Splunk Search

Ask a Question

Discussions

Thread Info

Can someone help with my Splunk search to find new events in 2 week periods?

Hello Splunkers!! I have two weeks events week 1 & week 2. Here I need to compare event of Week 1 & Week 2. The hi...

by Motivator in

How to escape equal signs (=) in key value data?

Some of our data is logged in key value format separated by an equal sign (=), e.g.: field1=data1 field2=data2 ...

by Builder in

How to write a Splunk search for License Utilization for Particular events?

Hi , i want to find the license utilization of firewall logs based on severity level. can anyone help me wit...

by Path Finder in

How to extract status for monitoring with a log structure like this?

Hello, I have a log file that go like this 2022-09-30 09:43:41,038: INSTANCE=34-bankgw1, REF=2373...

by Communicator in

Trouble with date conversion

I need to create a field (30days) with a date 30 days from the date in a given field (pubdate). I believe I have that...

by Communicator in

Splunk query to Append/replace the specific fields in the lookup file (csv)

Hi, I have a lookup file with the fields - biz_department, biz_unit, biz_owner, data_usage I have a query to ge...

by Explorer in

How to add the field name via command in a lookup file?

Hi Community Support, I have a lookup file with IP addresses where all the values are IP Addresses including the v...

by Engager in

Event sampling and Count - accuracy?

I have a need for approximate statistics/metrics and am currently using Event Sampling, which drastically speeds up t...

by Path Finder in

Priority of a search error- How do find what searches are high priority and what are non-high priority search in splunk?

The splunkd health has the following message: The percentage of non-high priority searches skipped (97%) over the...

by Explorer in

Help on removing the double quotes and reading a substring

I have the below string in my error log {"@odata.context":"https://apistaging.payspace.com/odata/v1.1/11846/$meta...

by Path Finder in

How to display table with vertical title?

I'm sure this must be possible, but I can't find a way, unfortunately there are a couple of threads on this with no s...

by Explorer in

How to get ip objects from a Splunk list?

Hello, I have an output list like this one: { "10.10.10.15": { "High": [ { "name": "vu1", "...

by Loves-to-Learn Everything in

How to unite multiple columns into one column?

table A table B I know there are lots of ways to spread the table from table B to table A . Is...

by Explorer in

Is there any way to export my custom visualization in PDF format --- BoxPlot?

Hey Splunkers!! Is there any way to export my custom visualization in PDF format --- BoxPlot I check over the S...

by Explorer in

How to display comma separated in two column in Splunk under events or statistics or visualization?

case_S56_search_Get_T01_search,{"success":false "message":"Note not found: 52229548" "messageCode":"**" "localizedMes...

by Explorer in

Help with Search for sporadic servers in the past 14 days?

Trying to build a search looking for sporadic servers in the past 14 days, here is my search so far. | tstats ...

by Path Finder in

Retrieve all latest rows that share the same _time value?

I have an application that sends logs to Splunk every few seconds. These logs are "snapshots" which provide a static ...

by Engager in

Filter JSON search results based on another log message in the same search?

I have the below search results that will consist of 2 different types of log formats or strings. Log 1: "MESSAGE "(...

by Path Finder in

How to show the total size of events from a source?

Hi, I need to show a customer that Splunk is processing their entire file, and thought a good way of doing it was ...

by Champion in

Can I use macro but complete search if macro is broken or missing?

I am using two macros in a search however, I want to use them in a way that IF they are broken or not available the s...

by Path Finder in

How to compare two fields data from appendcols

Hi Community, I need support to know how I can get the non-existent values from the two fields obtained from the "a...

by Engager in

Can splunk index same data into one index but different sourcetypes??

Hello, I have to index a log file in linux server in to one index but need to have two different sourcetype. Is it ...

by Path Finder in

Need help on regex

Hai all, Need help on to extract as new filed for user named after CORP\ Message=Task Scheduler started "{B9F5A32...

by Path Finder in

Intermittent log data ingestion- Why aren't logs ingested regularly?

I have an issue where the logs aren't ingested regularly. The log file updates every 5 minutes with the same line ...

by New Member in

Is it possible to specify Event Sampling in a query for use in a Dashboard?

For the type of data I am trying to extract, Event Sampling really speeds up the query. This works fine when executin...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Can someone help with my Splunk search to find new events in 2 week periods?

How to escape equal signs (=) in key value data?

How to write a Splunk search for License Utilization for Particular events?

How to extract status for monitoring with a log structure like this?

Trouble with date conversion

Splunk query to Append/replace the specific fields in the lookup file (csv)

How to add the field name via command in a lookup file?

Event sampling and Count - accuracy?

Priority of a search error- How do find what searches are high priority and what are non-high priority search in splunk?

Help on removing the double quotes and reading a substring

How to display table with vertical title?

How to get ip objects from a Splunk list?

How to unite multiple columns into one column?

Is there any way to export my custom visualization in PDF format --- BoxPlot?

How to display comma separated in two column in Splunk under events or statistics or visualization?

Help with Search for sporadic servers in the past 14 days?

Retrieve all latest rows that share the same _time value?

Filter JSON search results based on another log message in the same search?

How to show the total size of events from a source?

Can I use macro but complete search if macro is broken or missing?

How to compare two fields data from appendcols

Can splunk index same data into one index but different sourcetypes??

Need help on regex

Intermittent log data ingestion- Why aren't logs ingested regularly?

Is it possible to specify Event Sampling in a query for use in a Dashboard?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...