Splunk Search

Ask a Question

Discussions

Thread Info

Dashboard Classic Dropdown text length limit

I have a drop-down in my Classic Dashboard that is populating from an inputlookup.Looks like this: <input type=...

by Path Finder in

Problem using Join function

I'm a novice working in fraud prevention; appreciate your help. When running the following, I'm getting a failure er...

by Engager in

Index substring match from inputlookup?

Good afternoon.I have been working on this issue for a couple of days, and I just cannot seem to get this SPL correct...

by Path Finder in

APM Synthetic - Clear cache between steps

We have a need to setup Synthetic Browser Tests against many endpoints. The main purpose for the Browser tests is to ...

by Path Finder in

How do you evaluate the difference between 2 multivalue fields?

Hi, Let's say we have 2 multivalue fields Field1={a,b,c,d} Field2={a,b,c,d,e} Is it possible to evaluate th...

by Motivator in

query using file with list of names

I've got a list of over 100 account names and I'd like to search Splunk to find out the most recent activity (if any)...

by Engager in

Splunk add quotes when passing searches stored in a lookup table to the datamodel search using map?

According to https://community.splunk.com/t5/Splunk-Search/Is-there-a-way-to-instruct-Splunk-to-not-add-quotes-when-p...

by Loves-to-Learn in

splunk query to a different timezone fail

I use fieldformat "Date Time"=strftime('Date Time',"%F %T %:z %Z","Asia/Hong Kong"). but it said the syntax is wrong....

by Observer in

Regex Error with Splunk SOAR/Phantom

I have a regex to extract filename from object field. This works completely fine in Search.index="test" | rex field=o...

by Engager in

How to extract elements of a json (not a json array)

I have a json from Grafana. | makeresults count=1 | eval json = "{ \"datasources\": { \"ds_a\": {}, \"ds_b\": {...

by Contributor in

Error preventing me from saving search with chart

I have a search with a chart that works well but when attempting to save I get the following error message: "Value of...

by New Member in

How to fetch only the top x rows for each category in the same search query?

I am trying to fetch top 10 max Requests count of events with their corresponding response time. So using the below q...

by Communicator in

Matching a substring with a lookup field

Hello wonderful SplunkersI know we can have a WILDCARD match in a lookup where we can match a key to a wildcard in th...

by Builder in

How to exclude traffic with src_ip or dest_ip using lookup file

Hi, I’m building a search on the Network_Traffic datamodel to detect high outbound flows (>1 GB).I need to exclude ...

by Observer in

How do I add the total count of all events in each row ?

Here is what I have Now I want to add a new column like this eval nullPercent = round((nullCount/total)*100,...

by Path Finder in

Splunk Alert

Am having issue with a Splunk alert triggering for daily snapshot of aws account ids. The alert is suppose to trigger...

by Explorer in

Find logs where key/value pair is equal to the same key/value pair in another log.

I’m trying to find logs where requestId value is equal to requestId value in another log Trying to find logs like t...

by Observer in

Average time in multivalue field

HelloI have a two multivalue fields: poiMv (point of interest) and timeMv as a result of a transaction command. Both ...

by Observer in

timechart in Dashboard Studio does not show all data

Dear Experts My search: index="pm-azlm_internal_prod_events" sourcetype="azlmj" [| inputlookup pm-azlm-reg-o...

by Path Finder in

In Splunk studio, is it possible to populate a text box (with a token value) based on a value in a search?

I would like to use the value obtained in a one search where I end up with field "xyz" like so that its value is visi...

by Explorer in

mstats with Splunk_TA_Nix

Hello experts, I have a dashboard in simple xml that shows single number charts which reflect, ...

by Explorer in

Unknown Root Cause of Error

Error in my results query: Unable to distribute to peer named 10.245.11.153 at uri=10.245.11.153:8089 using the uri-...

by Engager in

How to get all logs with appropriate filter?

I need to get historical logs from splunk between a time interval more specifically between two dates. When I do not ...

by Engager in

How to use lookup and multivalue field together

Hello All, I have a multivalue field which contains domain names (for this case, say it is in field named email...

by Explorer in

Problem in using append to combine correlation rules

I am building a correlation search in Splunk ES Cloud 8 using multiple detections combined with append. Each subsearc...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Dashboard Classic Dropdown text length limit

Problem using Join function

Index substring match from inputlookup?

APM Synthetic - Clear cache between steps

How do you evaluate the difference between 2 multivalue fields?

query using file with list of names

Splunk add quotes when passing searches stored in a lookup table to the datamodel search using map?

splunk query to a different timezone fail

Regex Error with Splunk SOAR/Phantom

How to extract elements of a json (not a json array)

Error preventing me from saving search with chart

How to fetch only the top x rows for each category in the same search query?

Matching a substring with a lookup field

How to exclude traffic with src_ip or dest_ip using lookup file

How do I add the total count of all events in each row ?

Splunk Alert

Find logs where key/value pair is equal to the same key/value pair in another log.

Average time in multivalue field

timechart in Dashboard Studio does not show all data

In Splunk studio, is it possible to populate a text box (with a token value) based on a value in a search?

mstats with Splunk_TA_Nix

Unknown Root Cause of Error

How to get all logs with appropriate filter?

How to use lookup and multivalue field together

Problem in using append to combine correlation rules

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions