Splunk Search

Discussions

Thread Info

Taking Count of Response Codes by Endpoints with Endpoints listed as rows and Response Codes listed as columns?

Hello,I am new to Splunk. Please help me write a query to get count of response by ServcieName(displayed in rows) and...

by Observer in

How to apply header color based on the header value on the table?

I have 10 columns and want to color header alone with different color codes based on value of the header since column...

by Builder in

How to search to retrieve the host values from the index data that match the host values in the CSV file?

I have an index named "Linux" and a CSV file called "sample.csv" with multiple columns, including "IP" and "Host." ...

by Communicator in

How to discard users that start with a urn:forms:anonymous#?

I have some users that start with urn:forms:anonymous# in my lookupI was trying to to discard them use urn:forms:anon...

by Engager in

How to extract stats in a multivariate field?

I have the following query that sets 'Results' based on the JSON portion of my logs below: index="internallogs"sou...

by Explorer in

How to pass current year and month to search query dynamically?

Hi Team, I am trying to write a search query where it will find the existing filename is present in the logs or...

by Loves-to-Learn in

How to add total median and min to median and min by month?

Hey guys! I need the statistics of a bunch of data by month. And this is done already. search|eval Month=...

by Explorer in

Why is index missing in list of indexes while editing roles?

We are running splunk 9.0.5 We want to add an index to the default indexes for a user role, but the index does not...

by Explorer in

How to extract each set of numbers from a string before space and after a ;(semi-colon)?

Hi, I'm trying to extract the matching patterns 35255955, 35226999, 35162846 ...etc untill end of the string with ...

by Path Finder in

How to match email from index with a lookup file.csv ? same "email prefix" but different email domain.

Hi, I'm trying to use index and lookup function. However values in those fields are not an exact match but those emai...

by Engager in

Log file is importing: How to parse the event?

I am getting the log file imported to Splunk, but each line is an event with no field name. Can I break up the line ...

by Path Finder in

Chart logon session duration:hour of day as x axis and day of the month as y axis, duration of session as a line segment

Hi, I have a couple of logs showing user login and logout sessions. I'm trying to display each session of a specif...

by Engager in

How do you make a table that reduces in height when your dashboard search returns no results?

How to change a Simple XML table height when no data is present? The table should be much smaller when no alerts are ...

by Legend in

How to create common name for 3 different fields in an event?

I have event like below and I am trying to create a common field for CI_Name / Hostname /IP_Address and name it as G...

by Path Finder in

How to find out the unused IP address from IP ranges?

hi, all, I have an index=myindex, and with two data sourcestype sourcetype1 includes some IP subnet information ...

by Loves-to-Learn in

How to find Okta users that logged in from rare countries?

I want to search for Okta Logs to find users that logged in from rare countries. So typically, users who logged from ...

by New Member in

How to delete events which is decreasing inbetween?

How to delete events which is decreasing inbetween. I have extracted the _time column using regex so that splunk defa...

by Explorer in

What is wrong with my sub-pipeline in appendpipe?

I have a lookup table bsm_string_new_overheat_records.csv: _time overheat_location start_CC...

by Communicator in

Is there a way to limit the results to UP TO 3 per host?

Good Afternoon, I have a query to get disk space from servers. Each server has between 1 and 3 drives. My query wi...

by Path Finder in

How to fetch fields and values reported in Job inspector of searches executed by end users?

Hello All, I need help to make build an SPL which helps to get the results of Job inspector for each query executed...

by Contributor in

How to add a string in the field value when there are more than 2 values in a field?

I have a field named "port_number" in my results which gives multivalves as follows. source destinationport_numbe...

by New Member in

Search History

Hi,Can we see queries run by another splunk user for any app ? Does it require any extra priviledges / roles ? Pleas...

by Communicator in

How to use Rex to extract field

Hi everyone, i have a logs vpn format 2023-06-21T03:29:16+0000 [stdout#info] LOG ERR: 'LOG_DB RECORD {"username": "du...

by Loves-to-Learn Everything in

How to copy events from a search result to another index?

Hi all, We have a an index (say log_index) where the log retention is only 7 days. We can not have this increased ...

by Path Finder in

How to parse json with SPL?

Hi Splunk Community,I am looking to create a search that can help me extract a specific key/value pair within a neste...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Taking Count of Response Codes by Endpoints with Endpoints listed as rows and Response Codes listed as columns?

How to apply header color based on the header value on the table?

How to search to retrieve the host values from the index data that match the host values in the CSV file?

How to discard users that start with a urn:forms:anonymous#?

How to extract stats in a multivariate field?

How to pass current year and month to search query dynamically?

How to add total median and min to median and min by month?

Why is index missing in list of indexes while editing roles?

How to extract each set of numbers from a string before space and after a ;(semi-colon)?

How to match email from index with a lookup file.csv ? same "email prefix" but different email domain.

Log file is importing: How to parse the event?

Chart logon session duration:hour of day as x axis and day of the month as y axis, duration of session as a line segment

How do you make a table that reduces in height when your dashboard search returns no results?

How to create common name for 3 different fields in an event?

How to find out the unused IP address from IP ranges?

How to find Okta users that logged in from rare countries?

How to delete events which is decreasing inbetween?

What is wrong with my sub-pipeline in appendpipe?

Is there a way to limit the results to UP TO 3 per host?

How to fetch fields and values reported in Job inspector of searches executed by end users?

How to add a string in the field value when there are more than 2 values in a field?

Search History

How to use Rex to extract field

How to copy events from a search result to another index?

How to parse json with SPL?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!