Splunk Search

Ask a Question

Discussions

Thread Info

How to put 4 field in table view but some field have long sentence so the table view was in organize?

I use mvzip command index=main sourcetype="ms.356" | eval nested_payload=mvzip(mvzip(flaw, solution),answer) ...

by Communicator in

How to convert specific columns to rows in Search SPL?

Hi Friends, I want to convert 2 specific columns to rows and remaining columns should be present. This is my cu...

by Path Finder in

How to merge and map two splunk multi value fields and creating a seperate field?

Hi All, We have below data extracted in splunk and the ask is , in the "Node" field we need to make first two value...

by Explorer in

How to exclude IP range for set of groups?

Hi All, I have dashboard displaying list of groups asset counts for various business units and recently has some o...

by Path Finder in

Help with search to get below scenario

Hi All, Good day. need help on search query to get below scenario. as we have few jobs we need data to calculat...

by Path Finder in

How do I search 2 source types with matching data and display the values in a table?

Greetings, I have 2 sourcetypes that I am matching PID. How do I table the remaining values that corresponds to the P...

by Communicator in

How to subtract days from earliest?

Hi, I need to subtract -30d from earliest, where earliest is counted by token. I tried to convert token result ...

by Path Finder in

How to create a table comparing the same field/count from the previous month to current month?

I am currently attempting to create a table that displays the count of one event from the previous month in compariso...

by Engager in

How to find all savedsearches (alerts and reports) that are scheduled and use a specific index?

Hi I am not having much luck. I want to find all schedule reports and alerts that use a specific index (e.g. ind...

by Communicator in

Expand two fields in the json array into table from multiple events

I am trying to expand couple of fields (locationId, matchRank) using mvexpand. But it only works for shorter duration...

by Path Finder in

How to compose the output in time and Scenario_ID sequence after comparing and filter the earliest one?

Hi all, I would like to know how to write a SPL code to solve the issue that is to pick the scenarios follow the 3...

by Path Finder in

Why is Datamodel=Authentication not getting older events?

Hey gents, I am very new to splunk but does anyone have an idea why my search from datamodel=authentication not g...

by Explorer in

How to see only the events where "firstSeen" is within the last 7 days?

I have this dataset in SPlunk, I am trying to see only the events where "firstSeen" is within the last 7 days. I ...

by Explorer in

Using regex and time to discard results?

Good morning, I am trying to create a filter to avoid events where the user is 3 letters and 4 numbers (Not ...

by New Member in

Help with regex search on multiple lines and displaying only if not matching a particular string

Below is the current out put (raw) - specific field node0:---------------------------------------------------...

by Path Finder in

How to group fields into a single line inside a multiline data?

my subject may not be worded correctly  but i need some help. i have the below raw data, and i would like to ...

by Path Finder in

How to compare CIDR from event to lookup?

I have lookup contains IP and I want to compare to field from event that contains CIDR. I did lookup definition an...

by Explorer in

Are there any solutions in Splunk for color blind users such as color-blind or high contrast flags for charts?

Viewers of some of my charts are color blind. Are there any solutions for this issue besides myself manually setting ...

by Explorer in

Is it possible to get info_min_time and info_max_time of from main search into subsearch?

Hi, let me try to explain my problem. I have a main search with a selected timerange (typically "last 4 hours") which...

by Path Finder in

Can I speed up this slow performance in summary creation?

Hello guys, Can you help us with this case, thank you in advance. We received 300k events in 24 hours,we have to p...

by Engager in

Error in 'eval' command (Expected IN) when using filter time token in dbxquery

Hi everyone, I want to create a Dashboard where the time filter (a customize, no preset by Splunk) will effect the ...

by Communicator in

How to filter the subject account name in the event log below as those other than admin?

I want to filter the Subject Account Name in the Event log below as those other than Admin. So I want to see the case...

by Loves-to-Learn in

Help with mvexpand limits, one issue is the memory limit, the other is that it only applies to one field

There are a couple of issues which often come up with the limits of mvexpand, one of these is the memory limit, the o...

by SplunkTrust in

How to display a table of users with visits to multiple different URLs from proxy logs?

I have fields for user and URL parsed into splunk from a proxy log and am trying to collate a table which displays me...

by Explorer in

Why when I use mvzip , mvexpand, mvindex(split, the first 4 fields keep repeating?

index="main" sourcetype="vrea" | eval nested_payload=mvzip(info, solution, "---") | mvexpand nested_payload ...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to put 4 field in table view but some field have long sentence so the table view was in organize?

How to convert specific columns to rows in Search SPL?

How to merge and map two splunk multi value fields and creating a seperate field?

How to exclude IP range for set of groups?

Help with search to get below scenario

How do I search 2 source types with matching data and display the values in a table?

How to subtract days from earliest?

How to create a table comparing the same field/count from the previous month to current month?

How to find all savedsearches (alerts and reports) that are scheduled and use a specific index?

Expand two fields in the json array into table from multiple events

How to compose the output in time and Scenario_ID sequence after comparing and filter the earliest one?

Why is Datamodel=Authentication not getting older events?

How to see only the events where "firstSeen" is within the last 7 days?

Using regex and time to discard results?

Help with regex search on multiple lines and displaying only if not matching a particular string

How to group fields into a single line inside a multiline data?

How to compare CIDR from event to lookup?

Are there any solutions in Splunk for color blind users such as color-blind or high contrast flags for charts?

Is it possible to get info_min_time and info_max_time of from main search into subsearch?

Can I speed up this slow performance in summary creation?

Error in 'eval' command (Expected IN) when using filter time token in dbxquery

How to filter the subject account name in the event log below as those other than admin?

Help with mvexpand limits, one issue is the memory limit, the other is that it only applies to one field

How to display a table of users with visits to multiple different URLs from proxy logs?

Why when I use mvzip , mvexpand, mvindex(split, the first 4 fields keep repeating?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!