Splunk Search

Discussions

Thread Info

About the report embedding feature

Can I ask a question about Splunk?I am using the feature that allows me to embed report jobs into HTML using iFrame.H...

by New Member in

Spl query is not working

Hi Team Could you please advice why the below query is not showing any data " `secrpt-active-users($selec...

by Path Finder in

Need help with splunk add-on for linux

Hello, we are trying to see if os version (eg. RHEL6, UBUNTU 6.x) from splunk add-on for linux, we have enabled ver...

by Motivator in

Need a help in writing a query in splunk

I need a help for writing a query to fetch logs in the system

by Observer in

Using tsats from datamodels become base search on splunk dashboard

Hello, i face strugling to make base search using a datamodel with tstats command. My objective is to make dashboard ...

by Path Finder in

"left join" lookup from CSV to an index

Is it possible to perform "left join" lookup from CSV to an index?Usually lookup start with index, then CSV file and ...

by Builder in

Time stamp difference Help!

Hi, how do i get the difference in the time stamp? . I want to know the difference between the starting timestamp and...

by Communicator in

Change Index for some of the logs coming from HEC

I am using HEC to receive various logs from Firehose, HEC is allowed to use index names AWS & palo_alto. The default ...

by Loves-to-Learn Everything in

Use Python API on a query

Hello, I have a query used on Splunk enterprise web (search)- "index="__eit_ecio*" | ... | bin _time span=...

by Explorer in

restrict the search for specific time

Hello Everyone, I have a requirement that the data can be searchable upto last 30 days in search page. But the inde...

by Path Finder in

Lookup for a match with and w/o a preceding 0

Hi, We maintain a lookup table which contains a list of account_id and some other info as shown below. account_ida...

by Builder in

Summarize data per month

Hi, I am trying to get a list off all users that hit our AI rule and see if this increase or decrease over the timesp...

by Path Finder in

Create index based on filtering field values

Hi, Let's say I have sample data below all being ingested to index="characters". How do I create two separate sub-...

by Path Finder in

Splunk Search of a JSON array event provides incorrect field values and count.

We have a huge json array event, when I search for that event, search results shows a few missing values for a field....

by Loves-to-Learn in

Splunk extraction help!

Hello , I have a transaction which is coming as multievent. i can use the "| transaction" command to club as one eve...

by Communicator in

Looking at yesterdays data but need to filter the data to only show the time used in the time picker

I've got a data set which collects data everyday but for my graph I'd like to compare the time selected to the same d...

by Explorer in

How do I substract the results of two different searches including sseabalytics ?

Im trying to substract the total number i have of alerts that send and email from the total amount of alerts that a...

by Engager in

collect Aruba SNMP and quotes

I want to manually add an event to an index, using collect seems to be the most straight forward method. I am asking ...

by Explorer in

Missing data UF

Hello everyone, I installed and configured the Splunk Forwarder on a machine. While the logs are being forwarded to...

by Path Finder in

Extract JSON data using transforms

Here is my sample log 2024-07-08T04:43:32.468537+00:00 dxx1-dbxxxs.xxx.net MSSQLSERVER[0] {"EventTime":"20...

by Loves-to-Learn Everything in

transaction command for same type of multiple events

Hi, I have a scenario where I want to calculate the duration between 1st and last event. The thing is these events ca...

by Observer in

How to round result of timechart avg()?

I cannot figure out how to round the values presented on the timechart. My SPL: index=$radio_token$ host=...

by Path Finder in

How to list content between two strings from RAW text?

Here is the raw text - com.companyname.package: stringstart e-38049e11-72b7-4968-b575-ecaa86f54e02 stringend for s...

by New Member in

Show all possible values

Hello. I have a lot of events. Each event contains similar string \"errorDetail\":\"possible_value\" Please spec...

by Explorer in

What is difference between "deferred" and "continued" search

I can see below status for the scheduled savedsearches.status="deferred"status="continued" What is the difference b...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

About the report embedding feature

Spl query is not working

Need help with splunk add-on for linux

Need a help in writing a query in splunk

Using tsats from datamodels become base search on splunk dashboard

"left join" lookup from CSV to an index

Time stamp difference Help!

Change Index for some of the logs coming from HEC

Use Python API on a query

restrict the search for specific time

Lookup for a match with and w/o a preceding 0

Summarize data per month

Create index based on filtering field values

Splunk Search of a JSON array event provides incorrect field values and count.

Splunk extraction help!

Looking at yesterdays data but need to filter the data to only show the time used in the time picker

How do I substract the results of two different searches including sseabalytics ?

collect Aruba SNMP and quotes

Missing data UF

Extract JSON data using transforms

transaction command for same type of multiple events

How to round result of timechart avg()?

How to list content between two strings from RAW text?

Show all possible values

What is difference between "deferred" and "continued" search

Explore the Latest Educational Offerings from Splunk

Meet Duke Cyberwalker | A hero’s journey with Splunk

The Future of Splunk Search is Here - See What’s New!

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6

openshift_events sourcetype suddenly missing in S...

Issue with StateSpaceForecast from the MLTK app

Notepad++ SPL syntax highlighting