Splunk Search

Discussions

Thread Info

ISE Logging

Hello, I wanted to filter Cisco ISE Logging Activities by authentication, authorization, and accounting. So far, ...

by New Member in

Regular Expression

HI , I want to extract purple part. But Severity can be Critical as well .[Time:29-08@17:52:05.880] [60569130] 17:52:...

by Contributor in

regular expression

hello , i want to extract purple highlighted part.[Time:29-08@17:53:03.562] [60569219] 17:53:03.562 10.82.10.245 loca...

by Contributor in

What are your best patterns for handling stats by multiple groupby sets?

I often run into a case where I find I need to take the same dataset and compute aggregate statistics on different gr...

by Explorer in

use stats instead

Hi Community, can someone please help me by using stats instead of join for this search? | rest /services/authe...

by Path Finder in

How to use append to work like Inner join

I have two searches and I only want to find rows which has common MessageID . Currently it is returning extra row be...

by Path Finder in

Locate Changes to Field and Count Them

Hello Splunk Community, I need to find out how many upgrades were performed to systems and unsure how to best proce...

by Engager in

Type of Fields command

Hello all, I am trying to understand the type of fields command. Documentation says it is a "distributable stream...

by Path Finder in

Get all events in a 1-minute time window around an error events

I have a stream of logs from a system.To filter for errors, I can perform a search like so: index=project1 sour...

by Explorer in

Find what is using a lookup table.

I've got a question about lookup tables, and how to audit them. I have a rather large lookup table that's being rec...

by Engager in

Splunk upgrade on AIX machine

Hi, I'm fairly new to AIX and I have been tasked with upgrading our customers version of SPLUNK from 9.0.1 to 9.4.1...

by New Member in

Count of requests processed by each API service per minute.

Hi I am working on below query to get Count of requests processed by each API service per minute index=np source...

by Communicator in

Search in lookup with subsearch- bug ?

Hi, there, I'm simplifying the context:We've had a perfectly working correlation rule for several years now, and fo...

by Path Finder in

Trying to download splunk logs using python script using bamboo

when running my bamboo paln i am unable to generate splunk log json file this is log build 02-Apr-2025 11:57:27...

by New Member in

Search head error in Email action

Hi Team, We have 2 search head cluster, and few reports scheduled with email action, reports running on one sea...

by Path Finder in

How can i use my global_time token in an averaging search

Maybe a dumb question but its been making me mad, maybe im overthinking it. I have a very simple search: index=...

by Path Finder in

knowledge bundle

Hi Base, what is the impact when the content of $Splunkhome$/var/run/searchpeers will be deleted? In an installati...

by Path Finder in

ES8 + Mission Control Usage rest API

Hello everyone, We have recently started using ES8 with Mission Control and we would like to use Mission Control's ...

by Explorer in

Time field value not getting returned from inner search

index=aws* Method response body after transformations: sourcetype="aws:apigateway" business_unit=XX aws_account_alias...

by Path Finder in

case eval only showing 1 result

I've scowered the internet trying to find a similar issue with no avail. | rex field=userRiskData.general "do\...

by Engager in

find change in url category.

Hello Experts, looking for query where i can find list of urls blocked today which were allowed yesterday under ...

by Explorer in

more in depth info on itsi_summary index

Hello Experts, Is there any document available which can give me more in-depth knowledge about itsi_summary in...

by Explorer in

submit button not working

Hi Submit button is not working1.First time when i load the dashboard ,i select data Data Entity from dropdown and hi...

by Communicator in

Error in 'stats' command: The argument 'span=1min' is invalid.

Help: when i try to run the following a get Error in 'stats' command: The argument 'span=1min' is invalid. ...

by Explorer in

How To Use Eval to Capture Inconsistent key:values

I am searching for a key:value report app where the values are inconsistent but include a report cluster name consist...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

ISE Logging

Regular Expression

regular expression

What are your best patterns for handling stats by multiple groupby sets?

use stats instead

How to use append to work like Inner join

Locate Changes to Field and Count Them

Type of Fields command

Get all events in a 1-minute time window around an error events

Find what is using a lookup table.

Splunk upgrade on AIX machine

Count of requests processed by each API service per minute.

Search in lookup with subsearch- bug ?

Trying to download splunk logs using python script using bamboo

Search head error in Email action

How can i use my global_time token in an averaging search

knowledge bundle

ES8 + Mission Control Usage rest API

Time field value not getting returned from inner search

case eval only showing 1 result

find change in url category.

more in depth info on itsi_summary index

submit button not working

Error in 'stats' command: The argument 'span=1min' is invalid.

How To Use Eval to Capture Inconsistent key:values

Community Content Calendar, November Edition

October Community Champions: A Shoutout to Our Contributors!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions