Splunk Search

Ask a Question

Discussions

Thread Info

What search can I use to know if a service had been restart after a certain period of time?

hi all, i have this logs which i am interested in know if there is a agent restarted after certain period when the...

by Explorer in

Having Logs at different times?

Hi, I have log files coming at different times, but i need to compare logs of same time. 1-----Log1 - file receive...

by Explorer in

What is the best way to spoof run-anywhere fake data for a question?

Many people ask questions here that are tricky enough that the only way to get an answer that works is to play around...

by Esteemed Legend in

Help me understand: "Error in 'EvalCommand': The expression is malformed. Expected )."

So I've recently got into a new job, where I'm learning Splunk and learning how to support splunk searches and dashbo...

by Path Finder in

How to measure impact of searches with long time period?

Hello All, I need your help to understand the impact of time ranges selected by users while running their search qu...

by Contributor in

How to use the map command to match events?

Could someone have a look at the following query and see why it does not give me the results I expect based on the do...

by Explorer in

Regex for getting only the bold?

I have field log-sshd like this:log-sshd="Apr 5 xx:xx:xx serverhost sshd[xxxx]: Failed password for user xxx from xx....

by Explorer in

Error in 'where' command: The 'not' function is unsupported or undefined. Splunk Search

I have this report that i received an error from. Ive seen the error from different searches, but i just started to l...

by Communicator in

What is a REX I can use to create field domain from website?

REX command to create a field domain from websiteEX: input : https://www.youtube.com/sd/td/gs-intro outpu...

by Explorer in

How to extract, if log1 - severity =6 then what is the severity in log2, at given point of time?

Hi All, I'm searching 2 different logs, which contain the "Severity" as common field. I want to extract, if l...

by Explorer in

How to create pie chart for two fields?

Hi, I have service name verb, object and outcome. I need to show the statistics in pie chart. For example...

by Path Finder in

How can I see still results from both sourcetypes but only from hosts which have cvs score above 7?

Hello, Syntax: index=security sourcetype=EDR:* | eval dest=coalesce(ip,ipaddress) | stats values(...

by Explorer in

How to use eval to find the usecase?

Hi,Could any one able to write the query for the use case if user triggers both alerts (alert_name="*pdm*" AND alert_...

by Builder in

How do I write this search to find these 2 fields with the lookup hostname?

Hi, I need your suggestion here. Please guide me I have a lookup file with list of hosts. I need to compare it wit...

by Explorer in

How to add count and percent to pie chart?

By default, only labels are displayed on pie chart when using top command. Is there any way to add count and percen...

by Explorer in

How to increase subsearch limit?

I am trying to run a query like below but I am limited to 10000 sub search result. Is there a way to make this query ...

by Explorer in

How to add date range to dashboard panel title so that the date range in the title and search time both are same?

Hi Team, We have a splunk dashboard panel which has a requirement that is. The dashboard panel has a title...

by Loves-to-Learn Everything in

No Results Searching Authentication.signature

Hello, I'm trying to search in the Authentication data model for authentication attempts where the username is wron...

by Explorer in

How to create a look up table with "*&" or "any" field?

Hi I am trying to whitelist some traffic from my search. So I decided to create a look up table including src ip, ...

by Explorer in

How do I make a dropdown dashboard?

Hi There, I had a dashboard that is having a pop up, when the single value is selected, it will display the dro...

by Contributor in

How to represent good visualization with the following fields?

How to represent good visualization with the following fields DeviceID, Software Version (Eg 1.22.2222.34) , Softw...

by Explorer in

How to write SPL for DLP alert use case using eval in Splunk ES?

Hi,Could anyone over here able to write an spl query for usecase in splunk ES like when single user triggers alert s...

by Builder in

Issue with field extraction using Props.conf & transforms.conf

Hello, I have some issues with field extraction using props.conf and transforms.conf files. Sample data (3 sample e...

by Motivator in

Moving the lookup table from One SH to another SH?

Hi, I have created a dynamic lookup table in one of the search head using a search ,now i want it to move to ano...

by Builder in

How to use the condition stanza in this spl query?

Hi, I'm trying to find the alerts by user between the period of 2 hours like Alert1,Alert2 Here I need a spl query fo...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

What search can I use to know if a service had been restart after a certain period of time?

Having Logs at different times?

What is the best way to spoof run-anywhere fake data for a question?

Help me understand: "Error in 'EvalCommand': The expression is malformed. Expected )."

How to measure impact of searches with long time period?

How to use the map command to match events?

Regex for getting only the bold?

Error in 'where' command: The 'not' function is unsupported or undefined. Splunk Search

What is a REX I can use to create field domain from website?

How to extract, if log1 - severity =6 then what is the severity in log2, at given point of time?

How to create pie chart for two fields?

How can I see still results from both sourcetypes but only from hosts which have cvs score above 7?

How to use eval to find the usecase?

How do I write this search to find these 2 fields with the lookup hostname?

How to add count and percent to pie chart?

How to increase subsearch limit?

How to add date range to dashboard panel title so that the date range in the title and search time both are same?

No Results Searching Authentication.signature

How to create a look up table with "*&" or "any" field?

How do I make a dropdown dashboard?

How to represent good visualization with the following fields?

How to write SPL for DLP alert use case using eval in Splunk ES?

Issue with field extraction using Props.conf & transforms.conf

Moving the lookup table from One SH to another SH?

How to use the condition stanza in this spl query?

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions