Splunk Search

Discussions

Thread Info

Is it possible to do eval and lookups with makeresult?

Is it possible for me to do a main search and based on the results from main search I find the fileName and want to u...

by Contributor in

Optimizing SLA Tracking - Caching/Indexing or Saving Results?

Hi everyone, I have a pretty huge multisearch query with multiple inputlookups, untangling the spaghetti monster whic...

by Explorer in

Why are there a few fields are missing when importing data from DOORS next gen to Splunk?

Hello All, I tried to extract data from DOORS Next Gen. After importing the data, I found that few fields are miss...

by Engager in

How to display next 10 numbers?

Hi Splunkers, Here I'm asking help on Splunk query. I have a csv file with some numbers between 101-999, I need...

by Explorer in

How to dynamically select column in an XY series?

Hello! I am currently trying to dynamically select columns in my output that are generated by an xyseries. I am...

by Explorer in

How to remove null values then add fields?

Hi all, would love help with this one. I currently have a query where I have 4 different processing times by sess...

by Path Finder in

Can I set up a PS4 Game Session Timer and Notification?

Hi I want to know how long and when either of two games are being played on the PS4 or a laptop and be notified vi...

by Observer in

How to exclude users from service account values: a generic approach?

Hi,I'm attempting to create a method to exclude users from service account values without excluding a particular serv...

by Builder in

Extract multiple JSON fields

I am trying to create a table whereby two of the values are within a JSON array. The data in each array entry is base...

by Loves-to-Learn in

How to remove comms and parenthesis?

index="myIndex" app_name="myappName" My.Message = "*failed to retrieve the workOrder*"| rex "Order (?<Order>[^\s]+)"...

by Explorer in

How do I create a search to show Cisco logins sorted by User?

I can search through cisco logs easily enough, and can also sort for logins, or failed logins without issue - but sin...

by Engager in

How to add unique count column on the stats result?

Hi, I have data as below | date | buyer | product || Jun-1 | A | P-01 || Jun-1 | A | P-02 || Jun-1 ...

by Explorer in

How to write query to find perimeter fw details?

Hi, I am trying to build a query on perimeter firewall how we can find the ips hitting to the fw. Thanks

by Builder in

How to cancel scheduled alerts if no logs are being ingested?

Hi, currently I have scheduled alerts that are triggered based on file count results. If count of 'file x' for that d...

by Loves-to-Learn Everything in

How to extract two characters before last set of numbers in a string?

Tried many variations but just cant get it right. Example Data:onetwoap321.siteonethreap3ua.somesiteoneforpd210.s...

by Path Finder in

How to combine two searches/data sets into one table?

I have two searches/data sets that I would like to combine into a table, and am not entirely sure on what the correct...

by Explorer in

Does anyone have an idea how to make a bitwise AND operation for a high number of events in Splunk?

Hey all The PAN-OS traffic log include a log field ‚flags‘ ‚Flags‘ is a 32-Bit field that provide details on se...

by New Member in

How to get eval assignment of a nested JSON list does not assign?

Hi, I'm trying to assign a list from a nested JSON event { "timestamp": "2023-06-14T18:03:57.047...

by Communicator in

How to alert when a field value has > 500 events?

Hello, I'm not sure how to achieve this. I need to create an alert for when a field (user) value has > 500 events...

by Path Finder in

How to make a query that counts by comparing values?

I'm new to splunk and I'm asking for help. I will give an example as below. if event_id or orig_event are the same, c...

by Engager in

How to exclude data that is already duplicated?

Hi , I have somthing data need to deduplicate. I got some data from two database and save in different indexes ...

by Engager in

Why is lookup not showing results?

Hey all, Does anyone know why this isn't working (I'm a new Splunk user)? I'm trying to show the errorMessageFilte...

by Explorer in

How to build multisearch dynamically?

This is mostly just a curiosity, motivated by this post on how to compare a particular time interval across multiple ...

by Explorer in

Is there any way to display single accurate values within each cell of the table?

I have used search query like this- | savedsearch REPORT1 |chart values(COLUMN3) AS Status BY COLUMN2 PROCESS_I...

by Path Finder in

Why am I am receiving an error in 'rex' command?

I am trying to use a similar splunk query:index="myIndex" appname="myapp" msg.result.message ="*TradingSymbol(s):*" ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Is it possible to do eval and lookups with makeresult?

Optimizing SLA Tracking - Caching/Indexing or Saving Results?

Why are there a few fields are missing when importing data from DOORS next gen to Splunk?

How to display next 10 numbers?

How to dynamically select column in an XY series?

How to remove null values then add fields?

Can I set up a PS4 Game Session Timer and Notification?

How to exclude users from service account values: a generic approach?

Extract multiple JSON fields

How to remove comms and parenthesis?

How do I create a search to show Cisco logins sorted by User?

How to add unique count column on the stats result?

How to write query to find perimeter fw details?

How to cancel scheduled alerts if no logs are being ingested?

How to extract two characters before last set of numbers in a string?

How to combine two searches/data sets into one table?

Does anyone have an idea how to make a bitwise AND operation for a high number of events in Splunk?

How to get eval assignment of a nested JSON list does not assign?

How to alert when a field value has > 500 events?

How to make a query that counts by comparing values?

How to exclude data that is already duplicated?

Why is lookup not showing results?

How to build multisearch dynamically?

Is there any way to display single accurate values within each cell of the table?

Why am I am receiving an error in 'rex' command?

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6