Splunk Search

Community Activity

How to count for all hosts from lookup? I have a query that I am using to get the count of events index=system source=/var/log/syslog/* \| rex field=source "... by Skysurfer Explorer in Splunk Search 04-18-2023 0 2	0	2
How to format as percent with 2 decimal places and no rounding? How do you convert .34999832 to 34.99% or .399345 to 39.99% I need to see the .99 and not have it round up by mbtsoltis Explorer in Splunk Search 04-18-2023 0 3	0	3
How to speed up Splunk query that uses appendcols? Hi, I have the following Splunk query:index=ABC sourcetype=DEF dv_assignment_group="SECURITY-NETWORK-L3" \| table _tim... by POR160893 Builder in Splunk Search 04-18-2023 0 3	0	3
Receiving "DISABLED_DUE_TO_GRACE_PERIOD" I have seen many questions about disabled due to licensing violation, but I applied a reset key and now I have this m... by mathewchase Engager in Splunk Search 04-18-2023 1 4	1	4
Is it currently possible to somehow create a conditional macro expansion? Hi all,Is it currently possible to somehow create a conditional macro expansion?For example, I have different list of... by shubs Engager in Splunk Search 04-18-2023 0 2	0	2
How to extract matched data from different index and different source based on the fields? Below two events Start event Index= x source= xtype \| spath application \| search application= x app " saved note" R... by Sekhar Explorer in Splunk Search 04-17-2023 0 3	0	3
How to extract this string? There are two types of raw data. What is the regular expression to get the value between the /* special symbol and th... by chanhee1 Loves-to-Learn Lots in Splunk Search 04-17-2023 0 3	0	3
How to calculate the SLA percentage from start event query and end event query? I have two events one is calculate the SLA percentage from below querys Start event query Index=x source type= xx... by Sekhar Explorer in Splunk Search 04-17-2023 0 12	0	12
How to create a custom alert based on past data? can we setup an alert based on data from current time stamp & based on information on past 15mins ?say at T1, got a l... by kdineshreddy009 New Member in Splunk Search 04-17-2023 0 3	0	3
How to change the cron schedule of around 500 saved searches at once in Splunk Cloud so spread across the clock? Hi, I have many concurrent saved searches running due to which search delayed health indicator is always red. How to ... by bhagyashriyan Explorer in Splunk Search 04-17-2023 0 1	0	1
How to extract file name from path's for both windows and nix format? Hi, We have a data source containing File Path's from both Windows and Linux formats. Applying regex separately work... by att35 Builder in Splunk Search 04-17-2023 0 4	0	4
How to search sourcetype not reporting by host? Hi Splunkers, I need your assistance to create a search that provides the following:SPL query I will use it to look f... by muradgh Path Finder in Splunk Search 04-17-2023 0 2	0	2
How to common fields from two different events and calculate the diff between the start and end event group my main? We have two events Start event Index= x source= xtype \| spath application \| search application= x app " saved note" ... by Sekhar Explorer in Splunk Search 04-17-2023 0 3	0	3
Why am I unable to output lookup field when the field is not a Splunk field? Hi All, I have an issue which i am unable to resolve. I have a lookup with two columns: Process_Command_Line, score U... by becksyboy Contributor in Splunk Search 04-17-2023 0 6	0	6
How to find event timestamp duration with respect to current time in minute and seconds? We have splunk event having field "eventdateTime" in format mentioned below. for example eventdateTime 2023-04-17 06... by Abhineet Loves-to-Learn Everything in Splunk Search 04-17-2023 0 2	0	2
How to extract two fields from a group? I am new to Regex expressions and trying to figure them out. I am trying to extract two sections of the following log... by kmhanson Explorer in Splunk Search 04-17-2023 0 14	0	14
How to avoid "search is waiting for input...", even if a user does not include a value in a text input field? Hi, Sorry if my question is repeated or too naive. I have a text input field accepting "Module name". It works perf... by shrirangphadke Path Finder in Splunk Search 04-17-2023 3 8	3	8
Why are values are doubled in the Splunk dashboard? I am scheduling this at 9.00 AM everyday using splunk DB connect .When i see the sourcetype nextday at 9.00 AM gett... by Keerthi Path Finder in Splunk Search 04-17-2023 0 3	0	3
How to filter multiselect entries based on its own selection? I have a multiselect for software version (version is just yyyy.mm.dd or an alphanumeric string).If the user selects ... by jonvijay1993 Explorer in Splunk Search 04-17-2023 0 4	0	4
How to achieve list of manid breaching Authorization SLA? We have two events query Start event Index=x source type= xx "String" extacted fields s like manid,actionid,batch I'd... by Sekhar Explorer in Splunk Search 04-17-2023 0 3	0	3
How to include month name in streamstats as? Hi Legends How do I give bit more meaningful names for fields last_sum and first_sum in below query? i.e. something l... by dvg06 Path Finder in Splunk Search 04-16-2023 1 1	1	1
Are there specifics to search to determine if a user is being added to Sudoers through the Splunk UF? I have a requirement where I have been asked to monitor for new users getting added to Sudoer. Are there specific ac... by GarzaREG New Member in Splunk Search 04-16-2023 0 2	0	2
Why is lookup command not giving result as expected? Hi All, I am facing some issue in using lookup command. Need your suggestions here please.. I have a lookup file as b... by RanjiRaje Explorer in Splunk Search 04-15-2023 0 7	0	7
How search for metrics for items not on within last 90 days? Hello,Trying to complete a search that uses metrics to monitor when a device has not been connected for the last 90 d... by willsy Communicator in Splunk Search 04-15-2023 0 2	0	2
Whats the difference between dc (distinct count) and estdc (estimated distinct count)? I have a search that returns unique visitors query over 30 days' worth of logs : Using dc() it was a lot slower. Here... by khourihan_splun Splunk Employee in Splunk Search 04-15-2023 5 3	5	3

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...

Splunk Search

How to count for all hosts from lookup?

How to format as percent with 2 decimal places and no rounding?

How to speed up Splunk query that uses appendcols?

Receiving "DISABLED_DUE_TO_GRACE_PERIOD"

Is it currently possible to somehow create a conditional macro expansion?

How to extract matched data from different index and different source based on the fields?

How to extract this string?

How to calculate the SLA percentage from start event query and end event query?

How to create a custom alert based on past data?

How to change the cron schedule of around 500 saved searches at once in Splunk Cloud so spread across the clock?

How to extract file name from path's for both windows and nix format?

How to search sourcetype not reporting by host?

How to common fields from two different events and calculate the diff between the start and end event group my main?

Why am I unable to output lookup field when the field is not a Splunk field?

How to find event timestamp duration with respect to current time in minute and seconds?

How to extract two fields from a group?

How to avoid "search is waiting for input...", even if a user does not include a value in a text input field?

Why are values are doubled in the Splunk dashboard?

How to filter multiselect entries based on its own selection?

How to achieve list of manid breaching Authorization SLA?

How to include month name in streamstats as?

Are there specifics to search to determine if a user is being added to Sudoers through the Splunk UF?

Why is lookup command not giving result as expected?

How search for metrics for items not on within last 90 days?

Whats the difference between dc (distinct count) and estdc (estimated distinct count)?

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Datamodel summaries not visible

How to get an extract of threshold values set in s...

how to query OCI Audit logs from Datasafe

SPLUNK ES 8.2.3 Drill Down not appearing

Using Splunk to Analyze Web Traffic & Machine-Gene...

Splunk Search

Join the Conversation