Splunk Search

Discussions

Thread Info

NOT the contents of a sub search from the main search

Hello Splunkers, I have some successful searches that are producing accurate numbers but I am trying to put them toge...

by Contributor in

How to remove leading zeros from a numeric value?

I have a field on which I am doing ltrim function to remove the leading 0's eval fieldA = ltrim(fieldA ,"0") ...

by Influencer in

Why is my "OR" statement not working?

When running my first and second searches independently the searches run fine and return a result within seconds. ...

by Path Finder in

How to extract two fields separated by delimiter comma ","?

Here is my output from splunk 2014.09.19 13:33:37.739,2014.09.19 13:33:37.726,13,dsd45sd4,gdm=DT30&ksls...

by New Member in

how to enrich the iplocation database with private IP addresses?

Hello I successfully use iplocation to map PUBLIC IP addresses on the built-in splunk> map. I also would like t...

by Communicator in

How to write regex to extract multiple email addresses into one field where each email is followed by an IP address?

I want to extract a field that has multiple email addresses, each one followed by an IP address, all of which appear ...

by Engager in

Finding events that have never happened before

Hello there, I'm pretty someone has asked the question before but couldn't find the post. I'm trying to find a go...

by Communicator in

New rule in detecting multiple requests for a known Malicious destination from a single source could use help with the way the rule is written

index=app_proxy sourcetype=bcoat_proxysg_app OR sourcetype=bcoat_proxyclient_app categories="Malicous Sources" OR "Bo...

by Explorer in

nested sub searches

Hello Splunkers, I have a search where I have two indexes from two different indexed .csv files. I have 3 seperate se...

by Contributor in

DB Connect: Why am I getting "Error validating dbmonTail for monitor..." trying to create a database input?

Dear All, I have installed splunk db connect application. I have query from which i have to get the result. when i...

by Contributor in

Is there a more efficient method than using join to combine searches?

I was just wondering what more efficient methods there are when combining searches than using | join. I always hear e...

by Path Finder in

How to write regex to exclude indexing files that start with a period (.)?

Can you please tell us REGEX pattern, to exclude files for indexing that start with a period (.) ?

by Builder in

Why am I getting two different date values in SQL and Splunk?

Dear All, I am connecting to the oracle database and i have multiple tables there so i wanted to merge more than t...

by Contributor in

How to limit my search to return only the top 10 events displaying count and percentage?

Hello, I would like to create a search that select the top 10 events Like this: event count percent [Mon...

by New Member in

How to write regex to identify and use time field B for event timestamp if time field A is missing?

I have a set of data where most events have an "end time" but some do not. I would like to setup Splunk to look for "...

by Esteemed Legend in

How to correlate more than 2 data points in a search?

So I am trying to tackle a real doozy of a search (at least for me) that has me stumped. I am attempting to learn to ...

by Contributor in

How do I filter time in a specific field in Search time?

Hi Splunkers, I need help creating a filter in a specific time field. My search is: sourcetype=google is_disab...

by Communicator in

Is it possible to create a field in Splunk based off a user's input?

Example: I want the user to enter a domain name and I want the report to perform a search based on the user's input? ...

by Path Finder in

How to display the last uri_path in each transaction event?

Currently I'm using: sourcetype=access_*|transaction clientip maxpause=1h keepevicted=t mvlist=t | table uri_path . T...

by Path Finder in

How to find the missing source

We are receiving various logs from many components. How to build a query to find the missing source. I got the answer...

by Communicator in

Summary Index: Difference between sichart and sitimechart

Short general question. It seems that they are just the summary index version of the normal commands. Are there any a...

by Contributor in

Real time log data for splunk

Hi guyz, I'm new to splunk and log management. I wanted to get hands on real time monitoring commands that splunk sup...

by Engager in

Using StreamStats/Other commands

Hi All, I have data like following in need to get the differents count. Count will get reset in certain time period. ...

by Contributor in

How to merge and group multiple key-value pairs, count the values, and table the results?

I try hard to group multiple key/values from a single record, then count the values and print them in a table. Say i ...

by Explorer in

Is there any way of using splunk map in advanced xml with inbuilt modules..

Am new to splunk I need to use map in advanced xml , Is there any option without creating new moudule..

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

NOT the contents of a sub search from the main search

How to remove leading zeros from a numeric value?

Why is my "OR" statement not working?

How to extract two fields separated by delimiter comma ","?

how to enrich the iplocation database with private IP addresses?

How to write regex to extract multiple email addresses into one field where each email is followed by an IP address?

Finding events that have never happened before

New rule in detecting multiple requests for a known Malicious destination from a single source could use help with the way the rule is written

nested sub searches

DB Connect: Why am I getting "Error validating dbmonTail for monitor..." trying to create a database input?

Is there a more efficient method than using join to combine searches?

How to write regex to exclude indexing files that start with a period (.)?

Why am I getting two different date values in SQL and Splunk?

How to limit my search to return only the top 10 events displaying count and percentage?

How to write regex to identify and use time field B for event timestamp if time field A is missing?

How to correlate more than 2 data points in a search?

How do I filter time in a specific field in Search time?

Is it possible to create a field in Splunk based off a user's input?

How to display the last uri_path in each transaction event?

How to find the missing source

Summary Index: Difference between sichart and sitimechart

Real time log data for splunk

Using StreamStats/Other commands

How to merge and group multiple key-value pairs, count the values, and table the results?

Is there any way of using splunk map in advanced xml with inbuilt modules..

Reduce and Transform Your Firewall Data with Splunk Data Management

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions