Splunk Search

Discussions

Thread Info

Regex help

CCDSRiERRSTAFGRT||FUNC||u505||PA1RA2M||STCK|Workflow: threat call workplace||ATdT|||AC1CSED CCDSRiERRSTAFGRT||FUNC||u...

by Builder in

Coloring a stats table value based on condition

Hi ALL, I have this url URL ResponseTime /wcs/resources/store/10151/...

by Engager in

Search help -- Display count if field is present in the output

Hi Splunkers , Need help in creating the case statement. We are feeding the palo alto logs to the threat intell...

by Path Finder in

What are my options to indicate that Splunk has modified an event in a particular way (for auditing purposes)?

We all know about this stuff: https://docs.splunk.com/Documentation/SplunkCloud/latest/Data/Anonymizedata Let's sa...

by Esteemed Legend in

How to show more than 50 events on a page in 6.x?

Hi, In the image above, the selections are 10, 20 and 50 events per page. In 5.x, the flashtimeline.xml is edi...

by Contributor in

Combine two searches using a lookup table

index=“client_index” AND Event_Type 6152 |eval new=substr(audit_filename, 16,14) |eval ip=mvindex(split(new,”_”),0) |...

by New Member in

How do I write a search with a subsearch?

Hey everyone, Trying to write a search to find Firewall allows by Previous Drops I am very new to Splunk (love ...

by Path Finder in

Stats cannot generate alerts?

I am trying to generate alerts. I have a search query as index=abc-index host="XYZ123*" collection="AppServer:OrderT...

by New Member in

Extracting multiple fields from events

I want to extract 2 separate fields from the below events : the event is : 2017-09-01T23:50:49.325-04:00 INFO m...

by Explorer in

Replace First Two Digits

Hi, I wonder whether someone may be able to help me please. I have a telephone number field "telnofac" with the...

by Motivator in

timechart command changing my column data

HI Team, I am facing some weird thing. Upto table command, am getting whatever i want. After doing timechart value...

by Explorer in

Are there any good tutorials for splunk search queries?

Hi, I would like to know the link, or any document where from I can learn how to write search queries for differen...

by Explorer in

Applying Field Extractions to Several Sourcetypes

Hi, Per a policy I've inherited, we're separating our business groups' web server logs into separate sourcetypes. It ...

by Path Finder in

How to add total percentage to rows and columns

I have the following query : ... | search service_name=$service$ | dedup name, jenkins_data.JOB_NAME, jenkins_data...

by Path Finder in

Can appendcols be used for grouping?

I have the following query index="XXXXXXXXXX" Device="*FPB*" OR Device="*VAV*" Point_Name="ActFlow" |bin span=15m...

by Explorer in

How to display date info from past weeks?

My Query: | tstats count where index=p___ AND error* by sourcetype,_time span=1d | eval count=tostring(count,"comm...

by Engager in

Searching a particular field and performing actions based on its presence and value

My application logs will print each record with id. If the record has any error, it will display the Error field else...

by Explorer in

Is it possible to create a multivalue field out of fieldnames with a specific pattern

Hi, is it possible to create a multivalue field out of fieldnames with a specific pattern? Let's say we have s...

by Motivator in

Incident Review Incidents Disappear when search completes

This is an odd issue. After a restart of Splunk my incident review dashboard will show all of my incidents as long as...

by Explorer in

Cannot View data in Splunk Console

Hi I am new to Splunk and we have to complete POC . We have two server : Server A ( Index Server where Splunk Ente...

by Explorer in

How to generate a search to find license usage for a particular index for past 7 days sorted by host and source?

How to generate a search to find license usage for a particular index for past 7 days sorted by host and source? P...

by New Member in

How to rank data based on field within event? and output whole event while displaying

I've got data say in following format name,department,location,score jack,finance,houston,220 jill,finance,london,...

by Super Champion in

Why am I unable to populate a token with the result of a search with my current Simple XML?

Hello there guys, I'm trying to populate a token with the result of a search so I'm able to use this value at var...

by Path Finder in

How to search user search history by keyword

Hi there, Is there any way to find out who are the users queried for a particular word in Splunk? For example, i w...

by Path Finder in

How to extract the host name and database name

Hi, I would like to extract the Host Name and Database Name from the below string. URL : jdbc:sqlserver://WBMSSQL...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Regex help

Coloring a stats table value based on condition

Search help -- Display count if field is present in the output

What are my options to indicate that Splunk has modified an event in a particular way (for auditing purposes)?

How to show more than 50 events on a page in 6.x?

Combine two searches using a lookup table

How do I write a search with a subsearch?

Stats cannot generate alerts?

Extracting multiple fields from events

Replace First Two Digits

timechart command changing my column data

Are there any good tutorials for splunk search queries?

Applying Field Extractions to Several Sourcetypes

How to add total percentage to rows and columns

Can appendcols be used for grouping?

How to display date info from past weeks?

Searching a particular field and performing actions based on its presence and value

Is it possible to create a multivalue field out of fieldnames with a specific pattern

Incident Review Incidents Disappear when search completes

Cannot View data in Splunk Console

How to generate a search to find license usage for a particular index for past 7 days sorted by host and source?

How to rank data based on field within event? and output whole event while displaying

Why am I unable to populate a token with the result of a search with my current Simple XML?

How to search user search history by keyword

How to extract the host name and database name

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions