Splunk Search

Discussions

Thread Info

how to reverse field value in Splunk

Hi Team, I have a field name domain with value "www.microsoft.com"; how I can reverse that and make it to "com....

by Engager in

INLINE EXTRACTION with /g option for RegEX

Hi.Question:is there a way to add the classic /g option for RegEX in INLINE RegEX extractor for Splunk (props), witho...

by Builder in

Joining two queries not giving the desired result

I have 2 queries and joining it with "Join" using the common field "SessionID".With the below query I'm just getting...

by Path Finder in

index and the sourcetypes in which the hosts have collected events, with the date of the first and last event on the spe

on index=_internal I have to create two searches one on (report ) and one connected to the dashboard where the index ...

by Loves-to-Learn Everything in

リアルタイムアラートのルックアップ参照について

リアルタイムアラートにて受信したイベントをCSV lookupを参照して処理し、結果をアラート機能の「結果をルックアップに出力」でCSV lookupに追加しています。イベントの処理中に次のイベントが来た際、処理中のイベント結果...

by Observer in

bucket repair

splunk fsck repair --all-buckets-all-indexes i need to know where i need to put this command on Linux

by Explorer in

Sort result of bin to draw distribution histogram

Hi I'm trying to draw a distribution histogram of the duration to complete a specific action. The search is: ...

by Communicator in

Help on input text token

Hi I use an input text token in.my dashboard in order to retrieve spécifications numériques for a field It works ...

by Motivator in

Actions in regards to events coming in

We have searches for 4740 account lockouts not showing as action=lockout but instead as action=modified. This is im...

by Path Finder in

How to dynamically set a variable for Dashboard Panel Title?

I am looking to dynamically update the Splunk Dashboard panel title, depending on options I've chosen from a dropdown...

by Path Finder in

Line breaking issue with [source] stanza (with [sourcetype] stanza working fine

We are trying to do custom linebreaking for different types of logs under the same sourcetype using the props below. ...

by Path Finder in

Splunk Query to find the AD groups not configured in SAML - Splunk Cloud.

Hello, I'm looking for a splunk query to capture AD groups that are not integrated with SAML in Splunk Cloud

by Path Finder in

query search don't match on input

by Loves-to-Learn Everything in

populate multiselect

why doesn't this search populate the multiselect

by Explorer in

trim everything till refusal reason from the start

Hi, I am trying to trim everything before the "211 Withdrawal amount exceeded: from the output -- WITHDRAWAL_AMOU...

by Communicator in

How to check for armis logs in cloud?

Hi All, How do we check for armis app alert logs in cloud, recently We have updated the app so how we can check fo...

by Builder in

Piechart split for selected hostname?

Hello Everyone, I am trying to create piechart for cache operation split(in percentage) for hit/miss/pass using th...

by Path Finder in

Help on nav menu- How to display a menu called "test" and when I click on it, it will display other dashboards?

Hi In my nav menu, i would like to display a menu called "test" and when i click on i would to display other dash...

by Motivator in

Why is my join not working here?

Hi,In my first search, I got all the details which needs to be displayed in the results but it doesn't have an IP fie...

by Path Finder in

Cloudwatch metrics averages/max etc grouped by account?

Greetings, Splunk user but newbie still. I am building some searches to show AWS cloudwatch data averages per ...

by Loves-to-Learn in

Help on dropdown list token

Hi I try to filter my table events from à dropdown list like this Owner=$owner$ The item syntax in the dropdown...

by Motivator in

Help with splunk query to find login events that happen at a strange time per user

Working on a splunk query to find login events that occur outside of the users' typical sign in times. I do not want ...

by Loves-to-Learn Lots in

error while searching host | Error in 'litsearch' command: Your Splunk license expired

Hello Splunk Support, When I search in Splunk console. I got an issue as below: Error in 'litsearch' command: Yo...

by New Member in

How to execute javascript after a search?

Hi, I've copied the Search & Reporting app folder as my own app in /etc/apps, now I want to add some JS to be exec...

by Explorer in

Help with Field Extraction Using Regex

I have 2 requests here. I am trying to extract and create a new field from logs. Logs for request 1: ...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

how to reverse field value in Splunk

INLINE EXTRACTION with /g option for RegEX

Joining two queries not giving the desired result

index and the sourcetypes in which the hosts have collected events, with the date of the first and last event on the spe

リアルタイムアラートのルックアップ参照について

bucket repair

Sort result of bin to draw distribution histogram

Help on input text token

Actions in regards to events coming in

How to dynamically set a variable for Dashboard Panel Title?

Line breaking issue with [source] stanza (with [sourcetype] stanza working fine

Splunk Query to find the AD groups not configured in SAML - Splunk Cloud.

query search don't match on input

populate multiselect

trim everything till refusal reason from the start

How to check for armis logs in cloud?

Piechart split for selected hostname?

Help on nav menu- How to display a menu called "test" and when I click on it, it will display other dashboards?

Why is my join not working here?

Cloudwatch metrics averages/max etc grouped by account?

Help on dropdown list token

Help with splunk query to find login events that happen at a strange time per user

error while searching host | Error in 'litsearch' command: Your Splunk license expired

How to execute javascript after a search?

Help with Field Extraction Using Regex

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6