Splunk Search

Discussions

Thread Info

Splunk Left outer join

Hi, I have an Index=A and inputlookfile where I'm trying to get a list of computers which are not common in 'index =...

by New Member in

Is it possible to aggregate and search within aggregated results?

My app logs multiple lines per request and each line has a "request_id" key for identification. For each request, the...

by New Member in

Is there a difference between Python and Perl Custom Searches?

Is there any penalty for using a Perl custom search over one created in Python? Presently the Perl search is simp...

by New Member in

Data of a field in next row in another field of current row

![alt text][1] The siuation is - I have sprint and their start date , I want the next sprint start date in same ro...

by Path Finder in

Cross referencing to fill in missing details

Hi, I have two .csv files. One contains an IP address with associated output data, a second contains the IP addres...

by Explorer in

How to use variable within foreach command?

I'm looping through JSON array and compare each value using a temporary variable but due to some reason the temporary...

by New Member in

How to exclude sub folders

Hi All I would like to monitor "4670: Permissions on an object were changed". I have the following query: i...

by New Member in

Table fields after using stats and xyseries

I apparently seem to be truncating fields after using the stats and xyseries commands. I found that if I include the ...

by Engager in

How can we improve the performance of an Hunk's query?

We have the following Hunk query - index=<claims_table> claim_classification=INPATIENT OR claim_classification="I...

by Ultra Champion in

regex used in transforms.conf isn't extracting the fields though there isn't anything worng with the regex?

I have a regullar expression extracted in transforms.conf as below :- [split_and_extract_commands] SOURCE_KEY = ab...

by Builder in

Is there a search or command that will number rows in a table?

is there any command to get row numbers in table? Like, I have a table like host source type DFR splunk_id...

by New Member in

Grouping a "time" span from one true value to another

I have a boolean value in my data set. I want to group all event together that are between the event(a) right after a...

by Path Finder in

How to edit my search to format String to Number with fieldformat for all 60 columns?

Hey guys Is there a quick way to format data? I want to format data like this <search> |fieldformat test1a=tonumb...

by Path Finder in

Which users have done this but have not done that ?

Hello there, I'm struggling a little bit with the search language, booleans, eventtypes and stuff ... I can't find...

by Communicator in

How to exclude last 3 values in the search results.

Hi , I need exclude the values last 3 three values from the search results. Can someone please help me on this. ...

by Explorer in

SEDCMD: to filter the character between the user

Curently our proxy logs with user having special characters inbetween. ref: DC=local/bob\, tom I have created a pr...

by Path Finder in

OR operator problem

Hi all, Hey, what's wrong with the next search structure? I'm using OR operator because the field names are diffe...

by Path Finder in

Is there a way to speed up my search through millions windows security logs?

Doing some long-tail analysis and I am running in Fast Mode but the query for 24 hours is taking a long time. Plea...

by Contributor in

best tips for speeding up searches?

by Explorer in

Group full auditd (rlog) EXECVE commands by User?

Hello, I have been trying to write some custom searches against linux auditd logs to get a list of all commands ex...

by Engager in

inputlookup format to insert wildcard * is it possible?

inputlookup like: user mailbox smithj john smith bloggsj joe bloggs search string: | inputlook...

by Path Finder in

Need help on finding daily hourly max for a month for a timechart

Hi All, I am pretty new to splunk and trying to figure out a splunk search query. I am extracting a monthly report...

by Explorer in

unable to filter specific source with REX

i have data coming from different sources (catalina,sailpoint,accesslogs,etc) now i want to filter it into different ...

by Loves-to-Learn in

Extract out the first line of results from Transaction command

Hello guys, I have a sample log that looks like this: DATE, TIME, LOGIN, IP_ADDRESS, USERID, EMPLOYEE_ID, WORKS...

by Path Finder in

Show meesage if no results but continue applyng commands if there are results

I have a following query: index=main source=mylogsource.log "Response Message:*" "234998102" | ifnoresults ---> (...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Splunk Left outer join

Is it possible to aggregate and search within aggregated results?

Is there a difference between Python and Perl Custom Searches?

Data of a field in next row in another field of current row

Cross referencing to fill in missing details

How to use variable within foreach command?

How to exclude sub folders

Table fields after using stats and xyseries

How can we improve the performance of an Hunk's query?

regex used in transforms.conf isn't extracting the fields though there isn't anything worng with the regex?

Is there a search or command that will number rows in a table?

Grouping a "time" span from one true value to another

How to edit my search to format String to Number with fieldformat for all 60 columns?

Which users have done this but have not done that ?

How to exclude last 3 values in the search results.

SEDCMD: to filter the character between the user

OR operator problem

Is there a way to speed up my search through millions windows security logs?

best tips for speeding up searches?

Group full auditd (rlog) EXECVE commands by User?

inputlookup format to insert wildcard * is it possible?

Need help on finding daily hourly max for a month for a timechart

unable to filter specific source with REX

Extract out the first line of results from Transaction command

Show meesage if no results but continue applyng commands if there are results

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!