Splunk Search

Ask a Question

Discussions

Thread Info

Creating alarms based on differences in stats output

Greetings! Right now we're monitoring connections between internal IPs and external IPs using our proxy log input....

by Explorer in

How to to show milliseconds with table _time in Splunk 6.x?

unable to find millisec in table _time in splunk6, used to be available before splunk 6

by Explorer in

Why stats count does not return results after filtering indexed data with lookup?

I have a lookup (person, manager) that looks like this (lookup flatorg): 1,2 fk,ry op,ry and a sourcetype that loo...

by Explorer in

How to write regex to extract a field's values and pass them to a new field using rex?

How can I use the value from a field named geog in the regular expression passed to the rex command? In the example b...

by Explorer in

Why am I getting inconsistent results when using a different search date range for the same record in Splunk 4.3.2?

Hi While running a search for a specific record in a specific date (tagged as WT_vt_sid) i get one result with value ...

by New Member in

Simple search dashboard element

Hi We have just started using splunk with real data in my organisation, and to a start we're only using it to show...

by New Member in

REST lookup functionality

Is there any functionality (built-in to Splunk, or that someone has created custom) to do lookups to an external REST...

by Builder in

How do I exclude a subnet from a search using CIDR notation?

How do I exclude a subnet from a search using CIDR notation? For example, I have this search: "%ASA-4-733100" OR "...

by New Member in

Need to get splunk server names with host count

Hi All, Need to get the host count with splunk_server names by using the search queries, i have used below but its...

by Path Finder in

How to use join to identify calls to Country A followed by calls to a list of other Countries?

I am trying to identify calls from an originating number where a small number ie 1 or 2 are first made to country A f...

by Path Finder in

いくつかのvalueを一つにまとめたい

nameというフィールドに、同じappAという名前が、「app A」、「app a」、「App A」などのようにいくつかvalueの入力方法が異なってしまい、stats countした際に別のものとして認識されてしまいます。 eval...

by Contributor in

Timechart value not setting after post process

I have a search and then a table and following that table is a post process. Search Table Post-Process (| timechar...

by Explorer in

How to scroll through a log file to see what happened just before an event of interest?

A common trouble shooting scenario is to log onto a machine, examine logs until you find something of interest and th...

by Engager in

Query accessing a very large lookup in another index - earliest and latest

I am trying to join a very large lookup dataset (cab) with my main SPLUNK query and have the lookup data loaded into ...

by Path Finder in

How to use delta command to calculate change of current value from previous value to not produce negative results?

When use the delta command I get results like this Value delta(Value) what-I-want-it-to-be 1 0 ...

by Communicator in

How to add additional fields to timechart?

Hello, I am looking to add two additional fields to the results of my search. (Account_Name) and (Workstation_Name). ...

by Path Finder in

help with correlation of (any of the ) multiple mail recipients (in same email) from yesterday to today

Hi, Lets say that I have 10 users that are getting the same "spam" email sent to them. I would now like to be able...

by Builder in

How to combine the outputs of two searches and display them in a chart?

Hi users, I am trying to combine the outputs of two different searches and stack them in a chart. The idea is t...

by Communicator in

What is the difference between Event Count and Statistic Count in Splunk search results?

In Splunk search results, what is the difference between events count and statistic count. (I am unable to upload the...

by Engager in

What are your best anomaly finding searches?

Besides the obvious things of looking for rare field values... what are all the list of anomaly searches you use t...

by Splunk Employee in

Is it possible in search to return leading and trailing results surrounding each match similar to -C function in grep?

Is it possible in a SPLUNK search to return a number of leading and trailing results surround each match similar to t...

by New Member in

How to create a table from syslog event?

I want to create a table from the following syslog entry: Aug 14 15:37:34 192.168.10.18 Aug 14 15:37:33 WestAnnex1...

by Explorer in

Counting Emails with the same subject, and reporting higher than average

Hi All, I've had an incident where phishing email has come through my reputation filter, and it got me to thinkin...

by Path Finder in

Ldap Command line works -- Web-UI does not work

Hi This is for splunk version 4.3.4, build 136012 I have setup ldap authentication in file : /opt/splunk/etc/sy...

by New Member in

How to graph timechart of top 5 processes for the metric selected by the user?

Hi All. If the user selects %_Processor_Time,then I need to show the graph for avg(%_Processor_Time) for top 5 proces...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Creating alarms based on differences in stats output

How to to show milliseconds with table _time in Splunk 6.x?

Why stats count does not return results after filtering indexed data with lookup?

How to write regex to extract a field's values and pass them to a new field using rex?

Why am I getting inconsistent results when using a different search date range for the same record in Splunk 4.3.2?

Simple search dashboard element

REST lookup functionality

How do I exclude a subnet from a search using CIDR notation?

Need to get splunk server names with host count

How to use join to identify calls to Country A followed by calls to a list of other Countries?

いくつかのvalueを一つにまとめたい

Timechart value not setting after post process

How to scroll through a log file to see what happened just before an event of interest?

Query accessing a very large lookup in another index - earliest and latest

How to use delta command to calculate change of current value from previous value to not produce negative results?

How to add additional fields to timechart?

help with correlation of (any of the ) multiple mail recipients (in same email) from yesterday to today

How to combine the outputs of two searches and display them in a chart?

What is the difference between Event Count and Statistic Count in Splunk search results?

What are your best anomaly finding searches?

Is it possible in search to return leading and trailing results surrounding each match similar to -C function in grep?

How to create a table from syslog event?

Counting Emails with the same subject, and reporting higher than average

Ldap Command line works -- Web-UI does not work

How to graph timechart of top 5 processes for the metric selected by the user?

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

How do I add the total count of all events in each...

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

Splunk Search

Are you a member of the Splunk Community?

Discussions