Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
kranthi851

Regex help!

Hi How can i extract a dn from the following result. identity: acd123 cn=abc,ou=..,ou=.., xyz234 cn=acd,ou=abc,.....
by kranthi851 New Member in Splunk Search 08-02-2016
0 2
0
2
dbcase

How to highlight the lowest value in a statistics table with yellow or red?

Hi, I have the search below and it works great. It outputs a table with the customer name, then a trendline, and th...
by dbcase Motivator in Splunk Search 08-02-2016
0 3
0
3
anoopambli

How to extract these fields from my sample data?

I have raw data like this, 09:00:06 08/01/2016 good TSMONW46PRDV [TSMONW46PRDV][AP] Disk Space Disk/File Sys...
by anoopambli Communicator in Splunk Search 08-02-2016
1 12
1
12
Deepali5

How to change "infraction" data model to have global permissions and make it accessible across all apps.

Can anyone suggest me where to change the settings to make the data model global.
by Deepali5 New Member in Splunk Search 08-02-2016
0 1
0
1
syed_star357

How to remove field values

Hi, I want to remove source and source type field value of Unix:Service Unix:Uptime Unix:Version package ps Pleas...
by syed_star357 New Member in Splunk Search 08-02-2016
0 4
0
4
muralianup

How to compare same field values at different times?

How can I do a comparison with values from same field at different times? The logs belongs to the same index/sourcety...
by muralianup Communicator in Splunk Search 08-02-2016
0 2
0
2
DavidHourani

How to timechart events that occurred once in the last 5 minutes and more than once in the past 24 hours

Hello Splunkers, The question here is straightforwarder  How can I count on a timechart of events that occurred o...
by DavidHourani Super Champion in Splunk Search 08-02-2016
3 3
3
3
renanprado96

It is possible to use the delta command to calculate the percentage difference?

Hello! I wanted a way to calculate the difference as the Delta, but in percentage. It's possible? Thank you!
by renanprado96 Path Finder in Splunk Search 08-02-2016
0 2
0
2
selspiero

Hostname returned as IP in different domain

Hi I'm having a problem with some records that are being sent from our web application - the hostname of the web ser...
by selspiero New Member in Splunk Search 08-02-2016
0 2
0
2
jwalzerpitt

How to edit our props.conf and transforms.conf to parse a CSV file we are indexing in Hunk?

I am trying to configure the props and transforms conf files for logs that's in .csv format that we're querying via a...
by jwalzerpitt Influencer in Splunk Search 08-02-2016
0 10
0
10
claudio_manig

Field Extraction not working

Hey ninjas Im almost biting my tongue off because of a strange issue, I know eventlog is kind of nasty when it comes...
by claudio_manig Communicator in Splunk Search 08-02-2016
0 7
0
7
rajeev_ku

Is there a list of apps with their description details can be fetched from Splunkbase?

Hi, Do we have any list of apps available in Splunkbase with their details description which tells the purpose of th...
by rajeev_ku Path Finder in Splunk Search 08-02-2016
0 3
0
3
arkonner

Account Locked out without DC$

All domain controllers are sending the event code 644 & 4740 to windowseventlog index. Using the search below I am a...
by arkonner Path Finder in Splunk Search 08-02-2016
0 5
0
5
akashjohn

How to create searches for a dashboard on Active Directory user activity?

Hi Team, We are trying to create a dashboard with couple of Active Directory user activities (like Login Success vs ...
by akashjohn Explorer in Splunk Search 08-01-2016
0 4
0
4
rgcurry

Second Indexer/SearchPeer reports "The lookup table '{LOOKUP_TABLE}' does not exist. It is referenced by configuration '{APP}." but it does. What is causing this message?

I have defined a lookup table for one of my Apps and it is working perfectly. But if I go to a different App and issu...
by rgcurry Contributor in Splunk Search 08-01-2016
1 6
1
6
kpyfan

When my team and I receive emails for an alert I set up, why is the link to view the search results broken for everyone except me?

My team and I are receiving an email for an alert that I set up. When I receive the email, there is a link to view th...
by kpyfan Explorer in Splunk Search 08-01-2016
0 9
0
9
dbcase

Rex, extract 2 values into one variable

Hi, I have data that looks like this "beta.icontrol.com" 173.3.202.209 "173.3.202.209" - - [01/Aug/2016:15:50:59 -0...
by dbcase Motivator in Splunk Search 08-01-2016
0 3
0
3
jenniferleenyc

How to merge two field values into one?

I'm trying to compare two date values, Valid_Till(ex: Oct 7 12:58:21 2016) and the current_date(ex: 08/01/16). In ord...
by jenniferleenyc Engager in Splunk Search 08-01-2016
0 3
0
3
splunker9999

How to write a search using eval to create a new field with values calculated from the difference between two time fields?

Hi, We integrated Splunk to ServiceNow and looking to find a late closure incidents. For this we have 2 fields Stop...
by splunker9999 Path Finder in Splunk Search 08-01-2016
0 7
0
7
syed_star357

How to write a search to return events for a particular source IP for the last 7 days?

Hi, How do I write a search to get particular source IP activities for the last 7 days? Ex :src="122.15.158.173" R...
by syed_star357 New Member in Splunk Search 08-01-2016
0 2
0
2
vpao

How to search for events with latest time down to the millisecond?

Hi, My Splunk indexes event time down to the millisecond (e.g., 01/14/2016 23:59:59.326 AM). I know this can find ev...
by vpao Engager in Splunk Search 08-01-2016
0 2
0
2
aaronkorn

timechart span in saved search

Is there a way to pass a timechart span variable to a saved search being called from a drop down? Is there a way to p...
by aaronkorn Splunk Employee Splunk Employee in Splunk Search 08-01-2016
0 2
0
2
yozhbk

How to extract a value from a field with spaces?

Hello, I'm doing a simple alert, which looks like this: SIP/3102-in-* you=* | table you, id Which should extract ...
by yozhbk Explorer in Splunk Search 08-01-2016
0 11
0
11
proletariat99

Search Syntax Highlighting?

Hi, As my search strings get more and more ridiculous, I find myself writing them in sublimetext or notepad++ or vim ...
by proletariat99 Communicator in Splunk Search 08-01-2016
2 3
2
3
Honey0308

How to write a search to list all hosts and their count of triggered alerts from a CSV file, even if the alert count is 0?

Hello All, I have obtained the list of all alerts via REST API search as: | rest /servicesNS/-/-/saved/searches sea...
by Honey0308 Explorer in Splunk Search 08-01-2016
0 1
0
1
Top Labels
Get Updates on the Splunk Community!

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...

Upgrade Prep for 10.4, Network Observability Deep Dives, and More from Splunk Lantern

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...

Splunk Developer Day announcements: AI agents, MCP tools, Forecasting, and Custom ...

Splunk Developer Day was packed with product and platform updates for developers building in the AI ...