall & Resolve Hostnames using Symantec & Windows Logs)

Hi All, I want to create an SPL query that first returns data by matching the destination IP address from Palo Alto...

by Engager in

Saved search query got auto deleted

Hi, I have 2 saved searches that fetch data from datamodel (pivot table) and the result of these savedsearch is sto...

by Loves-to-Learn Everything in

subsearch query

Can someone please help me with this. So I have the following query: source=abc type=Change msg=" consumed" event...

by Path Finder in

"transaction" command: have four "startswith" and two "endswith" patterns for the same transaction

I need to run a Splunk search with "transaction" command and I have four pattern variations for the start of the tran...

by Loves-to-Learn in

Stats and Look up

Dear All, I have look up file with Transaction details and Transaction Name Like below. Will be great if someone su...

by Engager in

I have a query to fetch Kernel version from all the Linux servers

I have a query to fetch Kernel version from all the Linux servers . We update the Kernel Patch every quarter . I have...

by Explorer in

Highlight empty fields in color

How to highlight empty fields in the dashboard in colours . Simple step pls

by Explorer in

To extract the timestamp for the events

Hi everyone I need to grouping the below 3 events with correlation ID. I have tried transaction cmd below but it is...

by Path Finder in

Find three different events within a timeframe for the same user

In this dataset, transactions (#3 + #9 + #10 - Mike), and (#5 + #7 +#11 - Alex) -- Would be displayed. #TimeUserTr...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Automated lookup using KVstore lookup

Encrypt the Source data

How to apply eval to fields with complex names?

Trying to create a custom Field Extraction

way to detect half-duplex connections

parse ps command

splunk merge field values

Comparing every elements in a list with a table

How to limit search results to * % of all results

linux splunk Uf 9.1.1 deploy-poll issue

Calculate average, min, max time in ms based on string in event log

Where/Search clause does not work with lookup.

regex skipping items with square brackets

Create a dashboard with timepicker for a field with date/time

Panel loading without submit button

Why does this work: lookup, outputnew

Correlating Data from 3 Indexes (Match Destination IP from Firewall & Resolve Hostnames using Symantec & Windows Logs)

Saved search query got auto deleted

subsearch query

"transaction" command: have four "startswith" and two "endswith" patterns for the same transaction

Stats and Look up

I have a query to fetch Kernel version from all the Linux servers

Highlight empty fields in color

To extract the timestamp for the events

Find three different events within a timeframe for the same user

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!