Splunk Search

Discussions

Thread Info

Count users' successful logins over time

I would like to get the number of people connected (one successful login session per user per day will suffice) to ou...

by Communicator in

KV Store status is currently unknown- How to resolve this error?

We're intermittently getting this error (so far twice in 2 weeks) when trying to use the lookup command on a kvstore....

by Path Finder in

How to replace string using rex with partial matched string?

How to replace string using rex with partial matched string?Thank you for your help.For example:I tried to replace ":...

by Motivator in

Why is stats count query not working as expected?

Hi All I have a csv file in splunk that i am searching on i am looking to get the total monthly figure spend o...

by Path Finder in

savedsearch will not run via cron schedule but can be ran manually

I am fighting with what I think is a knowledge object permission at the moment, but not 100% sure of this. ...

by Explorer in

Get filename from path with rex

HelloI am trying to get filename (name.exe) from a full path (dir + filename) from windows folders, ex:C:\dir1\dir2\f...

by Builder in

Inputlookup Multiple Tables from REST

I have a number of Lookups that I create with similar naming convention (and plan to create more in the future). I ...

by Explorer in

How to use fields from 2 lookups for pie chart?

Hello Team, I have 2 look up data and I want to join them through a common field MonthYear. I need to calcula...

by Explorer in

How to convert date to epoch?

I have this date string example: Mon, 01 May 2023 00:00:00 GMT how can I convert it to epoch? thanks!

by Explorer in

Splunk Dashboard

Hi Splunkers, I have a huge report with 15 to 20 pages worth of information which I need to show in a dashboard pan...

by Path Finder in

Can you list every field an index contains?

Greetings, I have a search that list every index and what sourcetypes are contained within it.|tstats values(source...

by Observer in

How to count or match fields?

I have a CSV of URLs I need to search against my proxy index (the url field), I want to be able to do a count or matc...

by Explorer in

How to find events that were sent to HEC?

Hi, I’m using splunk docker image with HEC to send log. I got Success message as the guideline. How could I q...

by New Member in

How to evaluate to Field Value SPL?

Hello Splunkers, I need some help with writing a SPL, I have a field called "DcPolicyAction" where the value coul...

by Path Finder in

How to use the specified time query in join search

A dashboard has a time range selector. has a query search like below, the first search will apply the time range se...

by Explorer in

Why does Splunk search result count diminishes during search?

Hey,When running a query the results found are diminishing over time. Pagination is not of incluence ( tried 10, 50, ...

by Loves-to-Learn Lots in

How to rename a conditional field?

Hi guys, I need some help trying to rename a specific field on condition that the renamed field is associated with...

by Communicator in

How can I extract all fields from my DB Connect results in Splunk?

I have configured a Database Input in DB Connect to pull in data from an Oracle view. A sample string from one of the...

by Loves-to-Learn Everything in

How to create pairs of events based on non-unique id

I have hundreds of thousands of events of this form.id event_type11 ack11 req11 ack12 req11 req12 ack11 ack13 req12 r...

by New Member in

How do you set up the search so that it will search for the last 24 hours using the current date?

Splunk newby here. I have a search that works if I change it every day but would like to add it to a dashboard for m...

by Explorer in

Is it possible to change the table fields being sent with the sendemail command?

Hello, I'm trying to find a way to use search result fields to address an e-mail, but remove those fields in the i...

by Motivator in

Splunk Test Automation using TOSCA

We have Splunk message validation scenarios in our test scenarios and need to know whether any Open API's are availab...

by New Member in

How to fill the gaps from days with no data in tstats + timechart query?

Hello, How to fill the gaps from days with no data in tstats + timechart query? Query: | tstats count as Total...

by Path Finder in

How to count stats in columns?

HelloI have a table with 7 columns, some of them calculated from lookupI want to count the total of one of the column...

by Communicator in

Scan Behavior: How to query the trigger for the same period for three consecutive days?

hi guys, I want to detect that more than 10 different ports of the same host are sniffed and scanned every 15 minutes...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Count users' successful logins over time

KV Store status is currently unknown- How to resolve this error?

How to replace string using rex with partial matched string?

Why is stats count query not working as expected?

savedsearch will not run via cron schedule but can be ran manually

Get filename from path with rex

Inputlookup Multiple Tables from REST

How to use fields from 2 lookups for pie chart?

How to convert date to epoch?

Splunk Dashboard

Can you list every field an index contains?

How to count or match fields?

How to find events that were sent to HEC?

How to evaluate to Field Value SPL?

How to use the specified time query in join search

Why does Splunk search result count diminishes during search?

How to rename a conditional field?

How can I extract all fields from my DB Connect results in Splunk?

How to create pairs of events based on non-unique id

How do you set up the search so that it will search for the last 24 hours using the current date?

Is it possible to change the table fields being sent with the sendemail command?

Splunk Test Automation using TOSCA

How to fill the gaps from days with no data in tstats + timechart query?

How to count stats in columns?

Scan Behavior: How to query the trigger for the same period for three consecutive days?

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

AuthorizationManager related error messages.

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions