Splunk Search

Discussions

Thread Info

How to search the 90th percentile value in a series of values and the count of values that are greater than the 90th percentile?

I need the 90th percentile value in a series of values and the count of values that are greater than the 90th percent...

by Path Finder in

How to return "Specific text" in the subject of an alert if regex matches any field/value from the results?

Hi, I am trying to work to get "Specific text" in the subject of an alert using regex if possible. Here it goe...

by Explorer in

Detecting MS14-068 (AD) exploitation attempts. How to concatenate the Domain Name and Account name in the search query?

I'm trying to query instances where Security_ID != {Domain Name}\Account_Name in the security event logs per Microsof...

by Engager in

Is It possible do two different searches and write the output data in another index?

by Explorer in

How to configure character set encoding for Russian in Splunk?

Hello. Can you help me? I have a log: filename":"\u0421\u043e\u0433\u043b\u0430\u0448\u0435\u043d\u0438\u0435 \u0...

by Communicator in

Where do we find date of creation for Knowledge objects in Splunk?

Hi All, Where do we find date of creation for Knowledge objects (Searches and reports, Event types, Tags, Fields a...

by Contributor in

How to write a search that automatically compares volume for this year against the same day of the week last year?

Greetings! Trying to build a search that automatically compares volume for this year against the same day of the w...

by Contributor in

DB Connect App Error Code 47

I have setup a MSSQL database connection using the DB Connect App, this database does have a specific port. When sett...

by Motivator in

Summary index event timestamp issue

I have a search that generates 24 hours of timechart results with a 10 minute span. The search returns expected resul...

by Path Finder in

How to use the extract command for a field extraction of key value pairs?

having some time trying to extract fields automaticaly from the message below. really wanted to test out the xtract b...

by Path Finder in

Can my dashboard pick from a set of predetermined timechart spans depending on the user's timerange length?

First, the answer here may be to simply not use span=1h at all, but rather to use bins=500 or some similar number in ...

by SplunkTrust in

Splunk DB Connect: How to get dbquery to respect time range picker?

All, I'd like to do something like the following | dbquery MyDatabase "SELECT * FROM myTable WHERE timestamp > ...

by Contributor in

Calculation based on field matching counts of a value

We have a CSV fields set defined (shortening it here), Txn,Destination,Status test1,NY,Pass test2,NY,Pass test2,N...

by New Member in

Getting eval error "Typechecking failed, '-' only takes numbers." How to convert Zulu time format to Epoch using strptime?

(index=unix) (sourcetype="web") | eval Time.atFirewall=DateOutbound-DateInbound | eval Time.atDataCentre=strptime(ind...

by Engager in

How to group by and find stats on every X number of events instead of time or bins?

Hello. I want to get a statistic for values of every X number of non-overlapping events. For example, for events w...

by New Member in

Round problem

When I enter this query: index=_internal | head 100 | eval time1=round(_time,0) | eval time2=round(_time,-3) | eva...

by Communicator in

How to extract pipe separated subfields from a field?

Hi, I have a index with a field named PARAMS. This field has a content valued by subfields pipe separated. Example...

by New Member in

What is the effect of maxresultrows for [stats] in limits.conf?

Hi, My understanding about the configuration parameter "maxresultrows" for [stats] is for limiting the number of s...

by Motivator in

How can I run an on-demand scan?

by Explorer in

Counting events only once using different fields in specific orders.

A potentially simple question that i'm just missing the obvious answer to  Say for example we have the following ...

by Motivator in

How can I get the flieds of two logs by joining them?

Hi people, I have a doubt. I've two logs with their own fields. One of them is ldap-pre.log, that has this fields: IP...

by Contributor in

Finding ip which are not exists in second index

Hi All, I am new to Splunk and need some help. I have 2 index, and in both index there is a field "ip", How can...

by New Member in

How can I rename column names after a transpose based on a field?

Hello Everyone. I have a search that uses streamstat to create a field called "answer" and "frequency" for each re...

by Explorer in

How to exract regex to my field

I am having events like below, E.g. 1 Nov 7 10:18:49 111.222.333.444 Success user=abc userid=123 account=xyz E.g.2...

by Communicator in

Align results with time differences

Good day Splunkers, I'm having a problem with my search, well this is what I am trying to achieved. I have 2 sourc...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to search the 90th percentile value in a series of values and the count of values that are greater than the 90th percentile?

How to return "Specific text" in the subject of an alert if regex matches any field/value from the results?

Detecting MS14-068 (AD) exploitation attempts. How to concatenate the Domain Name and Account name in the search query?

Is It possible do two different searches and write the output data in another index?

How to configure character set encoding for Russian in Splunk?

Where do we find date of creation for Knowledge objects in Splunk?

How to write a search that automatically compares volume for this year against the same day of the week last year?

DB Connect App Error Code 47

Summary index event timestamp issue

How to use the extract command for a field extraction of key value pairs?

Can my dashboard pick from a set of predetermined timechart spans depending on the user's timerange length?

Splunk DB Connect: How to get dbquery to respect time range picker?

Calculation based on field matching counts of a value

Getting eval error "Typechecking failed, '-' only takes numbers." How to convert Zulu time format to Epoch using strptime?

How to group by and find stats on every X number of events instead of time or bins?

Round problem

How to extract pipe separated subfields from a field?

What is the effect of maxresultrows for [stats] in limits.conf?

How can I run an on-demand scan?

Counting events only once using different fields in specific orders.

How can I get the flieds of two logs by joining them?

Finding ip which are not exists in second index

How can I rename column names after a transpose based on a field?

How to exract regex to my field

Align results with time differences

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions