Splunk Search

Discussions

Thread Info

Why am I getting different results with filtering and using the append command?

Hello , I would like to generate a customer analysis. I must use order and a customer segmentation. I write a ...

by Engager in

How to write a search where the count of an event from the same source exceeds 2 in an hour?

I want to create a search query to search a specific ids event from a source to destination wherever the count of the...

by Explorer in

How to find all the events since the last instance of a specific event?

I feel like this should be an easy question to find the answer to, but I've spent a good hour or so looking and haven...

by Engager in

How to have a sort command ignore one result/leave it at the bottom of the sort?

I have a search that looks at number of enabled vs disabled users in our AD structure by organizational unit, calcula...

by SplunkTrust in

What is the purpose of our Splunk instance phoning home to an external IP over port 443?

We've noticed that our splunk server was phoning home to an external IP over port 443. What's the purpose of this tr...

by Splunk Employee in

Compare two date

Hello, I'd like to compare two date with this format 2011-11-30 22:21:05 for example. If I search the following, t...

by Engager in

How to give time modifiers to run the search query from yesterday morning 5 am to today morning 5 am ?

Hi All, Can anyone help me on the time modifiers ... for giving the earliest and latest for yesterday morning 5 am...

by Motivator in

How to use rex to remove the domain from the "User name" field and use the username only as a named extraction?

How do I use regex within search to remove the domain from the field "User name" and use the username only as named e...

by New Member in

Java SDK: How to find data type and length of fields returned from the search?

Hi, I am using Splunk Java SDK for developing an application in which splunk is used as database. I am aware that ...

by New Member in

Display logs that have a unique field-value

Sorry for the confusing title. Let me explain When I query this search | rex field=_raw "Session (?<number>\\w+...

by Communicator in

Results returned by a search not matching up with events

We're in the process of testing a number of different types of data to properly size the expansion of our Splunk lice...

by Builder in

How to escape a parenthesis when using rex to create a field?

I have a question about extracting two fields from the below sample text Session <number> (<username>@<ipaddress>)...

by Communicator in

How to add hostname field to main search results with a subsearch using approximate time field?

I am generating a daily report for all IP addresses that are bypassing internal DNS server. For e.g. index=fw_l...

by New Member in

Filter the source-file of logs with "rex" command to produce fields

Hi users, I automatically import some log-files to Splunk using a script. The naming convention for those files is...

by Communicator in

How to extract a field from nested data in a search?

I have events in splunk like this code=123 name="somename1" data={ _id = "someid1"} code=123 name="somename2" da...

by Explorer in

need help with uploading a directory of .txt file

previously, i tried uploading a directory of .txt file and it was able to read the content of all the .txt file howev...

by New Member in

How to configure props.conf for timestamp recognition and extraction for 2 log files with different timestamp structures?

Hi, I have two different type log files using in Splunk and I do not have any timestamp issue with the first one (...

by Path Finder in

How to calculate the number of requests occurring per host from the search result

I am really new to splunk and can some one please help me I need to calculate number of request hitting our host so b...

by Explorer in

Set operator

I've tried using SET operator to find all the users who satisfy first condition but are not present in second search ...

by Path Finder in

Why eval case with comparison operators doesn't return expected result?

Hi all, I am using the following search string to determine if a specific value in a table falls between 34 and 50 (p...

by Path Finder in

How to group two different events together that share the same source and destination IP address?

I'm having trouble writing a search query that looks for one specific event followed by different specific event with...

by Builder in

How to calculate the average of total column

I've following query... What I'm interested in producing the output as, OS Users Actions Actions_Per_User IO...

by Path Finder in

Help joining datasources/queries across a field and during a timeframe

I have a situation where I need to take a queries result (successful logins of users) and then use each of those even...

by Path Finder in

How to search unfinished transaction events and duration without a unique ID?

Hello all and thank you for any help in advance, I have a log of tunnels like so: Oct 2 15:23:08 localhost cha...

by Engager in

How to use a daily updated lookup table to search for new sourcetypes added in the past 24 hours?

I want to create a search that displays any newly added sourcetypes in the past 24 hrs. I've created a report that ou...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why am I getting different results with filtering and using the append command?

How to write a search where the count of an event from the same source exceeds 2 in an hour?

How to find all the events since the last instance of a specific event?

How to have a sort command ignore one result/leave it at the bottom of the sort?

What is the purpose of our Splunk instance phoning home to an external IP over port 443?

Compare two date

How to give time modifiers to run the search query from yesterday morning 5 am to today morning 5 am ?

How to use rex to remove the domain from the "User name" field and use the username only as a named extraction?

Java SDK: How to find data type and length of fields returned from the search?

Display logs that have a unique field-value

Results returned by a search not matching up with events

How to escape a parenthesis when using rex to create a field?

How to add hostname field to main search results with a subsearch using approximate time field?

Filter the source-file of logs with "rex" command to produce fields

How to extract a field from nested data in a search?

need help with uploading a directory of .txt file

How to configure props.conf for timestamp recognition and extraction for 2 log files with different timestamp structures?

How to calculate the number of requests occurring per host from the search result

Set operator

Why eval case with comparison operators doesn't return expected result?

How to group two different events together that share the same source and destination IP address?

How to calculate the average of total column

Help joining datasources/queries across a field and during a timeframe

How to search unfinished transaction events and duration without a unique ID?

How to use a daily updated lookup table to search for new sourcetypes added in the past 24 hours?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!