Splunk Search

Ask a Question

Discussions

Thread Info

Days Between Question

I am trying to determine the days between a static date and current date in this query I added a the 2008r2 column...

by Engager in

REX expression for multiple extractions in columns

Hello all, I was hoping I could get a bit of assistance in figuring out a rex expression I could use to extract pa...

by Path Finder in

I need to set 24hours default search intervals for user role

We have 3 custom roles (user, power user and admin) and i would like to set 24hours as default search interval or blo...

by Explorer in

How to get duration of transactions within the earliest and latest time?

Hi all, Below is how the data I have. currentDate user _time 2017-02-01 aaa 8:00:00 2017-02-01 aaa 9:12:00 2017...

by Path Finder in

Is there a way to write a splunk query which displays our props.conf , transform.conf , indexes.conf configuarion as outputs

I would like to see in props.conf how data parsing is done My query should return results stating sourcetype ...

by New Member in

How to Display Each Event of User with "X" Number of Failed Logins

Good morning, I have the following search: index=[my index] source=[my source] sourcetype=[my sourcetype] event...

by Path Finder in

User has left the company, but audit shows failed logins every 15 minutes. How can I find the source of these failed attempts?

Hello everyone, I have inherited shared responsibility for a Splunk instance. We recently had a user departure, an...

by Contributor in

How can I tag or mark _internal events from different environments?

We have a requirement to collect data from testing enclaves (that have copies of production devices) to our primary S...

by Explorer in

Calculating data with multiple transactions per order

Hi, I have the following data with the following columns, OrderNo, Transaction Start, Transaction Stop. I wrote a sea...

by Path Finder in

Merging search results into lookup file

I am having lookup file with list of Jobs to be monitored. I want to create a table with the jobs name from lookup fi...

by Contributor in

Use inputlookup to find servers not reporting

Here's the scenario: server102 has not reported data in the last 15 minutes. I want to use my inputlookup in conjunct...

by Explorer in

Nedd regex help to use part of a filepath as source type

I have a source of /var/log/opscode/desired_sourcetype/current. I need to get the part of the filename that is called...

by Builder in

How to correct timestamp parsing and field extraction of XML log?

Hi, novice splunker here. I'm having an issue in getting all the timestamps correctly parsed from the DATE and TIM...

by Explorer in

How to search a area based on a given lat/lon

Hi, I have a requirement - the user will enter a lat,lon in the filter and expects Splunk to search the "nearby 10...

by Communicator in

Change the evaluation direction of streamstats?

The streamstats last function is very close to a very important tool in my workflow; however, I would like it to eval...

by Explorer in

Splunk 6.5.0: How to access the first row from the search result in a dashboard?

Recently upgraded to Splunk 6.5.0. I am trying to access the first row from the search result in a dashboard. In vers...

by Explorer in

How to get a count of stats list that contains a specific data?

Hi all, How to get a count of stats list that contains a specific data? Data is populated using stats and list() c...

by Path Finder in

How to show non number values on y axis on a chart

I have the following search and I would like to present instead of the 40 dummy values, the actual name of the field ...

by Contributor in

Comparing the firewall ip to the inputlook which contains the blacklisted ip and need to display the count and source

Hi, I have a blacklisted inputlookup csv which contains 20000 blacklisted ip. I need to compare the inputlookup wi...

by Path Finder in

How to create a search to compare a lookup CSV file of blacklisted IPs with firewall logs?

Hi All, I have a blacklisted IP CSV file (Placed in lookup folder of search(app)). I need to compare with firewall...

by Path Finder in

How to edit my transaction search so that it will only return grouped results?

This seems like it would be easy to figure out through search but I'm coming across a dead end. I have a transaction ...

by Builder in

Top10 in percent with lookup

This is my first attempt to create a "bigger" splunk search. I tried it the last two weeks but am stuck now. Hopefull...

by Engager in

How do I pull only specific status entries from a sourcetype at a given time?

I have one source-type with column names srno for a ticket. Scenario: Ticket status gets updated per it's life cyc...

by Engager in

How to search files compressed using Snappy from virtual indexes?

Hi all, I have a few files (containing syslog events) in my Hadoop HDFS compressed using Snappy, and I configured ...

by New Member in

How to optimize my lookup search with large amounts of data?

I'm currently collecting IoCs in terms of IPs and Domain names and want to run searches towards my historical log-dat...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Days Between Question

REX expression for multiple extractions in columns

I need to set 24hours default search intervals for user role

How to get duration of transactions within the earliest and latest time?

Is there a way to write a splunk query which displays our props.conf , transform.conf , indexes.conf configuarion as outputs

How to Display Each Event of User with "X" Number of Failed Logins

User has left the company, but audit shows failed logins every 15 minutes. How can I find the source of these failed attempts?

How can I tag or mark _internal events from different environments?

Calculating data with multiple transactions per order

Merging search results into lookup file

Use inputlookup to find servers not reporting

Nedd regex help to use part of a filepath as source type

How to correct timestamp parsing and field extraction of XML log?

How to search a area based on a given lat/lon

Change the evaluation direction of streamstats?

Splunk 6.5.0: How to access the first row from the search result in a dashboard?

How to get a count of stats list that contains a specific data?

How to show non number values on y axis on a chart

Comparing the firewall ip to the inputlook which contains the blacklisted ip and need to display the count and source

How to create a search to compare a lookup CSV file of blacklisted IPs with firewall logs?

How to edit my transaction search so that it will only return grouped results?

Top10 in percent with lookup

How do I pull only specific status entries from a sourcetype at a given time?

How to search files compressed using Snappy from virtual indexes?

How to optimize my lookup search with large amounts of data?

.conf25 Global Broadcast: Don’t Miss a Moment

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions