Splunk Search

Discussions

Thread Info

Why am I getting Invalid lookup table?

I want to use a lookup table, but every time, I add the command to my search "| lookup name_of_my_lookup", I'm gettin...

by Communicator in

Help with search query for non-reporting IP addresses?

Hi All,I have a field name ip_address which has 50 IP values in it. at every 5mins interval, I will receive the same...

by Path Finder in

How to take the result from a timechart 'sum by' and multiply it by another value?

Hello, what I am trying to do in this search is sum the total CPU seconds, by report class, for a one day period. Onc...

by Engager in

How to search a list of names and compare it to a different list of names?

I have two lists: one has a list of hostnames and another has a list of prefixes to hostnames. I would like to create...

by Path Finder in

How to join two searches using one field AND a time constraint between the correlated events?

Hi, I am trying to get a list of workstations trying to connect to malicious DNS using PaloAlto and SYSMON logs. ...

by Contributor in

How to search earliest time in correlation search?

Hi, I'm trying to create a correlation search in splunk unable to figure out options Time range earliest time/lat...

by Builder in

Why can't I generate data table of statistics?

Hi, My overall goal is to create a resulting data table with headings including HourOfDay, BucketMinuteOfHour, Day...

by Builder in

Is there a way to get logs in JSON format for an API call from a Springboot Application?

by Engager in

How to create a search for delay of data in Splunk?

Hello all As a splunk in an early station  I currently have the following challenge:We have many indexes and ...

by Engager in

Why can't I plot timechart to investigate seasonality in index data?

Hi, I am running the following query to check seasonality in my index:index="ABC| timechart count by _time | timec...

by Builder in

How would I combine data in Splunk so I can view them on one page?

Hi i am new, I have 2 excel documents, one containing firewall logs and the other containing Sys logs. how would ...

by Loves-to-Learn Lots in

How to create dashboards which are useful for Juniper team to check if any down or outage?

Hi All, Good day, I have juniper data in Splunk using sourcetype = juniper* but need some searches to create da...

by Path Finder in

How to create alert when error_count is continuously increasing over _time for any group mentioned in column?

I want to create a alert that will notify if error_count is continuously increasing over time for any of the group me...

by Explorer in

How to extract usernames from Windows event log 4648 in Splunk?

hi Have a large index that contains event logs. Trying to extract usernames of EventID 4648. How can I get this...

by Loves-to-Learn Lots in

How to exclude or select events based on value from key/value array?

Hi All, Our JSON payload looks like as shown below. The msg.details array can have any number key/value pairs in a...

by Explorer in

Why is eval failing after join?

index=na160 starttime="02/02/2023:00:00:00" endtime="02/02/2023:24:00:00" requestId="TID:131610985000004c2d"|stats co...

by Engager in

How to rename Splunk column names?

Hi, I have a query that evaluates the value of a variable like this *...|eval var1= var2*10|....* where var...

by Communicator in

Is there a delay in the Splunk API server 'seeing' events?

Is there a delay in the Splunk API server 'seeing' events that are already indexed?I use the Splunk API to query logs...

by Engager in

How to match fields from logs with CSV and create an alert?

I get logs from a system which has a field that contains names. Lets say Abc.xyz is the name of the field. I have a l...

by Explorer in

How to monitor deviation to log volume?

I am trying to monitor drop in events per index. What is the best way to get a baseline and detect deviation to the v...

by Explorer in

Lookup filtering performance on very large lookups

This is not a question, rather I am sharing something that I discovered with a Splunk OnDemand support call. I tho...

by Explorer in

How to create Splunk search to check the last 15 minutes then increment by 1 minute?

For example: i have been hitting the pavement trying to figure out a search query for events that happened between...

by Observer in

How to separate values in a field to new fields?

I have a lookup with a field called IP. The field has values that have multiple IPs in them an I would like to sperat...

by Path Finder in

search

Please need help with this command - Average response time with 10% additional buffer ( single number) – Use “Eval”...

by Explorer in

How to use fillnull or similar before an eval?

As I write this I realize that what I want is likely not possible using this method. I want a fillnull (or similar) ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why am I getting Invalid lookup table?

Help with search query for non-reporting IP addresses?

How to take the result from a timechart 'sum by' and multiply it by another value?

How to search a list of names and compare it to a different list of names?

How to join two searches using one field AND a time constraint between the correlated events?

How to search earliest time in correlation search?

Why can't I generate data table of statistics?

Is there a way to get logs in JSON format for an API call from a Springboot Application?

How to create a search for delay of data in Splunk?

Why can't I plot timechart to investigate seasonality in index data?

How would I combine data in Splunk so I can view them on one page?

How to create dashboards which are useful for Juniper team to check if any down or outage?

How to create alert when error_count is continuously increasing over _time for any group mentioned in column?

How to extract usernames from Windows event log 4648 in Splunk?

How to exclude or select events based on value from key/value array?

Why is eval failing after join?

How to rename Splunk column names?

Is there a delay in the Splunk API server 'seeing' events?

How to match fields from logs with CSV and create an alert?

How to monitor deviation to log volume?

Lookup filtering performance on very large lookups

How to create Splunk search to check the last 15 minutes then increment by 1 minute?

How to separate values in a field to new fields?

search

How to use fillnull or similar before an eval?

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions