Splunk Search

Ask a Question

Discussions

Thread Info

Configure alert to send email to a certain field value?

Hello everyone, I have the following results when running my search: _time ...

by Path Finder in

Why won't If statement evaluate as true?

When I place event.code into an if statement, it will not evaluate as true Currently I have this code: ind...

by Engager in

How to chart a delta instead cumulative values?

My current project polls a device every 15 minutes to pull a counter which is then charted. Thanks to members here, I...

by Path Finder in

Splunk search to remove duplicated ips?

Hi All, Greetings! Need help on splunk query, I have 2 indexes assets and vulns, am trying to build report t...

by Path Finder in

Are there any use cases for AWS VPC FlowLogs?

Currently we are ingesting a big amount of AWS VPC FlowLogs in to the Splunk and I am wondering if there is any usage...

by Observer in

Do I need to add create_empty=true and override_if_empty=false?

Hello. I'm fairly new to Splunk and SPL so bear with me here. I have the following scenario: I have an existing...

by Explorer in

Is there any way to have a search only pick up user account logins?

Hello everyone, I have a search for after hour logins between 6pm and 6am. Right now I have event codes 4625 and 4...

by Explorer in

How to remove ( \" ) characters from search?

In few logs I can see escape character is also printed. My rex is working fine when i am testing it on regex101.com b...

by Explorer in

What are the possibilities to achieve Thread Dump & Heap Dump Log Collection?

Hi All, I need to collect "Thread Dump" and "Heap Dump" of the application into Splunk. What are all the possibil...

by Engager in

Sending data to Splunk Cloud via intermediate forwarder?

I have Splunk UF 7.0.3 that I want to send logs from to Splunk Cloud. However, the UF doesn't support httpout so ...

by Explorer in

How can I get the last index of my target value for a multi-value field ?

I want to get the last index of my target value for a multi-value field. For example, idchain1SendMessageCheckMess...

by Path Finder in

Help with Regex extraction from request

please help extract adsId,offerName, currentProductDescription, offerAccountToken, offerType, offerIdentifier m...

by Path Finder in

How to compare same field with values for equality?

Hi Experts, I would like to compare values in same field (vlan_ids) for equality based on a mac...

by Explorer in

How to search all indexes with the specified HASH-es in a lookup file?

Hello, I have created and imported a lookup file ex. "hashes.csv" and I have pasted there a list of 500+ hashes. ...

by Path Finder in

How to extract subword from a string?

Hi all, I want to extract the following word with rex expression: ABC\qq1234 expected result: qq1234 Please ...

by Path Finder in

How to search for same field with different ip address?

Happy New Year to all of you. So I have syslog in which we have details of the devices and switches. The requireme...

by Explorer in

How to extract fields in json format?

i need to extract fields which are in json format i have been trying using spath command for extracting the following...

by Path Finder in

How to merge two regex in single query?

I'd want to merge two regex strings into a single one; any suggestions would be greatly appreciated. Reference Sear...

by Path Finder in

Compare 1st search result with 2nd search result and display only 1st searchfield value which didn't match with the 2nd?

Hi Friends, My requirement: I want to trigger SNOW ticket from Splunk alert. Before trigger I want to check any op...

by Path Finder in

How to match when a certain value/string has occurred more than x times within an interval?

Hi! I have various syslog clients sending me logs about their current state (a certain process). Eg. [timestamp...

by Explorer in

How to correlate lookup table fields with index fields?

There is a lookup table with a row called 'ip' containing multiple ip address values which I would like to correlate ...

by Loves-to-Learn Everything in

Why do I have empty stack fields in some logs?

I have uploaded the screenshots of logs of same time but in one log stack and task field is empty and in one it is fi...

by Explorer in

Why the error Error in 'rex' command while compiling the regex '\/home\/mysqld\/(?<D?

index=mysql sourcetype=audit_log earliest=1| rex field=source "\/home\/mysqld\/(?<Database1>.*)\/audit\/"| rex ...

by Explorer in

How to send Data from SPLUNK to Consumer in real time?

Hello, I have a few use cases to send data from SPLUNK to consumers in real time, and consumers have both Linux/Wi...

by Motivator in

How to convert time secs into HH:MM format?

Hai All, from the below search how to convert secs to HH:MM format age fields is getting time in secs ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Configure alert to send email to a certain field value?

Why won't If statement evaluate as true?

How to chart a delta instead cumulative values?

Splunk search to remove duplicated ips?

Are there any use cases for AWS VPC FlowLogs?

Do I need to add create_empty=true and override_if_empty=false?

Is there any way to have a search only pick up user account logins?

How to remove ( \" ) characters from search?

What are the possibilities to achieve Thread Dump & Heap Dump Log Collection?

Sending data to Splunk Cloud via intermediate forwarder?

How can I get the last index of my target value for a multi-value field ?

Help with Regex extraction from request

How to compare same field with values for equality?

How to search all indexes with the specified HASH-es in a lookup file?

How to extract subword from a string?

How to search for same field with different ip address?

How to extract fields in json format?

How to merge two regex in single query?

Compare 1st search result with 2nd search result and display only 1st searchfield value which didn't match with the 2nd?

How to match when a certain value/string has occurred more than x times within an interval?

How to correlate lookup table fields with index fields?

Why do I have empty stack fields in some logs?

Why the error Error in 'rex' command while compiling the regex '\/home\/mysqld\/(?<D?

How to send Data from SPLUNK to Consumer in real time?

How to convert time secs into HH:MM format?

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

September Community Champions: A Shoutout to Our Contributors!

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions