Splunk Search

Discussions

Thread Info

Why is the REST API bringing back default configuration values?

The REST API seems to return default values for max_searches_per_cpu, while the btool command brings back the actual ...

by Motivator in

How to achieve Splunk query usecase on IP scanners?

IP scanners use cases using spl query I'm new to the splunk and I'm trying to find the spl query for the use cases...

by Builder in

How to write regex to list parent folder only?

I'm attempting to determine what folders on a Windows server are being audited. I don't have access to the server to ...

by Engager in

Why am I receiving specific error message from the raw output?

I am using the below cluster search | cluster t=0.1 showcount=t countfield=no_of_events | table _time,no_of_event...

by Loves-to-Learn Lots in

Help with field extraction?

Hi All, we have events like below and in these need to extracts below id"s example d1c35370-1522-498c-8a79-ab07909...

by Path Finder in

Help needed with foreach query for LDAP user information

Hey All, Been banging my head for a few days with this one and will appreciate any feedback on the topic.The scenar...

by Explorer in

How to create query for multi value attribute?

Hi, can I ask you for helping me with this small problem, please? If I read the content of the lookUp using any cr...

by Contributor in

Why is tstats aggragate function not returning results?

So I'm fairly new to using data models for my visuals, and converting my network performance dashboard to summarized ...

by Loves-to-Learn in

Why is timechart not working to show DNS count and upper/ lower bounds on the same graph?

Hi, I am trying to show the number of DNS logs per hour here on a graph with the upper and lower bound lines ...

by Builder in

How to click on table cell to go to a URL referenced in event field (not in row data)?

I can't seem to figure out how to configure my XML so that when I click on a table cell, I go to a URL referenced in ...

by New Member in

How to calculate event results based on time picker range & convert into time zones based off of a user for a lookback?

Hi Splunk Community, I need to be able to calculate results based off of a time range picked by the user where the...

by Loves-to-Learn in

How to filter an word from a string using SPL?

e.g. input : CustomerService API call compeled in 105 ms Expected output : Customerservice 105 (in some graphical re...

by Path Finder in

How to parse value from json event and build graph?

Hello gays I have events like this, in raw text: {"key":"Pending","value":0} {"key":"NOT processed","value":...

by Path Finder in

Will Splunk searches using lookup get affected if there is knowledge bundle issue?

So I have been working on migrating usecases from one splunk ES to splunk cloud for a client. They had around 760+ co...

by Loves-to-Learn in

Comparing input lookup table to index?

Hello - I am looking to match an uploaded lookup table in csv format to the indexes we have. I am running into pr...

by Loves-to-Learn Lots in

Response time- How do I extract response time in "ms" from this event?

I am beginner. How do I extract response time in "ms" from this event? Thank you. 4.72.20.141 - - [27/Dec/2037:1...

by Engager in

Why is stats avg(response_time) not working after extracting response_time?

I am a beginner. Why is stats avg(response_time) not working after extracting response_time? index="testing1" sour...

by Engager in

Removing punctuation from multivalue field and put value in own event?

I'm pretty sure the answer to my question is regex but I'm not too savy with it. I have a few values in an IP field f...

by Path Finder in

How do I get arbitrary nested key-value pairs from JSON?

I have some JSON that looks similar to this: { "foo": "bar", "x": { "hello": "world", "y": { "A": 40...

by Explorer in

Data extraction for msexchange subject field?

Hi Team, I need a rex command to extract subject field from the event _raw.. Currently i am splitting the fie...

by Path Finder in

Part2: How to join two different result sharing common field?

Let say I have a result belowindex = indextestsource=stest bunch of evals = evals sourcetype=sttext| table ID Sta...

by Path Finder in

Why does xmlkv only select last field?

Hello fellow splunkers, I'm posting here because I would gladly have help with the following query. Let's say I...

by Engager in

How to TimeChart for average function avg()?

I have this search that is working and returning a average Delay value:Search Command | eval epoch_timestamp=s...

by Path Finder in

Is it possible to add the same action to all of the alerts in one time?

Hello I need to add alert action to many alerts,Is it possible to add the same action to all of the alerts in one ...

by Communicator in

Why is my regex not matching?

My regex from the message field looks like this. | rex field=Message "\W(?<Hostname>\S+)\s\w+\W(?<Build>\...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why is the REST API bringing back default configuration values?

How to achieve Splunk query usecase on IP scanners?

How to write regex to list parent folder only?

Why am I receiving specific error message from the raw output?

Help with field extraction?

Help needed with foreach query for LDAP user information

How to create query for multi value attribute?

Why is tstats aggragate function not returning results?

Why is timechart not working to show DNS count and upper/ lower bounds on the same graph?

How to click on table cell to go to a URL referenced in event field (not in row data)?

How to calculate event results based on time picker range & convert into time zones based off of a user for a lookback?

How to filter an word from a string using SPL?

How to parse value from json event and build graph?

Will Splunk searches using lookup get affected if there is knowledge bundle issue?

Comparing input lookup table to index?

Response time- How do I extract response time in "ms" from this event?

Why is stats avg(response_time) not working after extracting response_time?

Removing punctuation from multivalue field and put value in own event?

How do I get arbitrary nested key-value pairs from JSON?

Data extraction for msexchange subject field?

Part2: How to join two different result sharing common field?

Why does xmlkv only select last field?

How to TimeChart for average function avg()?

Is it possible to add the same action to all of the alerts in one time?

Why is my regex not matching?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!