Splunk Search

Ask a Question

Discussions

Thread Info

When we talk about correlation, is it necessarily because a query is being made in 2 or more sources?

A question, When we talk about correlation, is it necessarily because a query is being made in 2 or more sources? ...

by Builder in

Need assistance creating a file that can be updated with hosts to exclude from a search

I have a query where I'm looking for users who are performing large file transfers (>50MB). This query runs every da...

by Explorer in

Why does tstats not work with macros in child dataset?

I try use macros to get external indexes in child dataset VPN, but search with tstats on this dataset do...

by Engager in

Why are application logs not getting indexed in Splunk?

The internal logs flow to splunk UI but the applications logs are not flowing to splunk UI.We have a cluster with sev...

by New Member in

Help with advanced search for matching entry?

Hello Community! I'm searching for a solution to highlight the "HostC", which has an AppC failure and no further l...

by Communicator in

Create 2 drop down based on start_date and end_date

Hi, I need to create the 2 drop down for date where user can manually select start_date and end_date. And based on ...

by Explorer in

Why don't timestamp and _time match in search?

Hi, i'm currently working on a props.conf and have different values from _time and the timestamp in my logs. What ...

by Path Finder in

How to join with rex not working?

I have 2 index, abc and bcz index abc data is in raw format like below. <random ip address>|-NA\CAPITA|5xxhxh54...

by Explorer in

Multi Select ALL value shows no data

Hello, I am using 2 multi select dropdown. When its on the default value 'ALL' then it doesn't show any value in ...

by Explorer in

Searching for matches in Output across entire range?

(index="external*" Feedback* "Text") | transaction channel startswith=POST endswith=received maxspan=1m maxev...

by Explorer in

Construct multivariable histogram chart?

I have a search along these lines "duration: " | rex field=host "(?P<host_type>[my_magic_regex])" | ...

by New Member in

How to find inputlookup value in result?

| inputlookup suspicious_win_comm.csv lookup table contents has only keyword keyword <- field name tasklist ver...

by Explorer in

Why is Index bucket rolling faster than what is set in indexes.conf?

Hello SplunkersI am pretty new to splunk admin .I have the following config set up in indexes.conf where I set up one...

by Communicator in

How to achieve providing timestamp field when event does not contain time in it?

Hello, I wanted a EVAL statement which manually adds a specified time may be "00:00:00" for the event containing o...

by Explorer in

How to convert a large number to string with expressions of long and short scales, or neither.

Numeral system macros for Splunk Examples of Single Value panel and Table. Hello,Just an announcement. I ha...

by Splunk Employee in

How to change the date format from 'yyyy-mm-dd' to 'mm-dd-yyyy' on the saved search?

I am working on the saved search not index/lookup. I tried this code - | eval date=strftime(strptime(<fieldname>...

by Explorer in

How to calculate the total count of occurances of a timestamp ?

Basically I have a set of raw data with different time stamp in CCYYMMDDHHMMSS format. I want to list out the stats w...

by Explorer in

How to rename fields only from a certain search (Search1) OR (Search 2)?

Hello everyone, I have a search in the following format: (index="index1" group=a) OR (index="index2" group=a).......

by Engager in

Why are there missing fields for sample queries?

Hi I'm implementing some searches provided by Splunk Threat Research Team to detect threats from AD logs. But I ca...

by Explorer in

How to exclude results using checkbox?

I have the following search which returns a table of all hostnames and operating systems. | inputlookup hosts.csv|...

by Contributor in

Why do less events display while searching as * then search hostname while its showing if I search at the beginning?

Hi Guys, Less Event displayed while searching as * then search hostname while its showing if I search at the begin...

by Explorer in

How to join two table with aggrouped date value?

A have two tables anda i want to relation this two tables by nember of events in a hour, i manage to make a SQL quer...

by Explorer in

How to plot two sets of data in line chart when BOTH is selected?

Hello Everyone, I have dashboard with token value as datacenter, which has 3 options from dropdown: Dublin ="*d...

by Path Finder in

Why time filter value/range is not being passed to the query result?

Does anyone know why the time range picker here on the right side (set to Yesterday Jan 30) cannot affect my _time da...

by Explorer in

How to achieve Crowdsec json logs fields extraction?

Hello Splunk's community, I got some difficulty for the fields extraction in crowdsec's logs which are format with...

by Loves-to-Learn in

Get Updates on the Splunk Community!

Splunk Search

Discussions

When we talk about correlation, is it necessarily because a query is being made in 2 or more sources?

Need assistance creating a file that can be updated with hosts to exclude from a search

Why does tstats not work with macros in child dataset?

Why are application logs not getting indexed in Splunk?

Help with advanced search for matching entry?

Create 2 drop down based on start_date and end_date

Why don't timestamp and _time match in search?

How to join with rex not working?

Multi Select ALL value shows no data

Searching for matches in Output across entire range?

Construct multivariable histogram chart?

How to find inputlookup value in result?

Why is Index bucket rolling faster than what is set in indexes.conf?

How to achieve providing timestamp field when event does not contain time in it?

How to convert a large number to string with expressions of long and short scales, or neither.

How to change the date format from 'yyyy-mm-dd' to 'mm-dd-yyyy' on the saved search?

How to calculate the total count of occurances of a timestamp ?

How to rename fields only from a certain search (Search1) OR (Search 2)?

Why are there missing fields for sample queries?

How to exclude results using checkbox?

Why do less events display while searching as * then search hostname while its showing if I search at the beginning?

How to join two table with aggrouped date value?

How to plot two sets of data in line chart when BOTH is selected?

Why time filter value/range is not being passed to the query result?

How to achieve Crowdsec json logs fields extraction?

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions