Splunk Search

Discussions

Thread Info

Flood Splunk with test data to performance test real time dashboards and to war game

Hi, I want to flood splunk with a high number of test data to be able to identify flaws in the current alerting an...

by New Member in

Can you force the transaction command to keep duplicate entries in a multivalue field output?

I have a search using the transaction command that returns the following (as a single transaction, not as separate ev...

by Engager in

Combining separate fields to multi values

I have 300 match_ fields per event. Here are the first 9 from one event: match_1="Don\'t Be So Shy" match_2="Imany...

by New Member in

Trying to limit results by date

I am trying to filter results based on a search term (seen below) for only items that match a date from the time sear...

by New Member in

How to extract desired information from Transaction ignoring duplicates

I am trying to capture particular types of errors that occur in our logs. I've searched for my key events in my base...

by Explorer in

How to edit my search to match an IP from Data to a Subnet IP in a lookup file?

| set union [search index=*_place_holder sourcetype=placeholder | fields src_ip | where src_ip!="N/A"| rename src_ip ...

by New Member in

How does one create a pie chart that would result in 3 equal pie slices?

I'm logging memory stats, and I have fields like "mem_free", "mem_used", and "mem_cache" that represent memory in MB....

by Explorer in

Moving 3 day count - any built in search commands for this?

Hi all, I have some data like so Day | Count 1 | 200 2 | 200 3 | 300 4 | 100 5 | 200 ... | ... I can graph a...

by Contributor in

Extract Last 12 Characters

Hi, I wonder whether someone could help me please. I have the following string, which I'm trying to extract the la...

by Motivator in

How to edit my search to generate a report of Current Status over time?

Greetings everyone. I'm trying to do what I think is a simple task, but for some reason it is troubling. I loaded ...

by New Member in

Is it possible to pass a URL (Not static) from a search field to create a clickable link in a dashboard?

I can hard-code a static URL, but when I pass a value, Splunk adds the host to the URL to direct the link internally.

by Explorer in

How to search for 5 failed logins followed by 1 successful login from one user to find brute force attacks?

Dear Experts, Kindly help to create a search for 5 failed logins followed by 1 successful login from one user. ...

by Path Finder in

Splunk to activate python script

Hi. i want to ask if you guys have any idea how to connect a splunk search to run a python script? What I'm doing is ...

by Explorer in

group different source in one querry

Hi all, I'm running Splunk 6.6 and I like to group different sources of an Index to count them within one querry. ...

by Path Finder in

SPLUNK update existing events

Hi Experts, I have a case like below: I have events with order_id, order_status, ord_creation_date being indexe...

by Communicator in

Inactive Users

Hello Splunk, I am attempting to write a query that searches Splunk for any users that have not logged in for the...

by New Member in

What is wrong with this regular expression to extract the URL from our logs?

I am attempting to extract the URL from our webfilter logs. The automatic field extraction process did not work. I no...

by Explorer in

How to reset sourcetype and do field extractions using props.conf and/or transforms.conf?

My Splunk setup has 3 layers, Forwarders - 50+Indexers - 4, running on different machinesSearch Heads - 3, running...

by Path Finder in

Why do I receive "Error in 'eval' command: The expression is malformed. An unexpected character is reached at '”%Y-%m-%d %H:%M”)'." in my Splunk Light search?

Hi everyone ! I am a new user in Splunk (Great application and these days very useful); I read this document and I tr...

by Explorer in

How to parse search time from one dashboard to another

Hello all, I have several dashboards and would like to keep the same time searching period when navigating from on...

by Explorer in

Need to extract JSESSIONID from result

Query: index="prod" "Null Pointer Exception" Result: Key: value, key; value, JSESSIONID:123456.ATG.PROD, key: value ...

by Path Finder in

Drill down Single Value

Hi, I want to drill down a single value. I have a single value named High Risk and I created a table now I want...

by Path Finder in

Why does appending an accelerated saved search not use acceleration?

2 searches to illustrate: | noop | stats count | append [ savedsearch my_accel_search ] | savedsearch my_accel_se...

by Influencer in

How to monitor transaction duration, but only account from 8AM to 6PM?

I have the fallowing search: index="my_app" p_id=635392908992408562 | transaction p_id | eval starttime=strftime(_...

by Path Finder in

View Summary Index query

Hi, I have been handed over a bunch of summary indexes I should be using as base. I have full access to the Sea...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Flood Splunk with test data to performance test real time dashboards and to war game

Can you force the transaction command to keep duplicate entries in a multivalue field output?

Combining separate fields to multi values

Trying to limit results by date

How to extract desired information from Transaction ignoring duplicates

How to edit my search to match an IP from Data to a Subnet IP in a lookup file?

How does one create a pie chart that would result in 3 equal pie slices?

Moving 3 day count - any built in search commands for this?

Extract Last 12 Characters

How to edit my search to generate a report of Current Status over time?

Is it possible to pass a URL (Not static) from a search field to create a clickable link in a dashboard?

How to search for 5 failed logins followed by 1 successful login from one user to find brute force attacks?

Splunk to activate python script

group different source in one querry

SPLUNK update existing events

Inactive Users

What is wrong with this regular expression to extract the URL from our logs?

How to reset sourcetype and do field extractions using props.conf and/or transforms.conf?

Why do I receive "Error in 'eval' command: The expression is malformed. An unexpected character is reached at '”%Y-%m-%d %H:%M”)'." in my Splunk Light search?

How to parse search time from one dashboard to another

Need to extract JSESSIONID from result

Drill down Single Value

Why does appending an accelerated saved search not use acceleration?

How to monitor transaction duration, but only account from 8AM to 6PM?

View Summary Index query

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions