Splunk Search

Discussions

Thread Info

Search to find the number of triggered alerts for a particular dashboard

Is there any prebuilt search (like rest command) to find the number of triggered alerts for a particular dashboard? i...

by Path Finder in

Using stolen or forged tickets (TGT)

Hi guys, I want to detect a service ticket (TGS) request (Windows event code 4769) that is not preceded by one of the...

by Explorer in

How to capture the substring of a dynamic multivalued field?

I am looking to create an acronym from a dynamic string, by capturing the first letter of each broken substring How...

by Path Finder in

How to find the difference of two stats count

I am having two counts in the dashboard one is the total count and other is error count to get the success count I wa...

by Path Finder in

Joining indexes for stats results

I have three indexes I am trying to join that have at least three similar columns each. I want to table the results i...

by Engager in

How tstats is working when some data model acceleration summaries in indexer cluster is missing

Hello, by default, DMA summaries are not replicated between nodes in indexer cluster (for warm and cold buckets). I...

by Path Finder in

Pass values in splunk search and compare it with results

Hello, Currently my search looks for the list of containers which includes initialised successfully message ...

by Explorer in

Does stats values command combine unique values?

Hello,Does stats values command combine unique values?For example: companyipcompanyAcompanyA1.1.1.1companyBcompanyB...

by Motivator in

use * in floor

I have a field called position that contains integers and a token called position_select that is either a floating po...

by Loves-to-Learn Lots in

Check current date against lookup

I have a lookup table with a list of dates which I want to use in my alerts. If the alert triggers I want a where cla...

by Contributor in

How do you calculate the totals of each table row and display those values as new fields?

How do you calculate the totals of each single row of a table and display that value in a new fields, much like addco...

by Communicator in

Add a value "0" and make it visible on a graph

Hello community, I'm encountering a problem that's probably simple to correct, but no matter how hard I try, I can'...

by Path Finder in

How to extract just the date from a timestamp converted from epoch time?

I have a conversion set up to change the epoch time | convert ctime(_time) as date time. I would like to keep just th...

by Path Finder in

help on tsats command with datamodel

Hi I have created a basic datamodel called "TEST" I try to query on this datamodel with tstats but the only piece...

by Motivator in

Can you help me fix my search

Hi, Below is my current search at the moment, index=o365 sourcetype=* src_ip="141.*"| rex field=_raw "download:(?<d...

by Observer in

extracting the first 3 characters from a field?

How do I extract the first 3 characters from a field ? I thought it might be something like ... | eval First3=subs...

by Motivator in

join 3 queries

HelloI have 3 queries that i need to join between them but there is a catch query number 1 checks for users who se...

by Communicator in

Can you help me fix my Splunk search?

I am trying to create an alert that triggers if a user successfully logs in without first having been successfully au...

by Path Finder in

create scheduled search and alerting between 7pm to 7am

How to schedule search between 7pm to 7am and alert if and only if there is an event recorded between 7pm to 7am? my ...

by Explorer in

Date time formatting variables not producing result I expected

Hi, I have an existing search as follows: | eval tempTime=strptime(due_at."-0000","%Y-%m-%d %H:%M:%S.%3N%z") ...

by Communicator in

Which values I will have for srchJobsQuota and rtSrchJobsQuota

Hi all, I've configured a new role to inherit settings from user and power role and I let default values for ...

by Path Finder in

How to combine values in Y axis of dashboard

I created a dashboard with a query looks like this : index=cbclogs sourcetype = cbc_cc_performance source="/var/lo...

by Engager in

Dashboard studio shows two values on y axis

Hello, I have one more begginers question regarding reports and dashboards  I am trying to do overview of mo...

by Explorer in

Splunk Alert search time latest=-5m@m OR latest=now

Hello everyone, I'm currently setting up a lot of alarms in Splunk, and a question has arisen regarding what is bet...

by Explorer in

i want the output in the below format. please answer my query how to achieve it.

i want the output in the below format :- Input as below:- host sql instance db name abc ...

by Loves-to-Learn in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Search to find the number of triggered alerts for a particular dashboard

Using stolen or forged tickets (TGT)

How to capture the substring of a dynamic multivalued field?

How to find the difference of two stats count

Joining indexes for stats results

How tstats is working when some data model acceleration summaries in indexer cluster is missing

Pass values in splunk search and compare it with results

Does stats values command combine unique values?

use * in floor

Check current date against lookup

How do you calculate the totals of each table row and display those values as new fields?

Add a value "0" and make it visible on a graph

How to extract just the date from a timestamp converted from epoch time?

help on tsats command with datamodel

Can you help me fix my search

extracting the first 3 characters from a field?

join 3 queries

Can you help me fix my Splunk search?

create scheduled search and alerting between 7pm to 7am

Date time formatting variables not producing result I expected

Which values I will have for srchJobsQuota and rtSrchJobsQuota

How to combine values in Y axis of dashboard

Dashboard studio shows two values on y axis

Splunk Alert search time latest=-5m@m OR latest=now

i want the output in the below format. please answer my query how to achieve it.

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions