Splunk Search

Discussions

Thread Info

Is there anything comparable to SPL for offline use?

I love love love Splunk and especially SPL! It makes it so easy to generate very granular and detailed reports on lar...

by Path Finder in

How to use the lookup table into a macro with parameters?

I have a lookup table with filters and SPLs columns/values by product/client. I want to use a macro passing the produ...

by Contributor in

How to compare numbers before and after a special char?

Hello, I have a log file that spits out data like the below. I want to be able to evaluate the the numbers either...

by Explorer in

Trouble getting a very basic search to work- Is there a way to get just a portion of log entry?

I'm using the "LogPush" feature from Cloudflare to get "log events" put into a Splunk index. The log events are all J...

by Explorer in

How to count the occurrences based off two matching fields?

Hi,I have two searches,..First search which will run once per day lookback -24h@h , latest=now cron: 5 4 * * * and wr...

by Path Finder in

How to modify the search query to get the count of fields separately?

Hi, I am relatively new to Splunk. I am trying to achieve the output as - StoreRegisterSuccess_CountFailure_Cou...

by Communicator in

How to build a Splunk search to build a table for PASS and FAIL percentage?

Hello Everyone, This is the extension of previous query which I posted- https://community.splunk.com/t5/Splunk-Sea...

by Path Finder in

How to combine two searches on different sources based on one common field value?

I have two different searches: 1. index=xoom_app_online_checkout_orchestration_api user_id residence_country=US re...

by Explorer in

Why is replace giving empty string?

Sample event { durationMs: 83 properties: { request-id: 1c910793-8be4-4850-83d5-f360b4b05478 method:...

by Explorer in

Automatic Lookup, matching on multivalue not working?

I'm trying to configure an automatic lookup and match multivalue field of IP addresses (in the lookup) on an IP field...

by Contributor in

How to match an IP address to a lookup with IP ranges?

I have an IP field that I'm trying to match against a lookup that contains DHCP ranges. For example, assume the lo...

by Contributor in

How to change the date format of the Date Picker in SplunkWeb UI?

When I am using Splunk Web to perform a date-range (or date and time range) search, the Date Picker is in the US date...

by Engager in

How to see SPLUNk.d log?

Is it possible to see the Splunk the log in the graphical user interface (the web interface), supposedly you can see ...

by Explorer in

How to troubleshoot “Error in 'inputlookup' command: External lookup table 'inputlookup' returned error code 13053..."?

Hello I'm getting this error when I go into the Enterprise console and look at the security posture it's been going o...

by Engager in

How to fix token with a field created using "eval"?

so I created a field like so: |eval message_id=AREA.SUBID| stats count as "Number of message_id" by message_id| sort ...

by Explorer in

How to determine the alarm alarm when the source IP reaches the destination IP more than 100 times?

index="*" tag=fw action=blocked| stats values(dest) as dest by src| eval dest = dest| where dest > 10

by Engager in

How to update column values if results found in another column?

There are two columns with headings "new image Name" and "source image Name". The new images are derived from source...

by Engager in

How can I send a notification when file is missing?

Hello dear community, I am new here and hope for warm support. The following problem I have to solve: I have se...

by Explorer in

How to return count of certain text using Splunk regular expression?

I have an input string which contains strings like code =test1 description=test1 description status = pending,code ...

by Path Finder in

How to search error messages in log file?

Hi, I am new to Splunk. How to search error messages in the log file using SPL.I am using the below formats to search...

by Engager in

Latest event filter on status- How to get the failed tasks?

I have a query that is giving the latest event of the task but I want to filter the query for a status <base ...

by Path Finder in

Help with If The Else Condition?

am writing an If Then Else Evaluation statement and could use some help. If (PRIORITY=02 AND Condition=Alarm...

by Explorer in

Change textbook to search on multiple values?

Hi, I have the following search that searches an index based on 2 textbook inputs: | inputlookup ABC | sear...

by Builder in

How to plot choropleth data on maps? I have data from multi-cloud in respective index.

I am trying to understand how I can plot my multi-cloud subscription/service consumption data from different geo regi...

by Communicator in

How to list of events per host, with heading per host, emailed in a report?

Hi there, I'm a noob. I'm looking to generate a report containing a list of events per host for a specific timefra...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Is there anything comparable to SPL for offline use?

How to use the lookup table into a macro with parameters?

How to compare numbers before and after a special char?

Trouble getting a very basic search to work- Is there a way to get just a portion of log entry?

How to count the occurrences based off two matching fields?

How to modify the search query to get the count of fields separately?

How to build a Splunk search to build a table for PASS and FAIL percentage?

How to combine two searches on different sources based on one common field value?

Why is replace giving empty string?

Automatic Lookup, matching on multivalue not working?

How to match an IP address to a lookup with IP ranges?

How to change the date format of the Date Picker in SplunkWeb UI?

How to see SPLUNk.d log?

How to troubleshoot “Error in 'inputlookup' command: External lookup table 'inputlookup' returned error code 13053..."?

How to fix token with a field created using "eval"?

How to determine the alarm alarm when the source IP reaches the destination IP more than 100 times?

How to update column values if results found in another column?

How can I send a notification when file is missing?

How to return count of certain text using Splunk regular expression?

How to search error messages in log file?

Latest event filter on status- How to get the failed tasks?

Help with If The Else Condition?

Change textbook to search on multiple values?

How to plot choropleth data on maps? I have data from multi-cloud in respective index.

How to list of events per host, with heading per host, emailed in a report?

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions