Splunk Search

Discussions

Thread Info

Why is statement not returning expected results when counting events by "UserAgent" field?

HelloI'm trying to count events by field called "UserAgent"If im searching for the events without any calculated fiel...

by Explorer in

How to timewrap for today Format

Hi Splunk Experts,The timewrap command is using d(24 hr) format, but I'm wondering is it possible to make it Today fo...

by Contributor in

AD servers with indexing delays when evt_resolve_ad_obj=1 in inputs.conf

We ran into this known issue with the AD servers having indexing delays of a couple of days when enabling evt_resolve...

by Motivator in

Splunk Lookup compare with index

Query to output missing data in lookup file.I have a lookup file with below datacountry_name--------------------Brazi...

by Explorer in

Excluding either the start or end of a transaction when parsing result with rex command

I'm using the rex command to parse a value out of the results of a transaction command. Is there an easy way to restr...

by Path Finder in

How to display the 1st 10 lines in events

Hi, I have Error logs which is having more than 50 lines but requirement is to be displayed for 1st 10 lines instea...

by New Member in

Search to match high temp events, but ignore specific events on host that trigger within 25 seconds of each other

Hello all, We have a Splunk alert that searches for high temperature events on Juniper routers, it's a very straigh...

by Explorer in

Why won't my dataset literals parse?

In the documentation on dataset literals there is an example query: FROM [ { state: "Washington", abbreviation...

by Explorer in

what are the benefits vs drawback in :: and =

whats the difference between :: and = in splunk search. what are the benefits vs drawbacks

by Engager in

Select the right index based on value in Dropdown

I have a dropdown with two values PROD and TEST. Based on my selection in my panels in the dashboard I have to choose...

by Explorer in

How to get change events only?

I have events with the following keys: key1, key2 & key3. I would like to get the change events i.e. events that ...

by Path Finder in

Regex that matches all characters including newline

What's the simplest regex that will match any character including newline? I want to be able to match all unknown con...

by Path Finder in

What is the fastest way to run a query to get an event count on a timechart per host?

What is the fastest way to run a query to get an event count on a timechart per host? This is for windows events and ...

by Explorer in

Splunk App for Anomaly Detection - "Could not load lookup=LOOKUP-HTTP_STATUS No matching fields exist."

In Step 2 "Add the Dataset" of "Create Anomaly Job" within the Splunk App for Anomaly Detection, when running the fol...

by Motivator in

How to subtract total values of 2 fields in a dashboard?

Hi there, I have a dashboard and I want to subtract the total number of events of 2 queries but not sure how to do...

by Communicator in

Lookup and setting default values using a variable if an entry is not found in the lookup table

I have the following Query: index=obh_prod sourcetype=obh:edge:api proxy!="ow*" |lookup blink_six_providers Provide...

by Explorer in

How to index data from zigbee2mqtt?

can't figure out how to indexing my data from zigbee2mgtt. The logs are exported from Home assistance via syslog, as...

by Observer in

What's best way to count calls from main search excluding sub search results?

Greetings. I'm trying to count all calls in this:index="my_data" resourceId="sip*" "CONNECTED"Where not in this:in...

by Path Finder in

run different filter in an index search based on a condition in dropdown

Is it possible to run different filter in an index search based on a condition in dropdown below?The second filter wo...

by Motivator in

Need help with python script to log into Splunk Cloud

I have the following script, but it keeps erroring out. def connect_to_splunk ( username ...

by Communicator in

Using comparison function within mstats

Hello fellow Splunkthiasts! I need some insights to understand how comparison functions in mstats could be used. Co...

by Path Finder in

Capture multiple values of same pattern in an event

How do we capture multiple URLs in a single event? Log1: type=EXECVE msg=audit(1695798790.101:25214323): argc=17 ...

by Explorer in

Getting a count of the number of fields associated with a sourcetype

I've done a little looking and poking around but haven't seen an answer to this - hopefully I haven't overlooked some...

by Motivator in

what is the use of below query?

index=botsv1 sourcetype="stream:http" | timechart max(date_year)

by Observer in

How to combine two csv?

Hi All, I have two csv files. File1.csv -> id, operation_name, session_id File2.csv -> id, error, operation_name ...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why is statement not returning expected results when counting events by "UserAgent" field?

How to timewrap for today Format

AD servers with indexing delays when evt_resolve_ad_obj=1 in inputs.conf

Splunk Lookup compare with index

Excluding either the start or end of a transaction when parsing result with rex command

How to display the 1st 10 lines in events

Search to match high temp events, but ignore specific events on host that trigger within 25 seconds of each other

Why won't my dataset literals parse?

what are the benefits vs drawback in :: and =

Select the right index based on value in Dropdown

How to get change events only?

Regex that matches all characters including newline

What is the fastest way to run a query to get an event count on a timechart per host?

Splunk App for Anomaly Detection - "Could not load lookup=LOOKUP-HTTP_STATUS No matching fields exist."

How to subtract total values of 2 fields in a dashboard?

Lookup and setting default values using a variable if an entry is not found in the lookup table

How to index data from zigbee2mqtt?

What's best way to count calls from main search excluding sub search results?

run different filter in an index search based on a condition in dropdown

Need help with python script to log into Splunk Cloud

Using comparison function within mstats

Capture multiple values of same pattern in an event

Getting a count of the number of fields associated with a sourcetype

what is the use of below query?

How to combine two csv?

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions