Splunk Search

Ask a Question

Discussions

Thread Info

Lookup in main search and subsearch - how to compare the results?

Hello I want to find in subsearch autonomous_system for the IP address which I provided (in this example for 1.1...

by Engager in

How to modify search result?

I have asset management data that i need to create weekly reports. When i make query for the data like query below...

by Path Finder in

How to extract field using rex?

Hi I need regular expression to extract field "timed out " by using below log .... "Description":"Job-2069950 ...

by Explorer in

How to create Timechart when no splitby available?

Hi Splunkers Need some help with a timechart query please. index=linux host IN (a,b,c,d,e) | timechart span=1we...

by Path Finder in

How to monitor smbv1 access on a domain via splunk ?

Hi, We wonder how to monitor the smbV1 access in a domain. We are already enabled the eventcode 3000 log ...

by Explorer in

How to calculate the count for each field in the past 3 days?

how to calculate the count for each field in the past 3 days. If the count for all 3 days is 0, and the count for to...

by Engager in

How to perform lookup on inconsistent IPv6 format in CSV file from index?

Hello,How to perform lookup on inconsistent IPv6 format in CSV file from index?For example:Index has collapsed format...

by Motivator in

Tstats: How to Include new field?

I want to use the new search signature="test" in the below search. I don't want to add this new signature to the e...

by Loves-to-Learn Lots in

How to perform search using 2 csv file to match 2 different values 1from first csv and other values from second csv?

I have indexes created and i have 2 csv first is ipv6.csv and its has coulmn called ip and second csv is cmd.csv it c...

by Loves-to-Learn in

Search with limited time clause

Hello all, I'm quite new to the wonderful world of Splunk, but not new to monitoring or IT in general. We are optim...

by Engager in

How to create a table with multiple fields?

Hi, I want to create a table in the below format and provide the count for them.I have multiple fields in my index...

by Path Finder in

How to store multiple values in one token and pass into another search

I have "Product Brand" multiselect filter in a Splunk dashboard. It is a dynamic filter rather than static. I also ha...

by Explorer in

Using stolen or forged user tickets (TGT)

hi guys, I want to detect a service ticket request (Windows event code 4769) and one of the following corresponding e...

by Explorer in

How to use custom key field in tstats?

I'm having trouble capturing the custom key - "UserKey_ABC" in the following script. With the following code, I'm n...

by Path Finder in

Best tool in the toolkit to access and correlate multivalue fields

Hi all, I've worked with multivalue fields in a limited capacity and I'm having trouble with a particular instance. G...

by Path Finder in

Determined which host doesnt have a particular software installed

index=xxxx sourcetype="Script:InstalledApps" DisplayName="Carbon Black Cloud Sensor 64-bit" I am trying to get the ...

by Engager in

Why does "geom geo_us_states" search display a world map instead of North America map?

Working my way through the Splunk e-learning offerings, I came across a lab exercise where the resulting query was ...

by Engager in

Convert seconds in days, hours and minutes?

Hi, i have a duration in seconds and want to convert it to days, hours and minutes. The additional seconds should be ...

by Path Finder in

Need help with a splunk search with appendcols

I am trying to get data from 2 indexes and combine them via appendcols.The search is index="anon" sourcetype="test1" ...

by Communicator in

ldapsearch: Trying to search last 2 days in whenChanged attribute dynamically.

I need to run a daily ldap search that will grab only the accounts that have change in the last 2 days. I can hard co...

by Explorer in

How to split comma separated values in single event and make each value as one row of table with individual values

If I am having list of comma separated numbers in single splunk event field: I am having too many event fields lik...

by Loves-to-Learn Lots in

How to check if values are incremental by 1 for a specific category

If the above displayed data is the result for my stats command [stats values(Values) as Values by Category], how can ...

by Explorer in

Rex not yielding result

Data: {"Field1":"xxx","message1":"{0}","message2":"xxx","message3":{"TEXT":"xxxx: xxx\r\n.xxxxx: {\"xxxxx\":{\"@CDI\"...

by Explorer in

Hi, Splunk defaults to 1 hour per column, how can I change that to 1 min per column to get a more detailed view?

by New Member in

How to split a field having multiple lines into individual lines and finally display in table format

I have field in the event which has multi-line data (between double quotes) and I need to split them into individual ...

by Loves-to-Learn Everything in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Lookup in main search and subsearch - how to compare the results?

How to modify search result?

How to extract field using rex?

How to create Timechart when no splitby available?

How to monitor smbv1 access on a domain via splunk ?

How to calculate the count for each field in the past 3 days?

How to perform lookup on inconsistent IPv6 format in CSV file from index?

Tstats: How to Include new field?

How to perform search using 2 csv file to match 2 different values 1from first csv and other values from second csv?

Search with limited time clause

How to create a table with multiple fields?

How to store multiple values in one token and pass into another search

Using stolen or forged user tickets (TGT)

How to use custom key field in tstats?

Best tool in the toolkit to access and correlate multivalue fields

Determined which host doesnt have a particular software installed

Why does "geom geo_us_states" search display a world map instead of North America map?

Convert seconds in days, hours and minutes?

Need help with a splunk search with appendcols

ldapsearch: Trying to search last 2 days in whenChanged attribute dynamically.

How to split comma separated values in single event and make each value as one row of table with individual values

How to check if values are incremental by 1 for a specific category

Rex not yielding result

Hi, Splunk defaults to 1 hour per column, how can I change that to 1 min per column to get a more detailed view?

How to split a field having multiple lines into individual lines and finally display in table format

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

A Prelude to .conf25: Your Guide to Splunk University

4 Ways the Splunk Community Helps You Prepare for .conf25

Sometimes searches are not running on iPad

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

Splunk Search

Are you a member of the Splunk Community?

Discussions