Splunk Search

Discussions

Thread Info

VIM syntax highlighting for splunk config files

Just wanted to share with the community the plugin and syntax highlighter I've made for VIM. To enable syntax high...

by Contributor in

Help me with transaction command

Is there any option other than transaction command to measure the time between events? because i am already using tra...

by Communicator in

How to edit my search to limit the distinct user count by set number of events per unique user?

I was asked to provide active users since December 2016. With the logs we're working with, there's really no way to g...

by Explorer in

Eval RegEx for Host Name from FQDN

Is there a way to write an eval to pull back host name Server1 from Server1.12.city.net

by Engager in

How to edit my search to track event counts by Index/Sourcetype to see when data is no longer being received?

Looking to build a report to list all the indexes/sourcetypes in use. And be able to monitor event counts as they go ...

by Path Finder in

How to check if a word is in a CSV file, and if it is, display results in a table?

I have some data, if the message contains a word which is in a csv file, then results should show in a table. How sho...

by Communicator in

Why is there a difference in results depending on whether or not there are quotation marks in my search syntax?

A search for "ip=100.2.2.2" userid=foobar (identifying information has been changed) produces 5 results. However, whe...

by Explorer in

How can I find the reoccurring group of transactions over time?

Hey Folks, I have a transaction search that "groups" various things of interest (5m maxspan etc ). I was wondering...

by Explorer in

how to extract these fields using regular expression

"cvpEditAction" : "R", "cvpEditAllowedAmount" : 333.57, Could someone please help me how to extract these? thanks.

by Explorer in

Could anyone explain what the below eval condition is doing my search?

The following is the search in my Splunk. Now I am just trying to understand the structure and that condition means c...

by Builder in

How to serach for Windows Server created and enabled accounts of type Administrator - excluding Standard user account type.

I thought the following query would return that but I can see accounts of type "Standard User". "search host=* AND...

by Explorer in

how to find out scripts running on indexers

hi, Is there a way to find out the scripts running by users on indexers because few backs when i ask a user , he t...

by Path Finder in

MV field split by comma and not line break

I have a group of multivalue fields that are listed with linebreaks . I'm looking to remove the line breaks from one ...

by SplunkTrust in

Evaluate multiple events with same data.

I would like to count the number of times a Server went down based on up/down status field. How can i evaluate multip...

by Explorer in

Cannot sort dynamic column in date format

Hi, I tried to summary data in each assignment_group_name by month here is my code: index="snow" sourcetype="snow:in...

by Explorer in

Stats Distinct Count (X) + X[Values]

Hi Splunkers, I have a query that gives me the following fields I want to work with. username Country (after ...

by Explorer in

Relative Time search (e.g. today 4AM)

Hi, I have a report (scheduled to be run every 5 minutes) that I have built, it list the number of specific event...

by New Member in

Why are some searches only rarely executed without any warning or error?

Hey everyone i have a little bit of a problem with some of my searches, as I am only rarely able to execute them. ...

by New Member in

how does the attribute "maxHotIdleSecs" work?

In my indexes.conf file (C:\Program Files\Splunk\etc\system\local) I have the attribute "maxHotIdleSecs = 86400" S...

by Path Finder in

SPL: extract logfile name from source field

Hi, I am trying to setup a dropdown bar for a dashboard and would like to setup dynamic inputs based on the source lo...

by Path Finder in

How edit my search to get a chart of bin counts over time?

I'd like to create a chart of bin counts over time (with a span defined). Right now, I can get the result over the wh...

by New Member in

Why I have "Duplicate values causing conflict" with eval ?

Hi, Can you tell me why i can't update my dynamic list on my dashboard ? I have this message : "Duplicate values c...

by Path Finder in

Group multiple Keys and count the values by status and table the results

Good day, i have the follwing key values: CMD=LOOK ITEM1=APPLE ITEM2=APPLE ITEM3=ORANGE STAT=0 CMD=LOOK ITEM1=APPL...

by Explorer in

HELP! Extracting JSON rex not working...

Hello all, I am trying new things and expanding my palate but having a problem extracting JSON. My Search: i...

by Explorer in

How to use a list of whitelist mac addresses to find "bad" mac addresses?

Hello, for control dhcp server, need to search "bad" mac addresses, but use whitelist . And need modify search string...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

VIM syntax highlighting for splunk config files

Help me with transaction command

How to edit my search to limit the distinct user count by set number of events per unique user?

Eval RegEx for Host Name from FQDN

How to edit my search to track event counts by Index/Sourcetype to see when data is no longer being received?

How to check if a word is in a CSV file, and if it is, display results in a table?

Why is there a difference in results depending on whether or not there are quotation marks in my search syntax?

How can I find the reoccurring group of transactions over time?

how to extract these fields using regular expression

Could anyone explain what the below eval condition is doing my search?

How to serach for Windows Server created and enabled accounts of type Administrator - excluding Standard user account type.

how to find out scripts running on indexers

MV field split by comma and not line break

Evaluate multiple events with same data.

Cannot sort dynamic column in date format

Stats Distinct Count (X) + X[Values]

Relative Time search (e.g. today 4AM)

Why are some searches only rarely executed without any warning or error?

how does the attribute "maxHotIdleSecs" work?

SPL: extract logfile name from source field

How edit my search to get a chart of bin counts over time?

Why I have "Duplicate values causing conflict" with eval ?

Group multiple Keys and count the values by status and table the results

HELP! Extracting JSON rex not working...

How to use a list of whitelist mac addresses to find "bad" mac addresses?

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

Wrapping Up Cybersecurity Awareness Month

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions