Splunk Search

Discussions

Thread Info

extract fields from json-wrapped postfix logs?

I have logs landing in Splunk Cloud that are normal `postfix_syslog` lines, but are wrapped in a `json` object. 3 Exa...

by New Member in

How to pass token in dashbaord

Below is my original xml code for dashboard. from the panel of EPP TimeZone , i have modified the query using tstat...

by Path Finder in

How to display source IP and destination IP mapping count by connection events?

Hi, I am trying to build a dashboard to show a mapping between source IP and destination IP based on different connec...

by Explorer in

How to find second maximum value

I have a search like this to fetch the maximum value. Now the case i wanted to add is, if the maximum value field is ...

by Explorer in

How to perform field extraction for key/value pairs with special character used as delimiter?

Hello, I have events with Key/Value pair assigned by "="Highlighted in Bold) and separated by special character "^...

by Motivator in

What is the difference between stats eventstats streamstats?

Hi All I'm new to Splunk and I'm confused between stats eventstats and streamstats. Can anyone help me to understand?

by Engager in

How to compare assets from previous week and highlight the difference?

Hello I have created a dashboard that shows the previous 4 days and the equivalent days the week before for asset ...

by Path Finder in

Issues with Rollup Events

Hello, I have a Roll Up events. One file created every month and new events added up every day within that file. Ho...

by Motivator in

How to give space in dashboard query?

Have drop down vaules like below Extual vaul Index =abc source = abc source Drop down values like prod la...

by Explorer in

How to match at least one field from separate events but the same source file?

We have a log file that is split into multiple events. In these events we need to count the number of occurrences whe...

by Path Finder in

Why doesn't the Automatic lookup work?

I have a new lookup setup I want to query against it .presently its not working may I know what I have to do in order...

by Explorer in

Help with logs line breaking issue?

My application logs json object . Sample logs look like this: {"ts":"05 25 2023 14:57:05.114","msg":...

by Engager in

Help with making stats table in decreasing order

I am looking for the table to be in decreasing order and with the Total row on top. This is my current search. ...

by Path Finder in

How can I find all scheduled searches that have a timeframe of 'All time'?

I am looking to find all scheduled searches within the environment that are using a timeframe of 'All time' e.g. if a...

by Explorer in

Why am I unable to search with string tokens against two fields on an lookup?

Hi, I have a dashboard where the data is coming from a lookup called "ABC" which has 2 fields called "src_ip" and ...

by Builder in

How to use timechart to display whether a log exists or not over a certain time range in 15 minute buckets?

I am trying to write a search that displays a table that shows whether a log in cloud watch exists or not every 15 mi...

by New Member in

How to convert nested xml block into json formatted nested block ?

I have the below sample botsv3 sample data set which is sysmon in xml format. I need to convert that into json format...

by Path Finder in

How to select the value of a field where another field equals a specific value?

Hi! I have a search query problem that's wrecking my newbie brain. I have log events that look like this: ...

by Engager in

How can I resolve this syntax error?

Hi All I have a room mailbox in office365 and i want to get the information of how many meetings were booked for o...

by Explorer in

How to extract a field in using regex?

I am relatively new to Splunk and I am trying to extracting fields in Splunk, I have a pattern I am attempting to...

by Communicator in

How to make a for loop query from a lookup table?

I have a lookup table from which I need to read the IP addresses one by one, perform calculations on each address, an...

by Loves-to-Learn Lots in

Why is heavy forwarder not sending _audit and _internal logs to indexer?

Hi All, We noticed that one of our Heavy Forwarder has not been sending _audit and _internal logs to our indexer. ...

by Path Finder in

Email regex from mail.log to extract 2 email addresses, display them in a table?

I have mail.log. This is displayed in the "Event" column: May 24 14:02:05 srv7 amavis[10129]: (10129...

by Engager in

Why does Dropdown retain entries from old query result?

I have a query for for my dropdown with tokens inserted here and there and whenever the values on those tokens change...

by Explorer in

Nessus data charting- How to make a trend chart of specific data set?

I am making a trend chart of specific data set. What I am looking for is (generic example)index=nessus | eval Month=s...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

extract fields from json-wrapped postfix logs?

How to pass token in dashbaord

How to display source IP and destination IP mapping count by connection events?

How to find second maximum value

How to perform field extraction for key/value pairs with special character used as delimiter?

What is the difference between stats eventstats streamstats?

How to compare assets from previous week and highlight the difference?

Issues with Rollup Events

How to give space in dashboard query?

How to match at least one field from separate events but the same source file?

Why doesn't the Automatic lookup work?

Help with logs line breaking issue?

Help with making stats table in decreasing order

How can I find all scheduled searches that have a timeframe of 'All time'?

Why am I unable to search with string tokens against two fields on an lookup?

How to use timechart to display whether a log exists or not over a certain time range in 15 minute buckets?

How to convert nested xml block into json formatted nested block ?

How to select the value of a field where another field equals a specific value?

How can I resolve this syntax error?

How to extract a field in using regex?

How to make a for loop query from a lookup table?

Why is heavy forwarder not sending _audit and _internal logs to indexer?

Email regex from mail.log to extract 2 email addresses, display them in a table?

Why does Dropdown retain entries from old query result?

Nessus data charting- How to make a trend chart of specific data set?

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions