Splunk Search

Discussions

Thread Info

Is it currently possible to somehow create a conditional macro expansion?

Hi all,Is it currently possible to somehow create a conditional macro expansion?For example, I have different list of...

by Engager in

How to extract matched data from different index and different source based on the fields?

Below two events Start event Index= x source= xtype | spath application | search application= x app " saved n...

by Explorer in

How to extract this string?

There are two types of raw data. What is the regular expression to get the value between the /* special symbol and th...

by Loves-to-Learn Lots in

How to calculate the SLA percentage from start event query and end event query?

I have two events one is calculate the SLA percentage from below querys Start event query Index=x source...

by Explorer in

How to create a custom alert based on past data?

can we setup an alert based on data from current time stamp & based on information on past 15mins ?say at T1, got a l...

by New Member in

How to change the cron schedule of around 500 saved searches at once in Splunk Cloud so spread across the clock?

Hi, I have many concurrent saved searches running due to which search delayed health indicator is always red. How to ...

by Explorer in

How to extract file name from path's for both windows and nix format?

Hi, We have a data source containing File Path's from both Windows and Linux formats. Applying regex separately w...

by Builder in

How to search sourcetype not reporting by host?

Hi Splunkers, I need your assistance to create a search that provides the following:SPL query I will use it to loo...

by Path Finder in

How to common fields from two different events and calculate the diff between the start and end event group my main?

We have two events Start event Index= x source= xtype | spath application | search application= x app " saved ...

by Explorer in

Why am I unable to output lookup field when the field is not a Splunk field?

Hi All, I have an issue which i am unable to resolve. I have a lookup with two columns: Process_Command_Line, s...

by Contributor in

How to find event timestamp duration with respect to current time in minute and seconds?

We have splunk event having field "eventdateTime" in format mentioned below. for example eventdateTime 2023...

by Loves-to-Learn Everything in

How to extract two fields from a group?

I am new to Regex expressions and trying to figure them out. I am trying to extract two sections of the following ...

by Explorer in

How to avoid "search is waiting for input...", even if a user does not include a value in a text input field?

Hi, Sorry if my question is repeated or too naive. I have a text input field accepting "Module name". It works ...

by Path Finder in

Why are values are doubled in the Splunk dashboard?

I am scheduling this at 9.00 AM everyday using splunk DB connect .When i see the sourcetype nextday at 9.00 AM g...

by Path Finder in

How to filter multiselect entries based on its own selection?

I have a multiselect for software version (version is just yyyy.mm.dd or an alphanumeric string). If the user selec...

by Explorer in

How to achieve list of manid breaching Authorization SLA?

We have two events query Start event Index=x source type= xx "String" extacted fields s like manid,actionid,bat...

by Explorer in

How to include month name in streamstats as?

Hi Legends How do I give bit more meaningful names for fields last_sum and first_sum in below query? i.e. somet...

by Path Finder in

Are there specifics to search to determine if a user is being added to Sudoers through the Splunk UF?

I have a requirement where I have been asked to monitor for new users getting added to Sudoer. Are there specific ac...

by New Member in

Why is lookup command not giving result as expected?

Hi All, I am facing some issue in using lookup command. Need your suggestions here please.. I have a lookup file a...

by Explorer in

How search for metrics for items not on within last 90 days?

Hello,Trying to complete a search that uses metrics to monitor when a device has not been connected for the last 90 d...

by Communicator in

Whats the difference between dc (distinct count) and estdc (estimated distinct count)?

I have a search that returns unique visitors query over 30 days' worth of logs : Using dc() it was a lot slower. H...

by Splunk Employee in

Is there a way to change the year in _time?

I have a 2015 log that I need to analyze I have a 2015 Aruba log I need to analyze. The log does not have the ye...

by Loves-to-Learn Lots in

How to extract particular pattern text from its various possible trailing text pattern?

Hello Everyone, Below is the set of the log response pattern: "message":{"input":"999.111.000.999 - - [06/Apr/2...

by Path Finder in

How to exclude two event types when together?

I have noticed that the event_ids that I cannot find documentation for are associated with two eventtypes together. H...

by Explorer in

How to get duration from start and time two different events and different index based on the common filed?

I have two events one is Index=x source type= xx "String" extacted fields s like manid,actionid,batch I'd 2nd ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Is it currently possible to somehow create a conditional macro expansion?

How to extract matched data from different index and different source based on the fields?

How to extract this string?

How to calculate the SLA percentage from start event query and end event query?

How to create a custom alert based on past data?

How to change the cron schedule of around 500 saved searches at once in Splunk Cloud so spread across the clock?

How to extract file name from path's for both windows and nix format?

How to search sourcetype not reporting by host?

How to common fields from two different events and calculate the diff between the start and end event group my main?

Why am I unable to output lookup field when the field is not a Splunk field?

How to find event timestamp duration with respect to current time in minute and seconds?

How to extract two fields from a group?

How to avoid "search is waiting for input...", even if a user does not include a value in a text input field?

Why are values are doubled in the Splunk dashboard?

How to filter multiselect entries based on its own selection?

How to achieve list of manid breaching Authorization SLA?

How to include month name in streamstats as?

Are there specifics to search to determine if a user is being added to Sudoers through the Splunk UF?

Why is lookup command not giving result as expected?

How search for metrics for items not on within last 90 days?

Whats the difference between dc (distinct count) and estdc (estimated distinct count)?

Is there a way to change the year in _time?

How to extract particular pattern text from its various possible trailing text pattern?

How to exclude two event types when together?

How to get duration from start and time two different events and different index based on the common filed?

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 3)

Operationalizing TDIR: Building a More Resilient, Scalable SOC

Almost Too Eventful Assurance: Part 1

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions