Splunk Search

Discussions

Thread Info

How to check if values are incremental by 1 for a specific category

If the above displayed data is the result for my stats command [stats values(Values) as Values by Category], how can ...

by Explorer in

Rex not yielding result

Data: {"Field1":"xxx","message1":"{0}","message2":"xxx","message3":{"TEXT":"xxxx: xxx\r\n.xxxxx: {\"xxxxx\":{\"@CDI\"...

by Explorer in

Hi, Splunk defaults to 1 hour per column, how can I change that to 1 min per column to get a more detailed view?

by New Member in

How to split a field having multiple lines into individual lines and finally display in table format

I have field in the event which has multi-line data (between double quotes) and I need to split them into individual ...

by Loves-to-Learn Lots in

Is there a way to enforce SPL formatting in URL?

Is it possible to add some parameters in Splunk URL so that after clicking the URL, the viewer will see a well format...

by New Member in

Lookup - Filter a search with lookup content

Greetings. I am quite new to Splunk and read a lot of sources. However, I have a hard time to find my answer abou...

by Engager in

Set alert search results to 0 or have my query not find any results on a particular day between 1 AM and 2 AM?

I have an idea and am looking for some input on how to approach it, where to start. As mentioned in the subject. I...

by Contributor in

Alert Based Off Current Event Duration

Goal: Being able to alert off the latest event if the event is more than 300 seconds and is not blank or "non-product...

by Explorer in

I need help working with a Lookup Table...

Hello again!I'm working with two different sources of data both tracking the same thing but coming from different sou...

by Path Finder in

Slow scanning

hi guys, I want to detect that more than 10 different ports of the same host are sniffed and scanned every 15 minutes...

by Explorer in

Enhancing Data with Field Extraction and Automated Lookups

Hello to all,i have the following Issue:I receive logs from an older machine for which I cannot adjust the logging se...

by Explorer in

Why is tstats not working on docker image datasets?

I'm totally and utterly new to splunk. Just ran the dockerhub sample, and followed the instructions: https://hub.dock...

by Engager in

Difference in using IN and = when there is only single value?

Is there any performance impact when used, index IN ("windows_server") OR index="windows_server" ?

by Loves-to-Learn in

How to find correct logs to find error count.

I want to calculate the error count from the logs . But the error are of two times which can be distinguish only from...

by Path Finder in

CPU & MEMORY utilization

HI Team, how to write search query for cpu & memory utilization please help on this thanks

by Explorer in

In-built field extraction not working - different delimiters

Hello, I am new to splunk and I trying to extract the fields using built-in feature. Since the log format contain ...

by New Member in

Experiencing a 'Search Peer has the following message: 'Error in 'SearchParser

Hello I've encountered an issue in my Splunk environment that's been causing some headaches. When running a search,...

by Explorer in

How to exclude multiple values from multiple fields?

I am trying to filter multiple values from two fields but not getting the expected result. index=test_01 EventCode=...

by Loves-to-Learn Everything in

How do I get data from Splunk REST API using python? Receiving error

Hi, so my team is currently has some data on Splunk cloud. My task is to use your REST API to get this data using py...

by Loves-to-Learn in

Translation lookup table

I have extraction of a field called Tool (Textual) The field values can be in English, German, French or Spanish. I ...

by Engager in

Does "WHERE" SQL clause have the same row limitation as "INNER JOIN"?

Hello,Does "WHERE" SQL clause have the same row limitation as "INNER JOIN"?Does "WHERE" and "INNER JOIN" have the sam...

by Builder in

How to extract a threshold from lookup and create a default value?

Hi, I'm trying to create a filter based on a threshold value that is unique for some objects and fixed for the ot...

by Explorer in

How can I see what my universal and heavy forwarders are ingesting and sending

I'm trying to produce an architecture diagram of our Splunk environment and I want to know what each of our universal...

by Path Finder in

How to search from a static lookup?

Hi, I'm trying to create a table that contains a list of tasks. The list is static and stored in a lookup table ca...

by Engager in

How to Count the percentage of stats by two fields (not total)?

[search] |stats count by ClientName Outcomeexample: Client1 Positive count Client1 Negative count Client2 Po...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to check if values are incremental by 1 for a specific category

Rex not yielding result

Hi, Splunk defaults to 1 hour per column, how can I change that to 1 min per column to get a more detailed view?

How to split a field having multiple lines into individual lines and finally display in table format

Is there a way to enforce SPL formatting in URL?

Lookup - Filter a search with lookup content

Set alert search results to 0 or have my query not find any results on a particular day between 1 AM and 2 AM?

Alert Based Off Current Event Duration

I need help working with a Lookup Table...

Slow scanning

Enhancing Data with Field Extraction and Automated Lookups

Why is tstats not working on docker image datasets?

Difference in using IN and = when there is only single value?

How to find correct logs to find error count.

CPU & MEMORY utilization

In-built field extraction not working - different delimiters

Experiencing a 'Search Peer has the following message: 'Error in 'SearchParser

How to exclude multiple values from multiple fields?

How do I get data from Splunk REST API using python? Receiving error

Translation lookup table

Does "WHERE" SQL clause have the same row limitation as "INNER JOIN"?

How to extract a threshold from lookup and create a default value?

How can I see what my universal and heavy forwarders are ingesting and sending

How to search from a static lookup?

How to Count the percentage of stats by two fields (not total)?

Get Schooled with Splunk Education: Explore Our Latest Courses

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Buttercup Games: Further Dashboarding Techniques (Part 5)

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...