Splunk Search

Discussions

Thread Info

Is there a limitation on search strings lengh used on the search bar in splunk UI.

I have a dash-board panel that works for any user but when clicking the loop to open in search, the search query gets...

by Explorer in

remove orphaned scheduled search in Splunk 6.5.3

hi we have Splunk connected to Active Directory and we cannot add local users so we cannot reassign orphaned searc...

by Builder in

How can I remove a events from a search table

Hi Guys, Good Day! Just want to ask on how can I remove YYYYMMDD HH24:MI:SS") event on my search table. Here is...

by New Member in

how to edit my search

earliest=-48h@h latest=-24h@h index="my-live-srv" sourcetype="Perfmon:sqlserver:sql_errors" counter="Errors/sec"| whe...

by Path Finder in

Adding a colum to stats results

Hey! Right now I have a search - source="tcp:6555"| search Message_Type =IP | stats sum(Bytes) AS Bytes by IP...

by Explorer in

Add original host to windows security event syslog header

I want to export windows security events to syslog. The following works but it shows the events all originate from sp...

by Path Finder in

Need help with Predict command to forecast receipts by customer

Hi everyone, I use Splunk to assign transactions on daily bank statements to Category (eg receipts, payroll etc) a...

by New Member in

Simple question about timecharts

Hi there, I have a field with values, like 2, 4 or 10. Now I want to use a timechart or a chart which display 2, 4...

by Communicator in

Field Values Case Sensitve

I have a lookup table, with an ID field that has case specific alphanumeric values in it. I'm attempting to searc...

by Motivator in

How to create a single value trend to show the difference based on the previous day?

Hi , I need to create a single value visualization with the trend indicator. The trend indicator should be the di...

by Explorer in

Search doesn't show results if for the same node are present two type of alarms

Hello, I have a query that extract some type of alarms divided by NODE. These are the columns of the query: _time ...

by Path Finder in

Why am I just getting a chart, but no trend line after using trendline command?

Hi Experts, I am plotting a trend line with trendline command. Here is my simple search sourcetype="Perfmon:CPU14...

by Builder in

How to add x-axis labels show on a timechart when data contains epoch time?

Hi, I am still fairly new in Splunk as I just started last week. Any help is appreciated!! This is what i currentl...

by New Member in

Windows CPU by Process - How do I divide field value #1 by field value #2?

I am trying to get a representation of the percentage of CPU used per windows process based on the amount of processo...

by Explorer in

Data masking

HI , i want to masking the cookie value in the the log file i just write the regx but its not displaying the data bef...

by Path Finder in

transaction calculate duration betweeen 2 events

I'm trying to use transactions to generate a timeline of events where the events are grouped by an eventId I'm rec...

by Communicator in

Use Join but also display non matching datasets

I'm currenty trying to combine data from our firewall and sysmon which is running on a testclient. I want to join the...

by Engager in

How to Extract value from Source Field

Hi, I want to Extarct Filed from Source file and Below are some Sorce file. /opt/si/logs/taopwssid1/admin/paas...

by Engager in

how to show 0 when no search result found

after succeed with "Infected files:" | rex field=_raw "Infected files: (?<Infected>\d*)" | convert timeformat="%Y-...

by Explorer in

moving rex to props and transforms not woking

Hi, I am monitoring print events from windows event logs using WinEventLog:Microsoft-Windows-PrintService/Operational...

by Path Finder in

Connect two points on map based on two coordinates

Hello, I have this search: index=ip | lookup list.csv pop as POP_A OUTPUTNEW LAT as LAT_A LON as LON_A | lookup li...

by Path Finder in

Using the like operator for raw text

Hi Can someone help me with a query please. So I have a field called message which displays the following: "mes...

by Engager in

How to edit my search to find the time frame window with the least amount of events?

Hi there, I am trying to return the top 3 results of three hour windows where an event is least likely to happen b...

by New Member in

What is the best way to get the running average and standard deviations for external port connects?

So I am looking at cisco asa logs and wondering what the best way method would be to create an alert when the number ...

by Contributor in

Extract data for last 3 months

Hi All, I am searching from a csv lookup. The CSV contains fields --> 1. Reporting Month & Year -->17-Jan, 17-Feb...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Is there a limitation on search strings lengh used on the search bar in splunk UI.

remove orphaned scheduled search in Splunk 6.5.3

How can I remove a events from a search table

how to edit my search

Adding a colum to stats results

Add original host to windows security event syslog header

Need help with Predict command to forecast receipts by customer

Simple question about timecharts

Field Values Case Sensitve

How to create a single value trend to show the difference based on the previous day?

Search doesn't show results if for the same node are present two type of alarms

Why am I just getting a chart, but no trend line after using trendline command?

How to add x-axis labels show on a timechart when data contains epoch time?

Windows CPU by Process - How do I divide field value #1 by field value #2?

Data masking

transaction calculate duration betweeen 2 events

Use Join but also display non matching datasets

How to Extract value from Source Field

how to show 0 when no search result found

moving rex to props and transforms not woking

Connect two points on map based on two coordinates

Using the like operator for raw text

How to edit my search to find the time frame window with the least amount of events?

What is the best way to get the running average and standard deviations for external port connects?

Extract data for last 3 months

Can’t make it to .conf25? Join us online!

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!