Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to get multiple legends on x-axis?

Hi Team, Following is my data: SSTTDTDALTLATOTAaxxx432376ayyy222345bxxx111133byyy111111 following is th...

by Path Finder in

Dropdown list: How to update search events with an eval case command?

hello From the dropdown list below, I need to update search events with an eval case command <in...

by Motivator in

How to create a table of latest event when events have same timestamp?

Hello Splunkers - I am struggling to create a table that shows distinct events that sometimes have the same timestamp...

by Communicator in

How to reformat MAC address?

I need help reformatting a MAC address field which doesn't have colons to add them. MAC=123456781122desired format...

by Explorer in

What is the performance difference between join and lookup/ KVStore?

I am importing in splunk many tables of data of 500 to 10000 events each and I need to use them to enrich events with...

by Engager in

How to filter xml logs from wineventlog?

I want to filter eventcode 4624 and user_type=computer using transforms and props.conf Transforms.conf [setnule...

by Loves-to-Learn Lots in

Splunk query- How to use spath command for the below logs?

How to use spath command for the below logs i have attached in the screenshot.

by Builder in

How to delete duplicate logs?

I've uploaded the same log twice(using drag and drop option in add data) and now when I query I see duplicate results...

by Path Finder in

How do you map value from inputlookup to another search

Hi, I have 2 separate queries as below: Query1: (normal splunk search e.g. index=* host=abcde | table Message1,Me...

by Explorer in

Can you do conditional formatting in Splunk, like in Excel? (ex: have a cell color change based on percentage values in a column?)

Can you do conditional formatting, like in Excel, in Splunk? For example, can I have conditional formatting on the...

by Motivator in

How to check results and see if there is a name that does not exist in lookup?

Hi, I receive data from a particular product that is installed on various customers, that data is received ev...

by Loves-to-Learn Everything in

How to write a query required for checking all sourcetype which is configured for alert/report/dashboard

Hi Team, We are using Splunk Enterprise SIEM tool. we want to check all the source type which is configured for al...

by Loves-to-Learn Lots in

Trying to break multiline event into separate events

Sample Data: {{"device_id":"a1c842ef8c0545f48e8e61d3e03c68bb","ip":"192.168.193.162","topic":"DEVICE","event":"device...

by Engager in

Schedule search with updating value in lookup

Hi, I have following data which I use search to find from last 30 days and save it into lookup: CustomersOld Acqui...

by Explorer in

Response time or Latency comparison for API's against different time period

Hi - I want to list API's and its latencies / response times and want to compare the latencies in a table like below,...

by New Member in

How to use dst{} in data model?

I have a sourcetype the provides results for dst if it has one result or dst{} with multiple results. I am attempt...

by Path Finder in

How to extract fields out of the winevent IIS logs?

I'm trying to extract fields out of the winevent IIS logs. My regex works in regex101 perfectly. Also I can do someth...

by Path Finder in

How to create a multistage Sankey diagram with a single search without needing to "append"?

I have a dataset where each event summarizes a workflow, using the fields Foo->Bar->Baz, and I'm looking to create a ...

by Path Finder in

How to get transaction results in table with "transacted" items in separate rows?

Hello Experts, I have a transaction query that I am displaying in a table. I am able to get results in a table, ho...

by Explorer in

What is the configuration so that the following events show independently in the Splunk search?

Could someone help me with the Splunk configuration so that the following events show independently in the Splunk sea...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to get multiple legends on x-axis?

Dropdown list: How to update search events with an eval case command?

How to create a table of latest event when events have same timestamp?

How to reformat MAC address?

What is the performance difference between join and lookup/ KVStore?

How to filter xml logs from wineventlog?

Splunk query- How to use spath command for the below logs?

How to delete duplicate logs?

How do you map value from inputlookup to another search

Can you do conditional formatting in Splunk, like in Excel? (ex: have a cell color change based on percentage values in a column?)

How to check results and see if there is a name that does not exist in lookup?

How to write a query required for checking all sourcetype which is configured for alert/report/dashboard

Trying to break multiline event into separate events

Schedule search with updating value in lookup

Response time or Latency comparison for API's against different time period

How to use dst{} in data model?

How to extract fields out of the winevent IIS logs?

How to create a multistage Sankey diagram with a single search without needing to "append"?

How to get transaction results in table with "transacted" items in separate rows?

What is the configuration so that the following events show independently in the Splunk search?

Streamline Data Ingestion With Deployment Server Essentials

Remediate Threats Faster and Simplify Investigations With Splunk Enterprise Security ...

Introduction to Splunk AI

AD servers with indexing delays when evt_resolve_a...

Using comparison function within mstats

splunk search statement using keyword from input b...

Ex Cisco - run a report for all DFS users who logg...

Splunk query to list all the queries that time out