Splunk Search

Ask a Question

Discussions

Thread Info

How do I check any record of a ip address?

index=* "23.216.147.64" Above is my filter, I'm trying to get all the records of that IP address; is this fil...

by Observer in

Cloudflare Log Ingestion Using Cloudflare TA

Hello, We need to ingest Cloudflare logs using the Cloudflare TA. Do you have any recommendation on how we proceed ...

by Motivator in

How to parse json data event into table format?

Need splunk query to parse json Data into table format. raw data/event in splunk: <158>May 09 04:33:46 detailed...

by Loves-to-Learn Everything in

How to identify windows registry key use for persistence?

Hi I'm trying to identify the registry key use for persistence, what filter do I need to apply apply? index...

by Engager in

How to create a table from JSON?

Hi, Can someone please help me to build a table using following JSON My search results as follows ...

by Engager in

How can I inject all rex field events from 1st search to 2nd search?

I am planning to build a dashboard where all the extracted traceId # are collected and injected to another search cri...

by Communicator in

How to use macros to search data and persist data?

I'm creating a bunch of status dashboards where I need to search for a specific set of hosts and persist a result (ad...

by Explorer in

How to exclude results from joined subsearches if the field value appears in a 3rd sourcetype?

Hi All, I ran into a tricky one and can’t wrap my head around it (or if it is even possible). The use case is as ...

by Engager in

How to combine like events based off hostname?

I have events that where hostnames show up more than once and I would like to combine them. The fields available are...

by Path Finder in

How to achieve Splunk Dashboard text filter?

I have a splunk dashboard that looks like below, And i have added the text filter. But when i try to sear...

by Path Finder in

How can I return events with excluded field value combined with all events that have no value for that field?

Hello all. I've been having some trouble with a tricky query. Essentially, I want to return all events that contai...

by Engager in

How to calculate sum of the two count values?

I am using above splunk query stats count by BankType. I am getting result as SBI 27 AXIS 15 CIT...

by Path Finder in

How to add dynamic value in search query?

I have created a post curl to add data in Splunk, internally my api hits Splunk api and in that api I send data in bo...

by Observer in

How to fix issue with parsing events (log files)?

Hey, I have issues with parsing events, multiple events/records (raw data) are within the same event. Sample data ...

by Motivator in

Why collect command not working when the command is makeresults in search head?

When I run | makeresults command then collect it to summary index there is no result. I am testing this to Search Hea...

by Loves-to-Learn Everything in

How to map one string result to another string using Splunk query?

for e.g. input : I am getting result in an table format like statuscodeUSB 35 but i wan to transform the resu...

by Path Finder in

How to achieve stats by the existence of certain fields?

I have three types of data entries. { <Irrelevant field omitted> "parameters": [ { "LicenseNumber": ...

by Engager in

How to use append/multireport in a panel search or using multisearch with map?

Hello!I'm looking to get a time range from two events, one from a standard search, the other from a different search ...

by Explorer in

Why am I unable to format chart field?

I'm attempting to chart a maximum duration by server and event_type, and I'd like to display the duration in HH:MM:SS...

by Explorer in

How to create report to highlight systems with a decreased measurement value compared to yesterday?

Hi, Looking for help on how to detect systems where a monitored value has decreased compared to yesterday's averag...

by Explorer in

How to create a table showing the count of values across Lists/Arrays in multiple queries?

If I have queries with Lists/Arrays containing events : line.Data = [eventOne, eventThree]; line.Data = [eventOne,...

by Engager in

How to create a table showing the sum of values across dictionaries in multiple queries?

If I have queries with dictionaries containing events as the key and frequencies as the value: line.Data = {"eventO...

by Engager in

How can we filter our query in days like Monday to Friday and calculate their average value?

How can we filter our query in days like Monday to Friday and calculate their average value. For eg, I am getting dat...

by Loves-to-Learn in

How to filter time which starts from Jan 01-23?

I have added a Time filter for my charts in splunk but i want the default to be from 01-JAN-23, But the issue is when...

by Explorer in

How to merge search from two different hosts?

Hello I have a list of host pairs e.g. hostA1 and hostA2, hostB1 and hostB2, etc. I'm currently trying to search f...

by Observer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do I check any record of a ip address?

Cloudflare Log Ingestion Using Cloudflare TA

How to parse json data event into table format?

How to identify windows registry key use for persistence?

How to create a table from JSON?

How can I inject all rex field events from 1st search to 2nd search?

How to use macros to search data and persist data?

How to exclude results from joined subsearches if the field value appears in a 3rd sourcetype?

How to combine like events based off hostname?

How to achieve Splunk Dashboard text filter?

How can I return events with excluded field value combined with all events that have no value for that field?

How to calculate sum of the two count values?

How to add dynamic value in search query?

How to fix issue with parsing events (log files)?

Why collect command not working when the command is makeresults in search head?

How to map one string result to another string using Splunk query?

How to achieve stats by the existence of certain fields?

How to use append/multireport in a panel search or using multisearch with map?

Why am I unable to format chart field?

How to create report to highlight systems with a decreased measurement value compared to yesterday?

How to create a table showing the count of values across Lists/Arrays in multiple queries?

How to create a table showing the sum of values across dictionaries in multiple queries?

How can we filter our query in days like Monday to Friday and calculate their average value?

How to filter time which starts from Jan 01-23?

How to merge search from two different hosts?

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions