Splunk Search

Ask a Question

Discussions

Thread Info

Create a table in my search when I enable/disable account but not when I create account.

Hello guys, I have a question about a query search. I have two queries associated with Windows. My first quer...

by Communicator in

Substitute a value in the search result

I have a search result which returns me the following Username,TimeOnVPN user1,185.25 user2,1920.25 ... ... ... us...

by Path Finder in

Count number of Transaction every hour

2013-09-20 16:53:04,723 INFO[Thread-3]EndTime=20/09/2013 16:53:04 TransactionID=A, Event=completed, Result=sent 2013...

by Engager in

Help for timechart display

hi this is mt search index=tm_idx host="server" "finished executing normally" | rex field=_raw "(?i)Process\s\"...

by Communicator in

insert the earliest and latest in the DBquery

Hello I'm breaking my brain for make one thing. I recovery the data from External database, in this point no probl...

by Explorer in

How to limit primary search based on time interval from subsearch -- dynamic time interval ; time delta

In order to query from an external firewall log that contains say "badwebsite.com" and join those results back throug...

by Communicator in

Splunk web not showing login fields JAVAscript enabled

Not able to see login fields when launching splunk web ... Javascript enabled in browser and no iptables issue etc...

by Path Finder in

rex mode=sed syntax

I apolagize for the simplicity of this question. I have scowered all over splunk answers and could find or make sense...

by New Member in

Data Discovery of Index Fields

Does anyone know how to generate a report listing all fields (from an index) and their respective info (example follo...

by Explorer in

"Write access to the proxy endpoint is disabled. " for any searches after upgrading from 5.0.4 to 6.0

I get the following error for all of my searches after upgrading from 5.0.4 to 6.0: Write access to the proxy endp...

by Contributor in

Function results and evaluating them

Soo - I got this great search to show how many hosts at each location we are getting logs from. I want to only displa...

by Engager in

eval macro with a case statement errors

source="PerfMetrics" "OPEN PLAN" OSArch=64-bit PlanMode=Server | transaction Guid startswith="OPEN PLAN START" endswi...

by Contributor in

Overlay search results on a background image

My company leverages background images to describe our security architecture around inbound email and on quarterly ba...

by Explorer in

Subquery to get rows

Hi What is the syntax using subquery to get all rows having the same correlation id that of an inbound call with a gi...

by New Member in

Where to store a variable value

I want to search for all records where some field value is greater than X where X is some number. A number of searche...

by Contributor in

[RESOLVED] Regex works with rex but errors in transforms.conf

[RESOLVED] The extract was defined in the transforms.conf in an app which had the "Sharing for config file-only objec...

by Contributor in

Any way to fetch logs via ssh

I have a splunk server and ssh access to a server with read-only access to logs. I can ssh from the machine on which ...

by New Member in

Extracting an alphanumeric expression from a line

I have a logger like below and I need to extract the alphanumeric word from this line- "My employeeID E1233244345 ...

by New Member in

Search job inspector discrepancies

I have a search inputs a fairly large lookup table (150 MB). The execution costs are shown as: Execution costs ...

by Builder in

How do I search for a Term, then get the Percentage out of Total?

I'm writing a search query that needs to look for a specific word SPECIFIC_WORD in the logs of host HOST_X and then d...

by Path Finder in

Resolve IP to Host

I am creating a failed login report from WMI security log entires. My temporary search command looks like: sourcet...

by Communicator in

Is it possible to order the entities on the REST API by order of date instead of alphabetically?

As title. I'm using the setup.xml and the admin/passwords endpoint, though I would create a custom endpoint if needed...

by Path Finder in

Help with regular expressions

I have a syslog where I want to extract only these 3 events: 1) Engine Busy Utilization CPU Busy I/O Busy Idle ...

by Explorer in

REGEX to discard specific event containing " Allow " but not them followad by 2 specific strings ?

Hello, i need to find the REGEX to allow me to filter what splunk will index. As it is firewall Logs, it gerera...

by Engager in

Extract second instance of a field in multiple line log

In the following log I want to extract the second instance of the "Security ID" field. I have tried a few different r...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Create a table in my search when I enable/disable account but not when I create account.

Substitute a value in the search result

Count number of Transaction every hour

Help for timechart display

insert the earliest and latest in the DBquery

How to limit primary search based on time interval from subsearch -- dynamic time interval ; time delta

Splunk web not showing login fields JAVAscript enabled

rex mode=sed syntax

Data Discovery of Index Fields

"Write access to the proxy endpoint is disabled. " for any searches after upgrading from 5.0.4 to 6.0

Function results and evaluating them

eval macro with a case statement errors

Overlay search results on a background image

Subquery to get rows

Where to store a variable value

[RESOLVED] Regex works with rex but errors in transforms.conf

Any way to fetch logs via ssh

Extracting an alphanumeric expression from a line

Search job inspector discrepancies

How do I search for a Term, then get the Percentage out of Total?

Resolve IP to Host

Is it possible to order the entities on the REST API by order of date instead of alphabetically?

Help with regular expressions

REGEX to discard specific event containing " Allow " but not them followad by 2 specific strings ?

Extract second instance of a field in multiple line log

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions