Splunk Search

Discussions

Thread Info

How to return data based on search of one Source and lookup to a second

Hopefully this will set the issue out clearly. I have two sources, Transaction and Request. The Transaction hold...

by Explorer in

How to modify a dashboard input token before passing to a search

Is it possible to modify the value of a token obtained from a dashboard input prior to it being used in a panel? In t...

by Engager in

Calculating difference between time of 2 events

I am trying to extract the difference of time(duration) of 2 events in days. I have 2 saperate event for the same ...

by New Member in

parsing _internal logs

Hi Fellow Splunkers, Have a hopefully quick question:Want to pull out the source and host from the Windows _interna...

by Communicator in

Exclude unwanted apps from web-logs

Hi, Can anyone pls figure out from these list of apps which of these apps from web logs are not required for inves...

by Builder in

How to Add Datamodel Fields in Search and Reporting App via Clicking

Hello Splunk Community, I hope this message finds you well. I'm currently working on enhancing my workflow in the S...

by New Member in

search event even in achive data (cold etc.)

Hi Actualy I trying to search data even the archived ones but as you can see in printscreen below I get only th...

by Explorer in

Eval case statement

Hello, I hope everything is okay. I need your help. I am using this spl request : "ind...

by Path Finder in

Facing issues with Reports

Hello All, I am calculating burnrate in splunk, and using addinfo for enrichment to display it on the dashboard. ...

by Loves-to-Learn Everything in

Eval function as result of IF statement

Is it possible to have the true and false parts of an if statement contain eval statements. | eval pwdE...

by Contributor in

How to join 2 event ID in same index (wineventlog)?

Hi all, I searched my issue on community. There are lots of threads but i couldn't find my issue. As i know i can n...

by Engager in

How to write a Rex query that will ignore some characters and then extract the message?

I have error logs like the below. How can I write a Rex query to match both the logs and only extract the message aft...

by Engager in

How to compare event data with lookup data to find missing field values?

I need to compare the values of 2 fields from the Splunk data with the field-values from the lookup and find the miss...

by Explorer in

How to extract Json Object Property to Create Table?

I have event Logs Similar to this. {Level: Information MessageTemplate: Received Post Method for activity: {Ac...

by Loves-to-Learn in

How to use stats with condition from multiple fields?

Greetings, I am struggling with creating a table in splunk which would do the following transformation: Find ...

by Explorer in

Why is statement not returning expected results when counting events by "UserAgent" field?

HelloI'm trying to count events by field called "UserAgent"If im searching for the events without any calculated fiel...

by Explorer in

How to timewrap for today Format

Hi Splunk Experts,The timewrap command is using d(24 hr) format, but I'm wondering is it possible to make it Today fo...

by Contributor in

AD servers with indexing delays when evt_resolve_ad_obj=1 in inputs.conf

We ran into this known issue with the AD servers having indexing delays of a couple of days when enabling evt_resolve...

by Motivator in

Splunk Lookup compare with index

Query to output missing data in lookup file.I have a lookup file with below datacountry_name--------------------Brazi...

by Explorer in

Excluding either the start or end of a transaction when parsing result with rex command

I'm using the rex command to parse a value out of the results of a transaction command. Is there an easy way to restr...

by Path Finder in

How to display the 1st 10 lines in events

Hi, I have Error logs which is having more than 50 lines but requirement is to be displayed for 1st 10 lines instea...

by New Member in

Search to match high temp events, but ignore specific events on host that trigger within 25 seconds of each other

Hello all, We have a Splunk alert that searches for high temperature events on Juniper routers, it's a very straigh...

by Explorer in

Why won't my dataset literals parse?

In the documentation on dataset literals there is an example query: FROM [ { state: "Washington", abbreviation...

by Explorer in

what are the benefits vs drawback in :: and =

whats the difference between :: and = in splunk search. what are the benefits vs drawbacks

by Engager in

Select the right index based on value in Dropdown

I have a dropdown with two values PROD and TEST. Based on my selection in my panels in the dashboard I have to choose...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to return data based on search of one Source and lookup to a second

How to modify a dashboard input token before passing to a search

Calculating difference between time of 2 events

parsing _internal logs

Exclude unwanted apps from web-logs

How to Add Datamodel Fields in Search and Reporting App via Clicking

search event even in achive data (cold etc.)

Eval case statement

Facing issues with Reports

Eval function as result of IF statement

How to join 2 event ID in same index (wineventlog)?

How to write a Rex query that will ignore some characters and then extract the message?

How to compare event data with lookup data to find missing field values?

How to extract Json Object Property to Create Table?

How to use stats with condition from multiple fields?

Why is statement not returning expected results when counting events by "UserAgent" field?

How to timewrap for today Format

AD servers with indexing delays when evt_resolve_ad_obj=1 in inputs.conf

Splunk Lookup compare with index

Excluding either the start or end of a transaction when parsing result with rex command

How to display the 1st 10 lines in events

Search to match high temp events, but ignore specific events on host that trigger within 25 seconds of each other

Why won't my dataset literals parse?

what are the benefits vs drawback in :: and =

Select the right index based on value in Dropdown

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions