Splunk Search

Ask a Question

Discussions

Thread Info

Search to get info from lookup file if event field contains data from two field in lookup file?

Want to create search to get info from lookup file if event field contains data from two field in lookup file. log...

by Loves-to-Learn Everything in

Detection exclusion setting by using Regex?

Hi, everyone.Need some help for detection exclusion setting. Want to exclude detections of the files which are appli...

by Explorer in

How to get rows into columns from rows values?

Hello dear Splunk experts! I've stuck with one search and can't figure how to do this. Did a lot of searching he...

by Engager in

Help adding pipe "l" for all results

Hello - I am getting the below error. I am trying to add pipe "|" for all the results. Error : Failed to parse ...

by Communicator in

How to achieve proper search for timechart with where clause?

Here is my search: source="WinEventLog:Security" EventCode=540 | timechart span=1h count by User This gives me ...

by Motivator in

Can someone explain the parameters of <search>?

Hi Team! Someone please explain to me what each parameter is responsible for in such a search tag: <search><que...

by Engager in

How to exclude results in search?

I want to exclude duration results if greater than 7 days. So i used search NOT but it is not working. Can someone...

by Contributor in

How to fill sparse data in a table for alert?

I have a query which results in a table: "some words" | stats dc(host) as host_count by zone, region ...

by New Member in

How to set x axis time interval for line chart every 1h?

HI Team,I am getting 2 hr time span only if i mentioned the 1 or 3 or 4 hours span too in the visualization line char...

by Path Finder in

How to create an eval metric based on a sequence of events?

Hi all, I'm trying to create a "Fallback escalation rate" for a chatbot. This rate would be calculated by users th...

by Path Finder in

How to delete Windows logs after it was read by Splunk?

Hi All, I have a large number of Windows logs in directory. How can I automatically delete them from the disk spac...

by Engager in

To which index does the sourcetype belong?

Greetings, I have been creating a search that collects all the sourcetypes that have not collected any information ...

by New Member in

How to transform event data for table display?

Hi, I would like display values of variables from an event as a Table. My data format is as follow: TimeEvent9...

by Path Finder in

How to event break with by request ID?

On my attached picture these many events should become one event by ID instead of so many, how can I break those even...

by Engager in

How to create a subsearch based on parent search?

I want to create subsearch based on parent fields search. I want to show only rows from...

by New Member in

How to write search to get the numbers in order for field?

Hello Team, I am running below query to get the stats but I am looking to get the Store numbers in serial order, ...

by Explorer in

How to search using a set of values?

Hello All,I am relatively new to splunk and I am trying to search using sets. Sets here refers to a group of values t...

by Path Finder in

How to pull data from Nested JSON Fields based on Field Value?

Hello, I'm working on creating automated alerts from an email security vendor and would like for them to only inc...

by Path Finder in

How can I sort results for previous week and current week in two seperate columns?

Hi Folks, How can i display the results for 2022-09-02 in Result_Prev column and 2022-09-09 in Result column and ke...

by Path Finder in

Using search to find user using RDP and switch identities usage

What's a good way to find user who logon to RDP with one user account then user another like privilege user account. ...

by Contributor in

What are the differences between Splunk Cloud and Splunk Enterprise lispy?

Hi, We are using both Splunk Cloud and Splunk Enterprise. We recently came across some issues/differences in searc...

by Observer in

I tried accessing an API with the help of Splunk API Modular Input add on, but there is no option for bearer auth?

I want to access an API and I can only use Bearer authentication to access that particular API. I searched a lot abou...

by Explorer in

Translate splunk data to json using cli search?

I have a splunk container running on docker, and was hoping to translate the splunk index data into json using a cli ...

by Engager in

Forescout nested json- How do I categorize the nested json objects into fields within the array?

Hello, I am currently working on a use case which has complex ingested data with nested json. The data I am trying...

by Engager in

How to assign previous month's fetched result to current month's field?

Considering 2022-06 as starting month, If month is 2022-07, i should assign 2022-06's corresponding field values " gr...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Search to get info from lookup file if event field contains data from two field in lookup file?

Detection exclusion setting by using Regex?

How to get rows into columns from rows values?

Help adding pipe "l" for all results

How to achieve proper search for timechart with where clause?

Can someone explain the parameters of <search>?

How to exclude results in search?

How to fill sparse data in a table for alert?

How to set x axis time interval for line chart every 1h?

How to create an eval metric based on a sequence of events?

How to delete Windows logs after it was read by Splunk?

To which index does the sourcetype belong?

How to transform event data for table display?

How to event break with by request ID?

How to create a subsearch based on parent search?

How to write search to get the numbers in order for field?

How to search using a set of values?

How to pull data from Nested JSON Fields based on Field Value?

How can I sort results for previous week and current week in two seperate columns?

Using search to find user using RDP and switch identities usage

What are the differences between Splunk Cloud and Splunk Enterprise lispy?

I tried accessing an API with the help of Splunk API Modular Input add on, but there is no option for bearer auth?

Translate splunk data to json using cli search?

Forescout nested json- How do I categorize the nested json objects into fields within the array?

How to assign previous month's fetched result to current month's field?

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6