Splunk Search

Discussions

Thread Info

How to match an IP address to a lookup with IP ranges?

I have an IP field that I'm trying to match against a lookup that contains DHCP ranges. For example, assume the lo...

by Contributor in

How to change the date format of the Date Picker in SplunkWeb UI?

When I am using Splunk Web to perform a date-range (or date and time range) search, the Date Picker is in the US date...

by Engager in

How to see SPLUNk.d log?

Is it possible to see the Splunk the log in the graphical user interface (the web interface), supposedly you can see ...

by Explorer in

How to troubleshoot “Error in 'inputlookup' command: External lookup table 'inputlookup' returned error code 13053..."?

Hello I'm getting this error when I go into the Enterprise console and look at the security posture it's been going o...

by Engager in

How to fix token with a field created using "eval"?

so I created a field like so: |eval message_id=AREA.SUBID| stats count as "Number of message_id" by message_id| sort ...

by Explorer in

How to determine the alarm alarm when the source IP reaches the destination IP more than 100 times?

index="*" tag=fw action=blocked| stats values(dest) as dest by src| eval dest = dest| where dest > 10

by Engager in

How to update column values if results found in another column?

There are two columns with headings "new image Name" and "source image Name". The new images are derived from source...

by Engager in

How can I send a notification when file is missing?

Hello dear community, I am new here and hope for warm support. The following problem I have to solve: I have se...

by Explorer in

How to return count of certain text using Splunk regular expression?

I have an input string which contains strings like code =test1 description=test1 description status = pending,code ...

by Path Finder in

How to search error messages in log file?

Hi, I am new to Splunk. How to search error messages in the log file using SPL.I am using the below formats to search...

by Engager in

Latest event filter on status- How to get the failed tasks?

I have a query that is giving the latest event of the task but I want to filter the query for a status <base ...

by Path Finder in

Help with If The Else Condition?

am writing an If Then Else Evaluation statement and could use some help. If (PRIORITY=02 AND Condition=Alarm...

by Explorer in

Change textbook to search on multiple values?

Hi, I have the following search that searches an index based on 2 textbook inputs: | inputlookup ABC | sear...

by Builder in

How to plot choropleth data on maps? I have data from multi-cloud in respective index.

I am trying to understand how I can plot my multi-cloud subscription/service consumption data from different geo regi...

by Communicator in

How to list of events per host, with heading per host, emailed in a report?

Hi there, I'm a noob. I'm looking to generate a report containing a list of events per host for a specific timefra...

by Explorer in

If I have DataError field which has 10 different message text but I need to exclude 2 out 10 and 8 as stats result?

If I have DataError field which has 10 different message text but I need to exclude two out 10 I need only 8 as stats...

by Loves-to-Learn Lots in

Matching index field value with lookup field value

If I am having 3 fields in lookup table as flow,InterfaceCode,DataError. I am having a common field interfaceCode o...

by Loves-to-Learn Lots in

How to create an alert that triggers when a certain number of failed logins are reported using transaction command?

I am trying to create an alert that triggers when a certain number of failed logins are reported in a 5 minute time p...

by Explorer in

How to delete last row in a table?

Counterror_manager1System2System3System4System5System6System How to delete last row in a table?

by Path Finder in

How would we match static content of error to interesting fields of splunk search by editing lookup table with regex?

If we have some error messages with some static and dynamic content. We want to match static content of error to inte...

by Loves-to-Learn Lots in

How to perform lookup on CSV file from search on index?

how to perform lookup on CSV file from search on index?For example below: I want to find out if "name" on employee...

by Motivator in

How would I write a Splunk search to build a table for PASS and FAIL?

Hello Everyone, I have below query with which I am trying to build a table showing data for SUCCESS for sum of st...

by Path Finder in

How to extract a word between two words?

stream=stdout 9 INFO [DataEnrichmentController] (default task-597) start : comm-uuid : rsvp-service : nljnj42343n43k ...

by New Member in

extract fields from json-wrapped postfix logs?

I have logs landing in Splunk Cloud that are normal `postfix_syslog` lines, but are wrapped in a `json` object. 3 Exa...

by New Member in

How to pass token in dashbaord

Below is my original xml code for dashboard. from the panel of EPP TimeZone , i have modified the query using tstat...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to match an IP address to a lookup with IP ranges?

How to change the date format of the Date Picker in SplunkWeb UI?

How to see SPLUNk.d log?

How to troubleshoot “Error in 'inputlookup' command: External lookup table 'inputlookup' returned error code 13053..."?

How to fix token with a field created using "eval"?

How to determine the alarm alarm when the source IP reaches the destination IP more than 100 times?

How to update column values if results found in another column?

How can I send a notification when file is missing?

How to return count of certain text using Splunk regular expression?

How to search error messages in log file?

Latest event filter on status- How to get the failed tasks?

Help with If The Else Condition?

Change textbook to search on multiple values?

How to plot choropleth data on maps? I have data from multi-cloud in respective index.

How to list of events per host, with heading per host, emailed in a report?

If I have DataError field which has 10 different message text but I need to exclude 2 out 10 and 8 as stats result?

Matching index field value with lookup field value

How to create an alert that triggers when a certain number of failed logins are reported using transaction command?

How to delete last row in a table?

How would we match static content of error to interesting fields of splunk search by editing lookup table with regex?

How to perform lookup on CSV file from search on index?

How would I write a Splunk search to build a table for PASS and FAIL?

How to extract a word between two words?

extract fields from json-wrapped postfix logs?

How to pass token in dashbaord

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

Alert Triggered Action: Dashboard Studio Snapshot

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions