Splunk Search

Discussions

Thread Info

How to Dynamically save model name using a column value?

Hi I have the following query for training a model. However, I want to save my model name using a single column value...

by Explorer in

How to pull random Sampling across a period of time?

Any ideas on how to pull a random sample for the logging application that spans the full month and does not specify s...

by New Member in

Split square bracket expression: How to separate out below fields in table format?

Hi, I want to separate out below fields in table format. Raw = Namespace [com.sampple.ne.vas.events], ServiceNa...

by Explorer in

Monitoring console search

For adding two KPIs in SA topology, KPI queries that taken from Monitoring console are using REST API and are workin...

by New Member in

How to showcase the count of devices and userlogged in?

Hi Team, We have users logging in multiple devices. So, we need to showcase the count of devices and user logged ...

by Path Finder in

Why is subsearch truncating the results with join command?

Hi, I am trying to join 2 searches with produce some results but I am getting this error which says - "subsearch pro...

by Path Finder in

How to use index time to search the data to avoid skipped searches etc?

Dear All, I was going through a Splunk conf 21 where the narrator explained to use the index time instead of ...

by Path Finder in

Is it possible to set up the VSCode extension to connect to multiple instances?

by New Member in

How to extract value from search response which has a text plus json?

Hello I am beginner with Splunk.I made a query and my search result is like text1 text2 text3 re...

by Loves-to-Learn Lots in

How to get events of selected hosts

I have an index which has 15 hosts and around 15 sourcetypes mapped to all hosts. How can I get events of only few s...

by Engager in

How to add lines of query from somewhere into search query

Hi Splunk Experts, I've a big list of rex commands in my search query. While using dashboard I added those rex comm...

by Contributor in

Compare entire lookup table to another

I thought this would be easy but i'm struggling. I have a CSV of firewall rules from yesterday, and a CSV of Firewal...

by Path Finder in

How to Print Id's which are not present in Index search?

I have a lookup file( with one column combinedrules{}) which would be dynamic and i want to run a scheduled search to...

by Engager in

How to modify query if status is offline for 10 mins?

hi All, i am using below search to get status if any offline and i want to create alert if status offline for ...

by Path Finder in

Calculate average time between events for a series with a unique identifier

Hi We have logs of images created in a series, like below. They are identified by a unique series id, the number of...

by Loves-to-Learn in

Check if latest logs contain IOC

INDEX Name generated (10 million new records every day)INDEX Fields username, secret, key Lookup file secrets....

by Engager in

timechart response time from proxy servers

I simply need to timechart the numeric values from field that is being returned. For exampleindex=proxy | timechart ...

by Loves-to-Learn in

Subsearch all events in another index

I have two indexes Index accounts: [user. payroll] Index employees: [user, emp_details, emp_information] I ...

by Engager in

How to Compare two mv fields and audit individual results?

I'm looking specifically at the index for _configtracker to audit changes to serverclass.conf file. Because the natu...

by Motivator in

How to search value in previous time period and add the counts

Hi,is it possible to search a field value and then count it for example first today and then add the count of the sam...

by Path Finder in

How to extract part of a URL and create alert.

Hi, I have the following log lines: 2023-08-23 06:27:13,551 DEBUG [org.keycloak.protocol.oidc.utils.RedirectUtil...

by Loves-to-Learn in

How to filters results and convert rows to columns?

I have a splunk query to get execution time of methods shown below basesearch | where like(method,"A") OR...

by Path Finder in

How to Include search results as variable in query?

I'm working on building a dashboard that will take a base report and parse it into different items that can be flagge...

by New Member in

Why did The extraction failed - error for Regex?

Hi, When I extract any fields from json log, following error is generated "The extraction failed. If you ...

by Loves-to-Learn in

How to Add percentage to Column?

HiI am trying to add % to the "by percent" column only. I can't seem to get it to show.Thanks

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to Dynamically save model name using a column value?

How to pull random Sampling across a period of time?

Split square bracket expression: How to separate out below fields in table format?

Monitoring console search

How to showcase the count of devices and userlogged in?

Why is subsearch truncating the results with join command?

How to use index time to search the data to avoid skipped searches etc?

Is it possible to set up the VSCode extension to connect to multiple instances?

How to extract value from search response which has a text plus json?

How to get events of selected hosts

How to add lines of query from somewhere into search query

Compare entire lookup table to another

How to Print Id's which are not present in Index search?

How to modify query if status is offline for 10 mins?

Calculate average time between events for a series with a unique identifier

Check if latest logs contain IOC

timechart response time from proxy servers

Subsearch all events in another index

How to Compare two mv fields and audit individual results?

How to search value in previous time period and add the counts

How to extract part of a URL and create alert.

How to filters results and convert rows to columns?

How to Include search results as variable in query?

Why did The extraction failed - error for Regex?

How to Add percentage to Column?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!