Splunk Search

Discussions

Thread Info

How to show the recipient or To field from Ironport logs in a Splunk search?

I can only view the recipient or To in the email from the Event Actions --> Show Source page. I want to show it in th...

by New Member in

How to add a form for user input on a dashboard to only run panel searches for data from certain hosts?

I have a dashboard using multiple sources and I would like to replace the fixed host input ( host=prdo*) with manual ...

by Communicator in

How do I edit my real-time search to add a value to events that are missing a certain field?

Hi We have the search below which gives us the count of all our URLs in events in real-time, but we have a few ev...

by Path Finder in

How to refer to JSON array object in a Splunk search?

Hi, I have a JSON data in following format. How can I access individual element of the array? { [-] LICEN...

by New Member in

How to anonymize data using REGEX in transforms.conf for an undefined number of characters?

Hi, I would like to anonymize data (data is file system path) using REGEX. I succesfully managed to hide data like...

by Communicator in

How do I edit my search to convert a string to a numeric value to display a graph?

Hi! I'm indexing XML data containing free memory values and get a nice stats table, but not be able to show that a...

by Explorer in

How to run an app individually on individual servers on a Search Head Cluster environment?

hi We have a situation whereby we have to run an app (a script within an app) individually on each Servers of Search ...

by Super Champion in

Using restrict search terms to assign a user group access to a specific subnet of firewall traffic, why are only some field extractions working?

I have a user group that I'm trying to assign access to a specific subnet of firewall traffic. Their network traverse...

by Path Finder in

Why is eval case not working in my search?

HI All , I hope someone can help me out with a problem I currently see in a query. I have a Splunk DB Connect ...

by Path Finder in

How to place a solid border around a chart panel using XML/CSS?

I'd like to place a solid border around a chart panel in XML - I'm struggling to comprehend how this is done within X...

by New Member in

Geostats is not working in 6.3

Hi, I have a lookup table in which I have area code and longtitue and latitude and other details, at the other en...

by Contributor in

How is frozen data accessed in splunk?

I've been looking at sizing a Splunk instance based on https://splunk-sizing.appspot.com/#v=10 and it mentions hot, c...

by Engager in

Is there a better way to write OR statements in a Splunk search?

Is there a better way to do an OR in Splunk? Example: api_domain="purchase" OR api_domain="user" OR api_domain=...

by Builder in

Can I get search script to filter only errpt errors?

I am getting below output when i am searching in syslog. I want to filter only Error Log messages given below. sea...

by Path Finder in

How can I extract the same date/time consistently from Cisco ISE logs with different date and time stamp formats?

Having an issue searching Cisco ISE logs in Hunk where values I know exist in the events/logs (independently verified...

by Influencer in

Alert to trigger secondary search

Is there any easy way for an alert to trigger another search? my use case is for an account lockout to trigger a ...

by Path Finder in

How to get stats with a percentage change for a certain field?

In stats, I want something equal to (latest - earliest) / earliest for certain field. How I can achieve that?

by Path Finder in

How to plot a bubble representing the total number of occurrences of an event using Latitude and Longitude with geostats?

Hi There, I have 158 events with three fields - latitude, longitude, and an integer value representing the total n...

by Path Finder in

I need help with a range of numbers in REGEX

I have the following REGEX to pickup the bytes out, ^(?:[^,\n]*,){31}(?P\d+). I need to know the REGEX to filter out ...

by Path Finder in

Why am I unable to set new fields in a custom search streaming command?

I'm writing a custom search command to convert all the full path xml names to just local names. I'm also making the f...

by Explorer in

How to edit my search to filter out JSON fields for an alert report?

Hi Folks, I am attempting to look at some Splunk logs and within the JSON, I only care about 3 fields: cmd, vax, o...

by New Member in

How do I edit my transaction search to make sure that a certain event is present between the start and end events?

Hi guys, I am monitoring suspicious user activity using the transaction command. For example, if EventCodes X, Y, ...

by New Member in

Running SearchManager in a dashboard, I get 165 results, but why does SplunkResultsModel only return the first 100 events?

Hi, After I run a SearchManager in dashboard, the number of result events I see is 165, however, when I use the fo...

by New Member in

How to write a search to display a table of counts, including fields with 0 results?

Hi, How can I create this kind of table? MissingA : 0 MissingB : 100 MissingC : 200 I'd like to create a das...

by New Member in

Why am I getting different count results using "chart count by field" versus "chart count(field) by field"?

Hello, I have this raw line: 2016-02-25T15:48:09.762479+01:00 03ucas amavis[1369]: (01369-16) run_av (ClamAV-cl...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to show the recipient or To field from Ironport logs in a Splunk search?

How to add a form for user input on a dashboard to only run panel searches for data from certain hosts?

How do I edit my real-time search to add a value to events that are missing a certain field?

How to refer to JSON array object in a Splunk search?

How to anonymize data using REGEX in transforms.conf for an undefined number of characters?

How do I edit my search to convert a string to a numeric value to display a graph?

How to run an app individually on individual servers on a Search Head Cluster environment?

Using restrict search terms to assign a user group access to a specific subnet of firewall traffic, why are only some field extractions working?

Why is eval case not working in my search?

How to place a solid border around a chart panel using XML/CSS?

Geostats is not working in 6.3

How is frozen data accessed in splunk?

Is there a better way to write OR statements in a Splunk search?

Can I get search script to filter only errpt errors?

How can I extract the same date/time consistently from Cisco ISE logs with different date and time stamp formats?

Alert to trigger secondary search

How to get stats with a percentage change for a certain field?

How to plot a bubble representing the total number of occurrences of an event using Latitude and Longitude with geostats?

I need help with a range of numbers in REGEX

Why am I unable to set new fields in a custom search streaming command?

How to edit my search to filter out JSON fields for an alert report?

How do I edit my transaction search to make sure that a certain event is present between the start and end events?

Running SearchManager in a dashboard, I get 165 results, but why does SplunkResultsModel only return the first 100 events?

How to write a search to display a table of counts, including fields with 0 results?

Why am I getting different count results using "chart count by field" versus "chart count(field) by field"?

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions