Splunk Search

Ask a Question

Discussions

Thread Info

populate multiselect

why doesn't this search populate the multiselect

by Explorer in

trim everything till refusal reason from the start

Hi, I am trying to trim everything before the "211 Withdrawal amount exceeded: from the output -- WITHDRAWAL_AMOU...

by Communicator in

How to check for armis logs in cloud?

Hi All, How do we check for armis app alert logs in cloud, recently We have updated the app so how we can check fo...

by Builder in

Piechart split for selected hostname?

Hello Everyone, I am trying to create piechart for cache operation split(in percentage) for hit/miss/pass using th...

by Path Finder in

Help on nav menu- How to display a menu called "test" and when I click on it, it will display other dashboards?

Hi In my nav menu, i would like to display a menu called "test" and when i click on i would to display other dash...

by Motivator in

Why is my join not working here?

Hi,In my first search, I got all the details which needs to be displayed in the results but it doesn't have an IP fie...

by Path Finder in

Cloudwatch metrics averages/max etc grouped by account?

Greetings, Splunk user but newbie still. I am building some searches to show AWS cloudwatch data averages per ...

by Loves-to-Learn in

Help on dropdown list token

Hi I try to filter my table events from à dropdown list like this Owner=$owner$ The item syntax in the dropdown...

by Motivator in

Help with splunk query to find login events that happen at a strange time per user

Working on a splunk query to find login events that occur outside of the users' typical sign in times. I do not want ...

by Loves-to-Learn Lots in

error while searching host | Error in 'litsearch' command: Your Splunk license expired

Hello Splunk Support, When I search in Splunk console. I got an issue as below: Error in 'litsearch' command: Yo...

by New Member in

How to execute javascript after a search?

Hi, I've copied the Search & Reporting app folder as my own app in /etc/apps, now I want to add some JS to be exec...

by Explorer in

Help with Field Extraction Using Regex

I have 2 requests here. I am trying to extract and create a new field from logs. Logs for request 1: ...

by Engager in

How to redirect dashboard to alternative URL

Hi,We`ve got a dashboard sitting on a problematic SH and would like to clone and move it to another working SH. Is ...

by Communicator in

How do I calculate the duration between Login and Logout of user?

Hi guys! I want see the avg duration of activity of user on Splunk, but i didn't find the field of logout. ...

by Loves-to-Learn Everything in

Why is my schedule search produce less result than the same query running adhoc?

Hello,I have a simple query that run on the last 10 days of month, around 300k events something like: index=myi...

by Communicator in

How to add dummy row with 0 when count returns 0?

Hello Splunkers,I am using | stats count by X, Y at the end of my query. X has 4 possible values and so does Y result...

by Explorer in

Compare multivalues from different rows

In my search i have 2 rows, column specifying the week and the other column a multi-value field of EventIDs. I need t...

by Engager in

Help with Field Extraction using Regex?

I am trying to extract 2 fields from my logs. Logs: 10.218.136.20 - - [30/Jun/2023:02:36:32 +0000] "G...

by Contributor in

Extracting data which is incosistent

I need to extract a time value from log file where the time value appears with a few different variations of characte...

by Loves-to-Learn Lots in

Why is there a 10000 rows limit?

I ran a search which should show more than 10000 rows, but I get only 10000 rows back on the result. Is this a limita...

by Builder in

Search limiting to objects in an AD Group

I need to create a search that determines if an admin users password is changed. The current search pulls the domain ...

by New Member in

Need a REGEX that can extract bits from all events of a similar type

Hi All, I need a regex that can extract particular bits from proxy events equally e.g. there are different types of...

by Communicator in

Splunk ODBC datatype conversion issue

Hello Splunk Experts, We are using Splunk ODBC to extract data from Splunk and load data to Qliksense. It was worki...

by New Member in

Splunk search to check the sysmon process if not running

hai all, i am using below splunk search to know the status if not running but its not giving if process was not ...

by Path Finder in

Search for one to many; one alert value, find all occurrences

Hi, THe use case is GitHub Dependabot vulnerability alerts, once recevied, searching another index with GitHub SBOM...

by Loves-to-Learn in

Get Updates on the Splunk Community!

Splunk Search

Discussions

populate multiselect

trim everything till refusal reason from the start

How to check for armis logs in cloud?

Piechart split for selected hostname?

Help on nav menu- How to display a menu called "test" and when I click on it, it will display other dashboards?

Why is my join not working here?

Cloudwatch metrics averages/max etc grouped by account?

Help on dropdown list token

Help with splunk query to find login events that happen at a strange time per user

error while searching host | Error in 'litsearch' command: Your Splunk license expired

How to execute javascript after a search?

Help with Field Extraction Using Regex

How to redirect dashboard to alternative URL

How do I calculate the duration between Login and Logout of user?

Why is my schedule search produce less result than the same query running adhoc?

How to add dummy row with 0 when count returns 0?

Compare multivalues from different rows

Help with Field Extraction using Regex?

Extracting data which is incosistent

Why is there a 10000 rows limit?

Search limiting to objects in an AD Group

Need a REGEX that can extract bits from all events of a similar type

Splunk ODBC datatype conversion issue

Splunk search to check the sysmon process if not running

Search for one to many; one alert value, find all occurrences

Infographic provides the TL;DR for the 2024 Splunk Career Impact Report

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

How to check MQ reconnects after a connection is d...

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown