Splunk Search

Discussions

Thread Info

How to present a readable time value when epoch value is on the y-axis in a scatter chart?

My goal is to present a scatter chart with the size of a file each time a job runs. This requires 3 values: time, siz...

by Explorer in

How to phrase a search to find results if two conditions are met?

I am new to using Splunk and having some difficulties with the search query logic. I want to create a dashboard that ...

by Engager in

How to find all events where at least one column has duplicate values?

Through a dbx query, I'm pulling out several columns, among which include account_email, true_ip, device_id, and requ...

by Explorer in

multi-level nested JSON to table?

There are numerous questions/answers about extracting nested JSON data, but none of those answers seem to apply to wh...

by Engager in

How to stats count but get all values?

Here is the search I am trying to do and I hope I can explain this correctly....I am searching for dlp events where t...

by Explorer in

How to calculate subnet from list of IP addresses?

I'm trying to come up with a way to output to a lookup file a list of calculated network addresses given a list of IP...

by New Member in

How to arrange table columns?

How do i print the following service status count Gmdl 200 5 Aesp 200 13 abc ...

by New Member in

How can I find the data retention and indexers involved?

I need a query that will provide the earliest date for data within an index as well as the indexer it is stored on, s...

by Motivator in

How to write a query to check IP addresses in Subnets?

Hi, I am trying to establish a query that checks whether a random src IP is in a specific subnet.However, all the ...

by Builder in

Splunk query for bayesian check- Why am I getting error?

I am trying to refine search based on a sub query, where sub query is not a filter of outer query. I need to check if...

by New Member in

Is there anything comparable to SPL for offline use?

I love love love Splunk and especially SPL! It makes it so easy to generate very granular and detailed reports on lar...

by Path Finder in

How to use the lookup table into a macro with parameters?

I have a lookup table with filters and SPLs columns/values by product/client. I want to use a macro passing the produ...

by Contributor in

How to compare numbers before and after a special char?

Hello, I have a log file that spits out data like the below. I want to be able to evaluate the the numbers either...

by Explorer in

Trouble getting a very basic search to work- Is there a way to get just a portion of log entry?

I'm using the "LogPush" feature from Cloudflare to get "log events" put into a Splunk index. The log events are all J...

by Explorer in

How to count the occurrences based off two matching fields?

Hi,I have two searches,..First search which will run once per day lookback -24h@h , latest=now cron: 5 4 * * * and wr...

by Path Finder in

How to modify the search query to get the count of fields separately?

Hi, I am relatively new to Splunk. I am trying to achieve the output as - StoreRegisterSuccess_CountFailure_Cou...

by Communicator in

How to build a Splunk search to build a table for PASS and FAIL percentage?

Hello Everyone, This is the extension of previous query which I posted- https://community.splunk.com/t5/Splunk-Sea...

by Path Finder in

How to combine two searches on different sources based on one common field value?

I have two different searches: 1. index=xoom_app_online_checkout_orchestration_api user_id residence_country=US re...

by Observer in

Why is replace giving empty string?

Sample event { durationMs: 83 properties: { request-id: 1c910793-8be4-4850-83d5-f360b4b05478 method:...

by Explorer in

Automatic Lookup, matching on multivalue not working?

I'm trying to configure an automatic lookup and match multivalue field of IP addresses (in the lookup) on an IP field...

by Contributor in

How to match an IP address to a lookup with IP ranges?

I have an IP field that I'm trying to match against a lookup that contains DHCP ranges. For example, assume the lo...

by Contributor in

How to change the date format of the Date Picker in SplunkWeb UI?

When I am using Splunk Web to perform a date-range (or date and time range) search, the Date Picker is in the US date...

by Engager in

How to see SPLUNk.d log?

Is it possible to see the Splunk the log in the graphical user interface (the web interface), supposedly you can see ...

by Explorer in

How to troubleshoot “Error in 'inputlookup' command: External lookup table 'inputlookup' returned error code 13053..."?

Hello I'm getting this error when I go into the Enterprise console and look at the security posture it's been going o...

by Engager in

How to fix token with a field created using "eval"?

so I created a field like so: |eval message_id=AREA.SUBID| stats count as "Number of message_id" by message_id| sort ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to present a readable time value when epoch value is on the y-axis in a scatter chart?

How to phrase a search to find results if two conditions are met?

How to find all events where at least one column has duplicate values?

multi-level nested JSON to table?

How to stats count but get all values?

How to calculate subnet from list of IP addresses?

How to arrange table columns?

How can I find the data retention and indexers involved?

How to write a query to check IP addresses in Subnets?

Splunk query for bayesian check- Why am I getting error?

Is there anything comparable to SPL for offline use?

How to use the lookup table into a macro with parameters?

How to compare numbers before and after a special char?

Trouble getting a very basic search to work- Is there a way to get just a portion of log entry?

How to count the occurrences based off two matching fields?

How to modify the search query to get the count of fields separately?

How to build a Splunk search to build a table for PASS and FAIL percentage?

How to combine two searches on different sources based on one common field value?

Why is replace giving empty string?

Automatic Lookup, matching on multivalue not working?

How to match an IP address to a lookup with IP ranges?

How to change the date format of the Date Picker in SplunkWeb UI?

How to see SPLUNk.d log?

How to troubleshoot “Error in 'inputlookup' command: External lookup table 'inputlookup' returned error code 13053..."?

How to fix token with a field created using "eval"?

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions