Splunk Search

Discussions

Thread Info

How to get the sourcetype in an index and its types like int, string or char etc by api?

Hi all,I am new to API.I want to use api to get all the sourcetype and its type in the index.what should I do ?Many T...

by Explorer in

List all unique keys present under certain json path?

Hello Community,I stumbled across a scenario where I have events present in the JSON format as follows ...

by Path Finder in

Can someone please guide me some sweet spots of Splunk Analytics to MITRE Framework?

Hi everyone, I am coming from background of Java, Python in the past 12 years. I am new to Splunk. Currently ...

by Observer in

How to get details of accelerated datamodels that failed to complete?

Hello All, I need help to build an SPL for finding details of Accelerated Data Models which have failed to execute ...

by Contributor in

How to run bashscript when user hit bottom on dashboard?

Hi I want to put a bottom on a dashboard that when I hit it, run bashscript on splunk server, and show this messa...

by Motivator in

How to add work week date in Splunk query (or) how to convert date to work week?

how to add work week date in splunk query (or) how to convert date to work week ?

by Engager in

How to remove duplicates rows based on all fields, not just one field, and display the unique rows?

how to remove duplicates rows based on all fields, not just one field, and display the unique rows?Let say there are ...

by Motivator in

How to show 2 eventcode fields?

HiI need to run this query, I don't know what I'm missing but when I run it the src_ip field doesn't show me anything...

by Builder in

How to extract the first element from the JSON element based on a field match?

I want to extract the json object based on a single field match from below string message. payload ::[{"nam...

by New Member in

Any way to filter multiple wildcard lookup matches to narrowest match?

If a value matches multiple rows due to wildcard, I want a method to return only one match that is "narrowest". Is t...

by SplunkTrust in

How to find the field value corresponding to an extremity (min, max)?

Say I have sales figures Month Sales June 44 July 55 August 66 September 60 November 5...

by SplunkTrust in

how to reverse field value in Splunk

Hi Team, I have a field name domain with value "www.microsoft.com"; how I can reverse that and make it to "com....

by Engager in

INLINE EXTRACTION with /g option for RegEX

Hi.Question:is there a way to add the classic /g option for RegEX in INLINE RegEX extractor for Splunk (props), witho...

by Builder in

Joining two queries not giving the desired result

I have 2 queries and joining it with "Join" using the common field "SessionID".With the below query I'm just getting...

by Path Finder in

index and the sourcetypes in which the hosts have collected events, with the date of the first and last event on the spe

on index=_internal I have to create two searches one on (report ) and one connected to the dashboard where the index ...

by Loves-to-Learn Everything in

リアルタイムアラートのルックアップ参照について

リアルタイムアラートにて受信したイベントをCSV lookupを参照して処理し、結果をアラート機能の「結果をルックアップに出力」でCSV lookupに追加しています。イベントの処理中に次のイベントが来た際、処理中のイベント結果...

by Observer in

bucket repair

splunk fsck repair --all-buckets-all-indexes i need to know where i need to put this command on Linux

by Explorer in

Sort result of bin to draw distribution histogram

Hi I'm trying to draw a distribution histogram of the duration to complete a specific action. The search is: ...

by Communicator in

Help on input text token

Hi I use an input text token in.my dashboard in order to retrieve spécifications numériques for a field It works ...

by Motivator in

Actions in regards to events coming in

We have searches for 4740 account lockouts not showing as action=lockout but instead as action=modified. This is im...

by Path Finder in

How to dynamically set a variable for Dashboard Panel Title?

I am looking to dynamically update the Splunk Dashboard panel title, depending on options I've chosen from a dropdown...

by Path Finder in

Line breaking issue with [source] stanza (with [sourcetype] stanza working fine

We are trying to do custom linebreaking for different types of logs under the same sourcetype using the props below. ...

by Path Finder in

Splunk Query to find the AD groups not configured in SAML - Splunk Cloud.

Hello, I'm looking for a splunk query to capture AD groups that are not integrated with SAML in Splunk Cloud

by Path Finder in

query search don't match on input

by Loves-to-Learn Everything in

populate multiselect

why doesn't this search populate the multiselect

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to get the sourcetype in an index and its types like int, string or char etc by api?

List all unique keys present under certain json path?

Can someone please guide me some sweet spots of Splunk Analytics to MITRE Framework?

How to get details of accelerated datamodels that failed to complete?

How to run bashscript when user hit bottom on dashboard?

How to add work week date in Splunk query (or) how to convert date to work week?

How to remove duplicates rows based on all fields, not just one field, and display the unique rows?

How to show 2 eventcode fields?

How to extract the first element from the JSON element based on a field match?

Any way to filter multiple wildcard lookup matches to narrowest match?

How to find the field value corresponding to an extremity (min, max)?

how to reverse field value in Splunk

INLINE EXTRACTION with /g option for RegEX

Joining two queries not giving the desired result

index and the sourcetypes in which the hosts have collected events, with the date of the first and last event on the spe

リアルタイムアラートのルックアップ参照について

bucket repair

Sort result of bin to draw distribution histogram

Help on input text token

Actions in regards to events coming in

How to dynamically set a variable for Dashboard Panel Title?

Line breaking issue with [source] stanza (with [sourcetype] stanza working fine

Splunk Query to find the AD groups not configured in SAML - Splunk Cloud.

query search don't match on input

populate multiselect

SOC4Kafka - New Kafka Connector Powered by OpenTelemetry

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

Building Momentum: Splunk Developer Program at .conf25

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions