Splunk Search

Ask a Question

Discussions

Thread Info

Request for information on CPU information app in Splunk Enterprise Security

Hi there! I was wondering if there's a specific app available in Splunk Enterprise Security that can provide CPU i...

by Path Finder in

Can someone help with regex to extract new field?

Hello Team, can anyone help me with the extraction of new field input: site: mclaudelinemugasqiln.platinil...

by Explorer in

KVStore Lookup Not Returning Results

A newly created KVStore collection is not returning matches for a lookup command, despite the fact it's populated. Fo...

by Contributor in

Help with Regex in transaction endswith

Hi all, I try to group events using transaction. Since there are multiple endswith condition, i tried following t...

by Communicator in

How to achieve eval expression using the usecase in Splunk?

Hi,I'm trying to write the spl query on usecase like alertname!="*pdm*" triggerred by user in between like 2 hours...

by Builder in

Convert stats to JSON

I have a user who wants to send a table resulting from | stats values() to a summary index via the collect command, b...

by Explorer in

How to create a dashboard of XML file?

Hi, I have the following event (XML) in Splunk, how can I create a dashboard of this XML? <JOBAPPLICATION="AFT-...

by Explorer in

How do you prevent the map command from encapsulating the variable in quotes?

The quotes can only be seen in the search.log in one of the SearchParser component events. My ultimate goal is to...

by Explorer in

How to to sort the date so that my graph is coherent?

Hello, thank you in advance for your feedback. I would like to sort the date so that my graph is coherent, can ...

by Path Finder in

How do I compare lookup field to search and print another field in lookup file?

Currently in my logs I am getting the hostname of the users but not their usernames. I created a lookup table that co...

by Engager in

Splunk Forwarder preferred path

Hi Splunkers,does anyone have an idea how to configure a preferred path on a Splunk Forwarder?I have 2 datacenters wi...

by Path Finder in

How can I multiple search and table data?

Hello, I have a below splunk query which gives me response time value extracted from its response. index=my...

by Path Finder in

Detecting network and port scanning using SPL?

Hi, Could anyone help me with this use case as I'm trying to figure out my alert logic scanner use case scanning many...

by Path Finder in

How extract field using rex?

How to extract fields in between | servername | Which i am using in rex ^[^\|\n]*\|(?P<Server>\w+\.\w+\.\w+\.\w+...

by Builder in

Help with Regex for raw data to create pie chart?

I need some help to create a pie chart of songs using this raw data. The command I'm using is this: |rex ...

by Observer in

What search can I use to know if a service had been restart after a certain period of time?

hi all, i have this logs which i am interested in know if there is a agent restarted after certain period when the...

by Explorer in

Having Logs at different times?

Hi, I have log files coming at different times, but i need to compare logs of same time. 1-----Log1 - file receive...

by Explorer in

What is the best way to spoof run-anywhere fake data for a question?

Many people ask questions here that are tricky enough that the only way to get an answer that works is to play around...

by Esteemed Legend in

Help me understand: "Error in 'EvalCommand': The expression is malformed. Expected )."

So I've recently got into a new job, where I'm learning Splunk and learning how to support splunk searches and dashbo...

by Path Finder in

How to measure impact of searches with long time period?

Hello All, I need your help to understand the impact of time ranges selected by users while running their search qu...

by Contributor in

How to use the map command to match events?

Could someone have a look at the following query and see why it does not give me the results I expect based on the do...

by Explorer in

Regex for getting only the bold?

I have field log-sshd like this:log-sshd="Apr 5 xx:xx:xx serverhost sshd[xxxx]: Failed password for user xxx from xx....

by Explorer in

Error in 'where' command: The 'not' function is unsupported or undefined. Splunk Search

I have this report that i received an error from. Ive seen the error from different searches, but i just started to l...

by Communicator in

What is a REX I can use to create field domain from website?

REX command to create a field domain from websiteEX: input : https://www.youtube.com/sd/td/gs-intro outpu...

by Explorer in

How to extract, if log1 - severity =6 then what is the severity in log2, at given point of time?

Hi All, I'm searching 2 different logs, which contain the "Severity" as common field. I want to extract, if l...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Request for information on CPU information app in Splunk Enterprise Security

Can someone help with regex to extract new field?

KVStore Lookup Not Returning Results

Help with Regex in transaction endswith

How to achieve eval expression using the usecase in Splunk?

Convert stats to JSON

How to create a dashboard of XML file?

How do you prevent the map command from encapsulating the variable in quotes?

How to to sort the date so that my graph is coherent?

How do I compare lookup field to search and print another field in lookup file?

Splunk Forwarder preferred path

How can I multiple search and table data?

Detecting network and port scanning using SPL?

How extract field using rex?

Help with Regex for raw data to create pie chart?

What search can I use to know if a service had been restart after a certain period of time?

Having Logs at different times?

What is the best way to spoof run-anywhere fake data for a question?

Help me understand: "Error in 'EvalCommand': The expression is malformed. Expected )."

How to measure impact of searches with long time period?

How to use the map command to match events?

Regex for getting only the bold?

Error in 'where' command: The 'not' function is unsupported or undefined. Splunk Search

What is a REX I can use to create field domain from website?

How to extract, if log1 - severity =6 then what is the severity in log2, at given point of time?

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!