Splunk Search

Discussions

Thread Info

Can we use regex to search for word?

let's suppose I have a set of the log from Windows authentication and I want to search if user field does not match a...

by Communicator in

How to pass parameter from savedsearch to a macro (inside the savedsearch) ?

hey guys, i'm stuck with this macro problem, where i cannot run a savedsearch with a macro inside it. 1. i have...

by Contributor in

Any examples of using now() inside map command?

It appears that using now() inside of the map command will always return the time that the map was started rather tha...

by Builder in

How to join different fields together?

I have an index called index=advanced_hunting and in this index there is a field called category, where there are sev...

by Path Finder in

How can I use a variable from a lookup in a search?

I have a lookup table that contains usernames and userids. I want to use this to match a username to userid & vice ve...

by Communicator in

How to set token value based on selection from multiselect input?

Hi @Splunkers, I created panel which give output based on multiselected fields, both are having different sources...

by Contributor in

AdminManagerDispatch- How do I resolve this error?

I was setting `ModularInputs` to WARNING.. wanted to know the default value of `AdminManagerDispatch` ... as of now i...

by Splunk Employee in

How to write a regex to cover few options?

Hi people, I need help designing a regex that will cover the below strings, please. ---------------------------...

by Communicator in

How do I fix my tsidxstats search?

Please! Help me fix search code. Thank you very much!

by New Member in

How to segregate the count or limit the count to 1?

index="go_pro" Appid="APP-5f" prod (":[ Axis" OR "ErrorCode" OR "System Error" OR "Invalid User :")| rex field=_raw "...

by Path Finder in

How can I get Membership information?

Hi All i have an unified group(i.e office365 unified group) created from Office365. i want to know membership det...

by Explorer in

How to extract nested JSON fields and array from Splunk data using spath?

I'm trying to extract some information from nested JSON data stored in Splunk. Here's a simpl...

by Path Finder in

How to create unique event?

Hello! I have some events just like this 2023-06-20 17:25:35.878 INFO Trace:[::] [#kafka-producer-network-thre...

by Path Finder in

How to identify an unusual source sending a high volume of emails, excluding VCP public wifi from the 172 Host?

Hi,I'm trying to build a search query for the Unexpected Host Sending a Large Amount of Email in which i need to Exc...

by Builder in

How to count specific field in a mini batch log events?

Each log event has more than 1 transaction because we are logging a mini batch log events. So, for every 2 minutes a ...

by Loves-to-Learn in

How can I refer part of query as a table?

I have a dbx query plus SPL commands that makes me a certain table, which I want to refer to via a table name, is it ...

by Explorer in

How to search a list of all enabled apps in Splunk and their versions on a search head?

Hi, Could you please help me to create a search which can list all apps enabled in Splunk (on splunk search head) ...

by Path Finder in

Index based search for user being added to multiple windows groups?

Hello Folks, Needed help with index based search for any user being added to multiple windows groups (preferably m...

by Engager in

Splunk Search to get time if exceeds cut off time on account of day changed?

Hai All, Good day, we have event in splunk for job_name Test job HAS START_TIME at 2023/06/15 23:30:33 and END_...

by Path Finder in

How to calculate percentage based on 3 different searches with Joins? Is that possible?

First query: index="raw_es2" app message="[Login][Password]Login simplified active." | stats count by messa...

by New Member in

How cache fields are computed in index _audit?

Hello All, I need help to understand the cache related fields returned by _audit index for scheduled searches. du...

by Contributor in

How to find top 10 URLs with high response time?

Hello Team, I need to have top 10 url's in the order of max average response time taken. Could you please help in ...

by Path Finder in

How to create a join when first search contains multivalues for single field?

Hi,I'm trying to join two searches where the first search includes a single field with multiple values. The matching ...

by Path Finder in

How to combine events having one field value same and create single row?

Hi, Require to combine events having one field value same and create single row . Query: index=webmethods_d...

by Loves-to-Learn Everything in

What is the best way to use if clause with where?

Hello Community, I have a table: Filename Status file1 1 file2 0 ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Can we use regex to search for word?

How to pass parameter from savedsearch to a macro (inside the savedsearch) ?

Any examples of using now() inside map command?

How to join different fields together?

How can I use a variable from a lookup in a search?

How to set token value based on selection from multiselect input?

AdminManagerDispatch- How do I resolve this error?

How to write a regex to cover few options?

How do I fix my tsidxstats search?

How to segregate the count or limit the count to 1?

How can I get Membership information?

How to extract nested JSON fields and array from Splunk data using spath?

How to create unique event?

How to identify an unusual source sending a high volume of emails, excluding VCP public wifi from the 172 Host?

How to count specific field in a mini batch log events?

How can I refer part of query as a table?

How to search a list of all enabled apps in Splunk and their versions on a search head?

Index based search for user being added to multiple windows groups?

Splunk Search to get time if exceeds cut off time on account of day changed?

How to calculate percentage based on 3 different searches with Joins? Is that possible?

How cache fields are computed in index _audit?

How to find top 10 URLs with high response time?

How to create a join when first search contains multivalues for single field?

How to combine events having one field value same and create single row?

What is the best way to use if clause with where?

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

Splunk Community Badges!

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

Search for triggered save searches and their actio...

Splunk Search

Are you a member of the Splunk Community?

Discussions