Splunk Search

Ask a Question

Discussions

Thread Info

Are there specifics to search to determine if a user is being added to Sudoers through the Splunk UF?

I have a requirement where I have been asked to monitor for new users getting added to Sudoer. Are there specific ac...

by New Member in

Why is lookup command not giving result as expected?

Hi All, I am facing some issue in using lookup command. Need your suggestions here please.. I have a lookup file a...

by Explorer in

How search for metrics for items not on within last 90 days?

Hello,Trying to complete a search that uses metrics to monitor when a device has not been connected for the last 90 d...

by Communicator in

Whats the difference between dc (distinct count) and estdc (estimated distinct count)?

I have a search that returns unique visitors query over 30 days' worth of logs : Using dc() it was a lot slower. H...

by Splunk Employee in

Is there a way to change the year in _time?

I have a 2015 log that I need to analyze I have a 2015 Aruba log I need to analyze. The log does not have the ye...

by Loves-to-Learn Lots in

How to extract particular pattern text from its various possible trailing text pattern?

Hello Everyone, Below is the set of the log response pattern: "message":{"input":"999.111.000.999 - - [06/Apr/2...

by Path Finder in

How to exclude two event types when together?

I have noticed that the event_ids that I cannot find documentation for are associated with two eventtypes together. H...

by Explorer in

How to get duration from start and time two different events and different index based on the common filed?

I have two events one is Index=x source type= xx "String" extacted fields s like manid,actionid,batch I'd 2nd ...

by Explorer in

Error message: The search job with sid=<value> failed to launch successfully after the timeout interval elapsed

Some Splunk customers have encountered the following error message when performing searches: The search job with s...

by Splunk Employee in

How to convert a regex to work in transforms.conf?

I am attempting (for the first tiume) to convert the following regex search to work in transforms.conf, but can't see...

by Loves-to-Learn Everything in

How to extract IDs?

I have a field called APM_ID and i want to get the output for only APMs from this field (for eg: A1002, A0001) and wa...

by Explorer in

Is there another way to use min max?

I am running search.basesearch |eventstats count values(date) as Date by ID result I get count 2 or 3 or 1how do...

by Communicator in

How to do the query for jumpcloud - bruteforce from svchost?

index=* success="false" process_name="C:\\Windows\\System32\\svchost.exe"| stats count as failedAttempts by user| sor...

by New Member in

How can I exclude certain IP addresses from a query based on their presence in a lookup table?

Hi,I'm looking for the search to exclude the ips present in the lookup table ips c...

by Path Finder in

How to have Splunk search to include only events outside regular business hours?

Hi Splunkers,I want to create a search that send results to an "On call" system only for out of hours during monday t...

by Explorer in

How to get a total count for today and weekly average index time in one search?

Hello!I've been trying to solve this problem for a couple days now but can't seem to figure it out.So basically I wan...

by Loves-to-Learn Everything in

How do I search for IP address hitting a host?

by Path Finder in

How to extract IP hostname SplunkAgent and Machine architecture from splunkd_access log?

10.179.130.56 - - [14/Apr/2023:01:59:28.233 +0800] "POST /services/broker/phonehome/connection_10.179.130.56_8089_10....

by Explorer in

How to run a search from rest search?

I am doing some analysis on our existing searches. What I would like to do is run the saved search when I get the res...

by Contributor in

How to get results of two separate queries to calculate the percentage of the first result values present in the second?

Hi, I have 2 queries , let's call them query_a & query_b. query_a - gives me a table containing all the userAgent...

by Observer in

How to get sum of durations in milliseconds?

1. How to get total sum of call_Duration of time for all call_Name mentioned below in splunk from ms to seconds with ...

by Explorer in

How to compare my search table to lookup table and output the not match result to my search table?

I have lookup table like Date ID Name 02/04 12547 xxx02/04 12458 xxx02/04 ...

by Communicator in

What is the difference between a lookup search and index searches?

Hi, I need your help in order to get the difference between two searches. I have a task running once a day on all ...

by Explorer in

Why is the scroll is not working on a table viz?

I am using Dashboard Studio, and When I create a table viz the scroll is not working, and neither is the next button....

by Loves-to-Learn in

How to display the bar with both values even when there are no results for failed?

I have a bar graph that shows the status (Success and failed). I want to display the bar with both values even when t...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Are there specifics to search to determine if a user is being added to Sudoers through the Splunk UF?

Why is lookup command not giving result as expected?

How search for metrics for items not on within last 90 days?

Whats the difference between dc (distinct count) and estdc (estimated distinct count)?

Is there a way to change the year in _time?

How to extract particular pattern text from its various possible trailing text pattern?

How to exclude two event types when together?

How to get duration from start and time two different events and different index based on the common filed?

Error message: The search job with sid=<value> failed to launch successfully after the timeout interval elapsed

How to convert a regex to work in transforms.conf?

How to extract IDs?

Is there another way to use min max?

How to do the query for jumpcloud - bruteforce from svchost?

How can I exclude certain IP addresses from a query based on their presence in a lookup table?

How to have Splunk search to include only events outside regular business hours?

How to get a total count for today and weekly average index time in one search?

How do I search for IP address hitting a host?

How to extract IP hostname SplunkAgent and Machine architecture from splunkd_access log?

How to run a search from rest search?

How to get results of two separate queries to calculate the percentage of the first result values present in the second?

How to get sum of durations in milliseconds?

How to compare my search table to lookup table and output the not match result to my search table?

What is the difference between a lookup search and index searches?

Why is the scroll is not working on a table viz?

How to display the bar with both values even when there are no results for failed?

.conf25 Global Broadcast: Don’t Miss a Moment

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions