Splunk Search

Discussions

Thread Info

How to remove comms and parenthesis?

index="myIndex" app_name="myappName" My.Message = "*failed to retrieve the workOrder*"| rex "Order (?<Order>[^\s]+)"...

by Explorer in

How do I create a search to show Cisco logins sorted by User?

I can search through cisco logs easily enough, and can also sort for logins, or failed logins without issue - but sin...

by Engager in

How to add unique count column on the stats result?

Hi, I have data as below | date | buyer | product || Jun-1 | A | P-01 || Jun-1 | A | P-02 || Jun-1 ...

by Explorer in

How to write query to find perimeter fw details?

Hi, I am trying to build a query on perimeter firewall how we can find the ips hitting to the fw. Thanks

by Builder in

How to cancel scheduled alerts if no logs are being ingested?

Hi, currently I have scheduled alerts that are triggered based on file count results. If count of 'file x' for that d...

by Loves-to-Learn Everything in

How to extract two characters before last set of numbers in a string?

Tried many variations but just cant get it right. Example Data:onetwoap321.siteonethreap3ua.somesiteoneforpd210.s...

by Path Finder in

How to combine two searches/data sets into one table?

I have two searches/data sets that I would like to combine into a table, and am not entirely sure on what the correct...

by Explorer in

Does anyone have an idea how to make a bitwise AND operation for a high number of events in Splunk?

Hey all The PAN-OS traffic log include a log field ‚flags‘ ‚Flags‘ is a 32-Bit field that provide details on se...

by New Member in

How to get eval assignment of a nested JSON list does not assign?

Hi, I'm trying to assign a list from a nested JSON event { "timestamp": "2023-06-14T18:03:57.047...

by Communicator in

How to alert when a field value has > 500 events?

Hello, I'm not sure how to achieve this. I need to create an alert for when a field (user) value has > 500 events...

by Path Finder in

How to make a query that counts by comparing values?

I'm new to splunk and I'm asking for help. I will give an example as below. if event_id or orig_event are the same, c...

by Engager in

How to exclude data that is already duplicated?

Hi , I have somthing data need to deduplicate. I got some data from two database and save in different indexes ...

by Engager in

Why is lookup not showing results?

Hey all, Does anyone know why this isn't working (I'm a new Splunk user)? I'm trying to show the errorMessageFilte...

by Explorer in

How to build multisearch dynamically?

This is mostly just a curiosity, motivated by this post on how to compare a particular time interval across multiple ...

by Explorer in

Is there any way to display single accurate values within each cell of the table?

I have used search query like this- | savedsearch REPORT1 |chart values(COLUMN3) AS Status BY COLUMN2 PROCESS_I...

by Path Finder in

Why am I am receiving an error in 'rex' command?

I am trying to use a similar splunk query:index="myIndex" appname="myapp" msg.result.message ="*TradingSymbol(s):*" ...

by Explorer in

How to go about stats count by a values between a range?

I am trying to return data for a pie chart with a specified range of values. How would I go about this? | st...

by Path Finder in

Is it possible to consider "time" as "_time" on logstash config?

Hi I have logstash config that send logs to Splunk HEC. these data contain field that call "time". Now quest...

by Motivator in

Why is search query within link is showing "Unexpected close tag" error?

We are trying to run a rex command inside of a custom drill down link. Here is the relevant XML Code we are using: ...

by Engager in

How can we create an API call that returns a link to a report?

We need to call a search via the API and return a link to a report, produced by this call. Is it doable? So, I have s...

by Motivator in

Can I write a CSV Lookup that's Partial Matching?

Dear All I have a CSV lookup with a column name column1 with below values MicroBest GoDear Bear ...

by Path Finder in

How to split an event into parts and recombine with a common header?

Hey all - thanks in advance! I have _raw log data that contains a header section and then what appears to be two en...

by Explorer in

How can I extract multiple file names from an event and add it as a separate field using rex command?

Hi Team, We have a raw event where the message field consists of multiple file names, we want to extract those and...

by Loves-to-Learn Everything in

How to extract field names against values in one (or more field)?

Hi guys, Looking for help framing a query for the following scenario: index=index "designated field" ...

by Explorer in

How to use the values of a CSV within a search?

Hi all, Very new to Splunk here. I'm hoping to get some help. I'm trying to use some of the values in my CSV file ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to remove comms and parenthesis?

How do I create a search to show Cisco logins sorted by User?

How to add unique count column on the stats result?

How to write query to find perimeter fw details?

How to cancel scheduled alerts if no logs are being ingested?

How to extract two characters before last set of numbers in a string?

How to combine two searches/data sets into one table?

Does anyone have an idea how to make a bitwise AND operation for a high number of events in Splunk?

How to get eval assignment of a nested JSON list does not assign?

How to alert when a field value has > 500 events?

How to make a query that counts by comparing values?

How to exclude data that is already duplicated?

Why is lookup not showing results?

How to build multisearch dynamically?

Is there any way to display single accurate values within each cell of the table?

Why am I am receiving an error in 'rex' command?

How to go about stats count by a values between a range?

Is it possible to consider "time" as "_time" on logstash config?

Why is search query within link is showing "Unexpected close tag" error?

How can we create an API call that returns a link to a report?

Can I write a CSV Lookup that's Partial Matching?

How to split an event into parts and recombine with a common header?

How can I extract multiple file names from an event and add it as a separate field using rex command?

How to extract field names against values in one (or more field)?

How to use the values of a CSV within a search?

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions