Splunk Search

Ask a Question

Discussions

Thread Info

How to generate an alert for every source accessing multiple distinct destinations within a 30 seconds window?

I have a set of sources that access multiple destinations(IPs) New to Splunk The query has to be set in such a wa...

by New Member in

splunk LDAP connection

hi, Can someone please explain me how to splunk communicates with LDAP . Will splunk stores the user data in its c...

by Path Finder in

How to edit my rex command to replace a string?

Hi, I want to replace the string "\x00" with spaces. "CP REQUESTED \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x...

by Path Finder in

How to remove Windows subfolders from search results by using regular expression?

I have a search which produces c:\folder\folder\folder\folder\file.exe as results. I want to remove all of the c:\fol...

by New Member in

How to display valid values in lookup against each calendar date?

Hi, I have a requirement where I need to calculate location wise weekly, monthly and total expected revenue for the ...

by Path Finder in

How to add daily average response time to hourly average response timechart?

In order to meet customer reporting requirements I need the average response time per hour and per day across all day...

by Explorer in

Can Customer Command use import a local python module?

I'm now use splunk-sdk-python-1.5.0 to create a search command. How can I add a python module that is not included i...

by New Member in

How to edit my search to make an IF statement filter out IPs?

Hey guys! I'm trying to filter out a few IPs from certain Categories and i just can't manage, something like: I...

by Engager in

How to remove consecutive repeat events by an unique user?

How can I remove events that are repeated consecutively? For example, my logs shows: Timestamp 1 | Event A | User ...

by Explorer in

Help with transaction !

Hi , I have following query written but it is not giving me correct output. So my logs would look like this s...

by Path Finder in

Query string method not working for HEC on Cloud

I have a splunk cloud stack which has HEC enabled on it and I am referring following page to send data via HEC: http:...

by Engager in

How to edit the table format in my email alert so that each item starts a new line?

Hi Splunkers and Happy Friday I am trying to put together an email that looks something like this: Howe...

by Communicator in

How to use predict command?

Date ALLOCATED_GB USED_GB Difference 20/08/2016 580.22 566.57 13.65 21/08/2016 580.22 106.6 473.62 22/08/2016 580.22 ...

by New Member in

Rex vs field extraction with very large multiline events, latter not working properly?

Hi, I'm importing some very large multi-line events into Splunk and trying to extract fields from them. The events...

by Engager in

I have one server with 24 jvms.I need to write query for jvm down .I tried using inputlookup?

I have one server with 24 jvms.I need to write query for jvm down .I tried using inputlookup? |inputlookup sample....

by Builder in

How to change time into seconds?

Hi Everyone, Please help me out to convert time format into seconds. My time field has values like :07, 7:45. ...

by Path Finder in

How to define splunk workflow actions URI with special characters

Hi, How can i define a link configuration with e.g. # in the uri like the following request? hxxps://www.robtex.co...

by New Member in

How to find missing field values

I want to use Splunk to tell me when a process is missing from a list of expected processes. I have tried using ev...

by Splunk Employee in

How to filter out events before/after a specific event

Hi, I want to filter out an event that occurs just before/after all the occurrence of a specific event, 'X". How ...

by Explorer in

Adding indentifier field to stats output

I have an index: base_data The index has data added on a weekly basis. I would like to identify the instances of f...

by New Member in

500 internal server errors with /search/data/transforms/lookups page

We are using Splunk 6.2.4 build 271043 on Ubuntu and we are seeing a couple of pages in the Lookups section that are ...

by Path Finder in

Assigning future timestamps fails

I am extracting timestamps from event to assign _time to events during index time. But timestamps are future date. Su...

by Contributor in

How to calculate row sum which each column has different weight?

Hi I have a table as below. severity S0 S1 S2 S3 event A 1 0 0 0 event B 0 2 0 0 event C 0 1 1 0 each col...

by New Member in

Accounting for weekends and holidays

I'm trying to come up with a method of accounting for weekends and holidays. Tell me, how should I implement this alg...

by Engager in

Existing Query returning no data

Hello everyone, We have a dashboard that contains a few panels that recently stopped returning data. I've tried to fi...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to generate an alert for every source accessing multiple distinct destinations within a 30 seconds window?

splunk LDAP connection

How to edit my rex command to replace a string?

How to remove Windows subfolders from search results by using regular expression?

How to display valid values in lookup against each calendar date?

How to add daily average response time to hourly average response timechart?

Can Customer Command use import a local python module?

How to edit my search to make an IF statement filter out IPs?

How to remove consecutive repeat events by an unique user?

Help with transaction !

Query string method not working for HEC on Cloud

How to edit the table format in my email alert so that each item starts a new line?

How to use predict command?

Rex vs field extraction with very large multiline events, latter not working properly?

I have one server with 24 jvms.I need to write query for jvm down .I tried using inputlookup?

How to change time into seconds?

How to define splunk workflow actions URI with special characters

How to find missing field values

How to filter out events before/after a specific event

Adding indentifier field to stats output

500 internal server errors with /search/data/transforms/lookups page

Assigning future timestamps fails

How to calculate row sum which each column has different weight?

Accounting for weekends and holidays

Existing Query returning no data

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions