Splunk Search

Discussions

Thread Info

How to map every event which has a lat and long field?

I have 35 events. Each one has a lat and long field. How do I map each one of them to an individual point on a map? W...

by Contributor in

Can you expose an env variable as a field in events coming from that forwarder

I am trying to expose an environment variable and make it a field for events coming from a splunk universal forwarder...

by Path Finder in

How to generate a search to find a local account added to admin group within one hour?

How can I find if a local account/user has been created and then added to the admin/domain admin group within a span ...

by New Member in

Can I perform If-Then-Else logic within a search?

I have a field that I want to report on, but in some of my events, that field is missing (null) and so I'd like to us...

by Splunk Employee in

If function returning integers?

This code snippet is being used to calculate a time into a normal time in the H.M format. The numbers are something l...

by Explorer in

I am not being able to calculate time difference between two event codes that are 1100 and 13, and also i want to exclude the logs if the interval between these two codes are less than 15 seconds

Am trying below query but its not Working: index=* (sourcetype=WinEventLog:System OR sourcetype=WinEventLog:Security)...

by Explorer in

How to find duration between multiple timestamps of different users?

Hi all, The boundary of the logs: date and user. Total logs is more than 1000 logs. How should I list the date?...

by Path Finder in

return command - exit (or return known value) if no results found

I have a search that is basically (there are actually 2 sub searches, but this makes it easier to understand): ind...

by Explorer in

Multiple values for table and values unique

Hi guys, Can you help me ? I need to do a table like this New date available | Origine date available ...

by Path Finder in

data is displayed by alphabetic order of the month name when using date_month to sort

In 4.2.x, instead of June, July, August, September, the data listed as August, July, June, September. Data is display...

by Splunk Employee in

how to search in default indexes (not only one) in one app without providing the index.

Hello folks There is a way to configure which indexes belongs which splunk app. Is there also a way to configure i...

by Path Finder in

cron search in dashboard panel

Hello, I am trying to create a search query, which i will later transfer to dashboard panel. This query is monitor...

by Explorer in

How to get the hostname from the logs?

Hi, I have the syslogs coming from 4 consoles in to single path, how to extract the hostnames in inputs.conf file?...

by Builder in

Lookup on text file not working

I wanted to use a file to use for usernames. For example, I want to know when the following people's account informat...

by Explorer in

Calculate delta for range of time

I'm fairly new to Splunk and its query language. I have this data that I'd like to search through and visualize in a ...

by Engager in

How to get the previous savedsearch by a given savedsearch from the same user?

I used the following query to get a list of savedsearches by a given user: index=_internal user="John Doe" | tabl...

by Communicator in

Multiple lookups, with an OR

I am looking to use lookups in an OR for a search. Roughly what I want to do is: <search> ((if IP_From_BAD_IP matc...

by Path Finder in

How can I show the fields which have a specific value?

I'm running the following - index=<claims_index> geico | table *. This index has around 200 fields and I would like t...

by Ultra Champion in

How to get different URIs in different fields using eval command?

I have a URI field that contains call to different APIs like: http://mydomain.com/A/v1/* http://mydomina.com/B/v1/...

by New Member in

multiline log regex and field help

I took a look at quite a few of the threads on here to solve my problem first, but mine seems to be a little more uni...

by Path Finder in

How to group URLS based patterns?

I have n of log files and i'm getting the proper result for each URL as of now, but im facing issue since the same ur...

by New Member in

How to edit my search to find the average time duration between 2 events of same transaction id?

Below is sample transaction id having multiple events of which 2 specific events are as follows: { Date_time: 22...

by New Member in

Start timer with transaction

Hi guys, I need help cause I want start a timer when i have one values and end this same timer when this values i...

by Path Finder in

Timerange Setting

In this I want to user to select the time range of maximum 6 month. It may be less than 6 month but can't be greater ...

by Explorer in

Create a table that shows last 5 days and timestamps of found events each day

Hello, I want to create a search that looks for events that contain a value for a field, and then show the timesta...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to map every event which has a lat and long field?

Can you expose an env variable as a field in events coming from that forwarder

How to generate a search to find a local account added to admin group within one hour?

Can I perform If-Then-Else logic within a search?

If function returning integers?

I am not being able to calculate time difference between two event codes that are 1100 and 13, and also i want to exclude the logs if the interval between these two codes are less than 15 seconds

How to find duration between multiple timestamps of different users?

return command - exit (or return known value) if no results found

Multiple values for table and values unique

data is displayed by alphabetic order of the month name when using date_month to sort

how to search in default indexes (not only one) in one app without providing the index.

cron search in dashboard panel

How to get the hostname from the logs?

Lookup on text file not working

Calculate delta for range of time

How to get the previous savedsearch by a given savedsearch from the same user?

Multiple lookups, with an OR

How can I show the fields which have a specific value?

How to get different URIs in different fields using eval command?

multiline log regex and field help

How to group URLS based patterns?

How to edit my search to find the average time duration between 2 events of same transaction id?

Start timer with transaction

Timerange Setting

Create a table that shows last 5 days and timestamps of found events each day

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions