Splunk Search

Discussions

Thread Info

Use Lookup Table with IP addresses to search in Splunk and find hostnames that match the IPs

I have a lookup table with a bunch of IP addresses (ipaddress.csv) and a blank column called hostname. I would like t...

by New Member in

Given variable as value of field and not token

I have such a search and it works fine but not in Dashboard! index=unis | search *sarch* | eval...

by Loves-to-Learn Everything in

Splunk searches does not return expected values even though the data is completed

Hi, We recently migrated from a standalone Search Head to a clustered one. However, we are having some issue runni...

by Loves-to-Learn Everything in

Need stats count per host and process_name

Right now a have a table list with fields populated where one process_name is repeating across multiples hosts with s...

by Engager in

Logs are showing raw, how do I get them to show as highlighted?

When I click on the raw log and back out of it it shows up as highlighted. How do I default the sourcetype/source to ...

by Explorer in

search with sub search doesnt get the correct defined time range

Hey, lately i was working on an SPL and wondered why this aint working. This is simplified index IN(an...

by Explorer in

Howto escape double quote in regex when using rex

I have the following regex that I (currently) use at search time (it will be a field extraction once I get it ironed ...

by Path Finder in

Loop through splunk search for multiple values

I want to get the below search executed and display the results in a table for all comma separated values that gets p...

by Explorer in

Using Machine Learning Toolkit to detect auth abuse

Hello, I’m trying to tune Machine Learning Toolkit in order to detect authentication abuse on a web portal (based u...

by Path Finder in

How can we show events prior to the one that matches the criteria?

We have a case where we can search and find events that match the search criteria. The client would like to see the e...

by Motivator in

How to refresh multiselect options with Javascript (re-execute the mutliselect search)

We have a custom dashboard in Splunk that has a few filters, one of which is a multiselect. This dashboard allows use...

by Engager in

Search using IF statement

Hi All, Could you please help me with " if "query to search a condition is true then need to display some values f...

by New Member in

List of the indexes that do not have attached a self-storage

Hi, I'm trying to get a query for a table containing all the indexes that do not have a self storage attached, but ...

by Explorer in

Use Case for Privileged Users, SPL Question

I'm trying to create a search in which the following should be done: - look for a user creation process (ID 4720)...

by Communicator in

Why does tstats command alter time stamps when I run it by _time?

I am wondering why tstats command alters time stamps when I run it by _time. | tstats values(text_len) as text_len...

by Path Finder in

Monitoring email status

Hi everyone! My goal is to create an alert to monitor in ALL saved search if there's any email that no longer exist...

by Engager in

Make table column header indicate the sort order of data in underlying search results?

I want the sort indicators (up/down arrowheads) in table visualization column headings to reflect the default sort or...

by Builder in

Decode base64 into any charset

Is there a command or app that will decode base64 and detect the correct charset to output to?Currently, I'm currentl...

by Explorer in

how to search in array inside a foreach loop

This is an example of the structure of my data and the query I am currently using. I have tried around 10 different s...

by Explorer in

How would I build a table of all metrics and their dimensions in splunk

My splunk server is receiving metrics from collectd. I want to build a table showing the metrics, dimensions, and...

by Explorer in

Splunk Cloud: How to Collect Data in JSON Format from Splunk Cloud?

Hello everyone, I'm trying to collect data in JSON format from Splunk Cloud, and I understand that one of the optio...

by Engager in

Help with conditional event count.

Hi, I have json data structured as follows: { "payload": { "status": "ok", # or "degraded" } } ...

by Explorer in

How to write a search to get the week number of the month from the given _time?

We need to extract the week number of the month for matching the SLA. Have SLA such as 2nd or 4th week of a month. So...

by Explorer in

How to join multiple condition

In my logs I am getting 4 events for 1 id. 1)Updating DB record with displayId=ABC0000000; type=TRANSFER2)Updating DB...

by Engager in

How to use conditional search

Hi All,I have a main search where name1 filed will have multiple valuesI need to run sub search based on the value of...

by Observer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Use Lookup Table with IP addresses to search in Splunk and find hostnames that match the IPs

Given variable as value of field and not token

Splunk searches does not return expected values even though the data is completed

Need stats count per host and process_name

Logs are showing raw, how do I get them to show as highlighted?

search with sub search doesnt get the correct defined time range

Howto escape double quote in regex when using rex

Loop through splunk search for multiple values

Using Machine Learning Toolkit to detect auth abuse

How can we show events prior to the one that matches the criteria?

How to refresh multiselect options with Javascript (re-execute the mutliselect search)

Search using IF statement

List of the indexes that do not have attached a self-storage

Use Case for Privileged Users, SPL Question

Why does tstats command alter time stamps when I run it by _time?

Monitoring email status

Make table column header indicate the sort order of data in underlying search results?

Decode base64 into any charset

how to search in array inside a foreach loop

How would I build a table of all metrics and their dimensions in splunk

Splunk Cloud: How to Collect Data in JSON Format from Splunk Cloud?

Help with conditional event count.

How to write a search to get the week number of the month from the given _time?

How to join multiple condition

How to use conditional search

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

MLTK - What algorithm should I use?

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions