Splunk Search

Thread Info

How to replace replace strings?

Hello,I have a lookup file with data in following format name _timesrv-a.xyz.com 2017.07.23srv-b.wxyz.com 2017.07....

by Path Finder in

How to Change rate in percentage?

Hi all, i count the number of ssl-login-fail for each hour. index... host... action="ssl-login-fail" | timechart s...

by Explorer in

iplocation query: How to show the country with this search?

index=o365 [ | inputlookup watchlistriskyusers.csv | rename email AS query | fields query ] sourcetype="o365:manageme...

by Engager in

How to create Rex to extract a value from string?

Hello, I am new to splunk rex, so need help for regex. In logs, i have extracted string, however again i need to ...

by Loves-to-Learn in

Query to get the result from one sourcetype and get other field values based on the output from other sourcetype

Need help in creating a query to get the result from one sourcetype and get other field values based on the output fr...

by Path Finder in

How to create Rex for extracting a value from string?

Hello, I am new to splunk rex, need help for below to extract a value from string. rex "Error while calling databa...

by Loves-to-Learn in

How to monitor 365 Mailbox permissions?

We're trying to set up some searches/alerts when someone makes a change to mailboxes on Exchange Online. I'm still le...

by Explorer in

How to use stats() by one value, "all" and stats() by each selected value ?

Hi all, I want to analyze the Round Trip Time and received count in Ping command for each ping packet size or for a...

by Path Finder in

How to use delimiter to filter data from a selected field in splunk??

Hi ,I have my log entries line below: 2023-08-22T10:48:01.340641-07:00 ARC1 ( PID:63766948) ...

by Explorer in

How to use Time Picker(Time range) in "inputlookup"?

Hi, How to i must use time range earliest=-24h@h latest=now() in search | inputlookup lookup. I tried to do so | inpu...

by Engager in

How to use the regex matched variables from the first search into the other search

My first search with regex as following: index=bigip "Storefront_v243" | rex ".*Common:(?<sid>.*?): New session fro...

by Explorer in

How to install a custom python library for a app with a lot of dependencies?

Hi, Hope you'll are having a great day! Coming to the question: How can I install Python libraries for usage in s...

by Path Finder in

How to Export Splunk logs to another SH; search differentiation question?

This is a two parter: 1. Is there a way to export Splunk logs from an indexer to an offline Splunk Search Head an...

by Path Finder in

How to create stats count by combine values?

I have a big query that produces output like this. Those rows are guid id, count of occurrences, then ip addresse...

by Explorer in

How to use dashboard using sparkline with partial=f?

Im trying to make a high level view dashboard that has multiple dashboards in it. I want to use the sparkline because...

by Loves-to-Learn Everything in

How to calculate number of days between two dates for a list of dates?

Hello Community, I am trying to calculate number of days (difference) between today's date and a list of dates but ...

by Explorer in

How to List all Long running calls?

Each call in my own application contains a unique identifier.Want to list down all the current calls which are runnin...

by New Member in

Lookup search query field comparison and output

Hi Team, I would like to achieve something similar to below 1- I have a csv lookup table name - customer-devices....

by Explorer in

How to Calculate the difference between two rows of a column?

I have a splunk query shown below. basesearch | stats avg(time) as executionTime by method ...

by Path Finder in

How to copy data from one index to another index?

What will be the query to copy all data from one index to another index in splunk ,we are using splunk for jenkins l...

by Engager in

How to perform lookup in CSV file from index without combining data in one row (and without mvexpand)?

How to perform lookup in CSV file from index without combining data in one row (and without mvexpand)? | index=vuln...

by Builder in

How to compare the results of 2 searches?

I have splunk logs that are of 2 types, successes and failures. They contain 2 things: "SUCCESS" "ID: <IDNumber>" ...

by Engager in

How to extract data from CSV files?

hello team, I have data from CSV files coming into my Splunk instance, I can search and find that data. However...

by Engager in

How to Compare two fields from one search with alerting and variable?

Hello Community, i get all 24h a version REST call.How to get a alert mail with the new version (like 2023-09) as ...

by Engager in

How to list all the events on same timestamp and capture only the required line?

Hi Splunk Experts, I'm trying to list all the events on same timestamp and trying to capture only the required lin...

by Contributor in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

How to replace replace strings?

How to Change rate in percentage?

iplocation query: How to show the country with this search?

How to create Rex to extract a value from string?

Query to get the result from one sourcetype and get other field values based on the output from other sourcetype

How to create Rex for extracting a value from string?

How to monitor 365 Mailbox permissions?

How to use stats() by one value, "all" and stats() by each selected value ?

How to use delimiter to filter data from a selected field in splunk??

How to use Time Picker(Time range) in "inputlookup"?

How to use the regex matched variables from the first search into the other search

How to install a custom python library for a app with a lot of dependencies?

How to Export Splunk logs to another SH; search differentiation question?

How to create stats count by combine values?

How to use dashboard using sparkline with partial=f?

How to calculate number of days between two dates for a list of dates?

How to List all Long running calls?

Lookup search query field comparison and output

How to Calculate the difference between two rows of a column?

How to copy data from one index to another index?

How to perform lookup in CSV file from index without combining data in one row (and without mvexpand)?

How to compare the results of 2 searches?

How to extract data from CSV files?

How to Compare two fields from one search with alerting and variable?

How to list all the events on same timestamp and capture only the required line?

Preparing your Splunk Environment for OpenSSL3

Unleash Unified Security and Observability with Splunk Cloud Platform

Splunk AppDynamics with Cisco Secure Application

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

Issue with StateSpaceForecast from the MLTK app

Notepad++ SPL syntax highlighting

Some cloudwatch log collection errors