Splunk Search

Ask a Question

Discussions

Thread Info

Average event count using only business days (M-F)?

I have a specific event that I'm looking to do an average count for the past 5 business days. Right now, I'm able ...

by Explorer in

Splunk Search Language - Is there another command for Looping besides Map?

Is there any command in Splunk for Looping other than Map command ? Requirement is described as below: ...

by Path Finder in

Help with a qlick view search?

Hello Splunkers!! I have qlick view search. And I want to use same kind of search in Splunk. Please help me how ca...

by Motivator in

TSTATS using a lookup table for a variable?

I am building a query where I want to use a top 10 list of values from a lookup table, and then run a search against ...

by Communicator in

How to combine three queries and visualize it in timechart

I have three queries: Overall Traffic to LogOn page sourcetype="od" operation=LogOn http_method=GET http_url="*Lo...

by Explorer in

How to get data for latest 10 weeks in splunk chart?

I have a bar chart in splunk which has x-axis as each week from 2019 to 2023 and y-axis as count of data. Now i wan...

by Explorer in

How to combine two searches into one?

1st query index=mail NOT [ | inputlookup suspicoussubject_keywords.csv | rename keyword AS quer...

by Engager in

What command can I use to speed up my search besides join command?

I am trying to extract only the top values from fields such as argument, uri, and method for the WAF log.Currently,...

by Engager in

Search with Time Using a Lookup?

I have a lookup of hosts with a field Last_Scan_Datetime and the field values were formated using strftime(_time, "%Y...

by Path Finder in

How to pass values to a eval if subsearch?

Hi guys!I have a sourcetype "A" with some info about infrastructure. Host IP is one of this info. I have another s...

by Path Finder in

How to adjust radial gauge numeric range within a dashboard?

Hello, I want to alter the radial gauge (default is 100). We expect about 5,000 log entries/lines per hour and ...

by Communicator in

Matching Hostname to IP Between Two Lookups?

I have two lookups. One lookup has Hostnames and IPs and the other has hostnames. I would like to run a search so I c...

by Path Finder in

How to use the REST API to run a multisearch and stream the results back?

Hi, I am able to run normal search using rest API using below syntax: https://SearchHead_host:8089/servic...

by Loves-to-Learn Lots in

Calculate total time for a specific event over a range of time period?

I have 2 queries:One is an OFF event, and one is an ON event for a cluster of machines for customers. I want to calcu...

by Explorer in

How to detect T1036.002: Masquerading (Right-to-Left Override)?

Hi all, Recently I have been working on getting a query that can help me identify the execution of malicious docum...

by Observer in

Easiest way to exclude ingestion of events for a specific IP address from a SourceType?

I am looking to not ingest events from a specific IP address. I have an IP address that once a week generates a LOT o...

by Path Finder in

Comparing index with inputlookup?

Hi, I have a policy.csv file with 2 columns: user tags Andre IT Kleo ...

by Explorer in

How to list out only the latest entries from events in search?

Hi All, I'm looking to find all the latest entry of user, There should be no double entry for any userProfile ----...

by Builder in

How to use map to calculate fields data separately for each entity?

Hi, I have a combination of consumer limits e.g, A=1000 b=500 c=500 d=200 rest=100So basically i want a list of...

by Explorer in

How to ignore delayed events in splunk alert and alert only if log is actually missing?

I have splunk query which runs every 5 minutes and alert if certain keyword is not logged in index in last 5 minutes....

by Engager in

How to trim zeros from event contents?

Hello Splunkers!! I have below value S000081(=00003102+LCC000060-0000550S00003) I want to replace above va...

by Motivator in

Why is there forceful termination of the search process when using stats dc()?

*Forcefully terminated search process with sid=1517416303.2383_ABC123 since its physical memory usage (36521.336000 M...

by Champion in

Search rest command for a list of dashboards using saves searches and macros?

Hello Splunkers!! I want a list of dashboards and those dashboards are using saved searches & macros. How I c...

by Motivator in

Calculating next row based on the first value generated in the new column called 12days?

I got to calculate the rest of the row based on the first value generated in the new column called 12days. Attempt...

by Explorer in

Trigger alert after checking results for 3 minutes?

Hello How can I trigger an alert after checking the results for 3 minuets So for example, if I want that the alert...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Average event count using only business days (M-F)?

Splunk Search Language - Is there another command for Looping besides Map?

Help with a qlick view search?

TSTATS using a lookup table for a variable?

How to combine three queries and visualize it in timechart

How to get data for latest 10 weeks in splunk chart?

How to combine two searches into one?

What command can I use to speed up my search besides join command?

Search with Time Using a Lookup?

How to pass values to a eval if subsearch?

How to adjust radial gauge numeric range within a dashboard?

Matching Hostname to IP Between Two Lookups?

How to use the REST API to run a multisearch and stream the results back?

Calculate total time for a specific event over a range of time period?

How to detect T1036.002: Masquerading (Right-to-Left Override)?

Easiest way to exclude ingestion of events for a specific IP address from a SourceType?

Comparing index with inputlookup?

How to list out only the latest entries from events in search?

How to use map to calculate fields data separately for each entity?

How to ignore delayed events in splunk alert and alert only if log is actually missing?

How to trim zeros from event contents?

Why is there forceful termination of the search process when using stats dc()?

Search rest command for a list of dashboards using saves searches and macros?

Calculating next row based on the first value generated in the new column called 12days?

Trigger alert after checking results for 3 minutes?

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions