Splunk Search

Discussions

Thread Info

Error in search: Configuration initialization for /opt/splunk/etc

Hi, I have an issue with about a searching, someone know about it, this is the issue: Error in search: "Confi...

by Explorer in

How to replace severity values by respective levels?

Hello,In the events, the severity is captured as values between 1 to 10. I want to represent them as High, Low, Mediu...

by Explorer in

How to add multiple field values from a CSV to my main search?

I need to add multiple values from a CSV to a main Search I have, I used the lookup command but I think that will jus...

by Explorer in

How do I create bar chart where I want x axis to display all the value in field even If Y axis don't have value?

I use index= main | lookup test1.csv Severity1 | stats count by Severity The lookup table have 5 value ( Ver...

by Communicator in

How would I fix my search not counting correctly?

Hello y'all!I'm trying to use the Single Value object, and build a search which count the number of the records and s...

by Engager in

How to generate a parent child process chain to use dendogram visualization?

Hello all! I´m so lost trying to get full process tree to visualize it in dendogram https://splunkbase.splunk.com/...

by Path Finder in

Why is my eval command with multiple if conditions not working?

Hi, I have used eval with multiple if conditions and it's failing. Kindly help. source = "2access_30DA...

by Path Finder in

Replacing values in a column in a lookup table with the results from a search query?

Hi, I have been tasked to design an alert to trigger whenever there is a modification of the "search query" of an ...

by New Member in

Check if field match the regex?

Hi Splunk Community, I need help to check whether my directory field match the regex The regex I used is ^\w+:\...

by Path Finder in

Extract count of search field(SPL) by re-search?

hello index=_audit user=admin action=search info=granted search=* | table search_id search| replace "'search *" WI...

by Explorer in

Add dashboard tab to app?

Good afternoon!The infrastructure command gave me permissions so that I can add a dashboard tab to my application. I ...

by Communicator in

How to match case on multiple value assigned

Hi all, I'm trying to create category based on host category: Lab,Personal,Staff and get workstations to be counted...

by Path Finder in

How to split multiple fields?

I need to be able to split multiple fields that have a delimiter of "|#|". The field name will differ depending on th...

by Explorer in

Why is eval command case function not working?

Hi, I wrote a eval command and its not working. Kindly help. source = "2access_30DAY.log" | eval "new_field" = ...

by Path Finder in

SPL to extract field and field value?

SPL to extract field and field value when data seems like belowscreenshot attached.I need help in extracting field as...

by Explorer in

Combinatorics, permutation, foreach within a foreach... unique stats case to calculate a fields vertical relationship?

I have a unique query that I think I have a general logical approach to solving, but the syntax and most efficient ro...

by Explorer in

Is it possible to concatenate string with a number using eval?

Hi, Can we concatenate a string with a number using eval with '.' operator? I got to know that from a video, but w...

by Path Finder in

How to achieve a federated search to link the on-prem indexers to the cloud SH?

I have a distributed Splunk environment, meaning a SHC and IDX cluster connected via distributed search as outlined i...

by Path Finder in

The default search won't let you click the link, it just lets you filter on that field, is there an override to this?

I can control the data sent to the fields. All fields on the deafult search allow you include/exclude in search resu...

by Observer in

What happened to the data?

Hi, I have a question for my understanding. Kindly help. You had data in the past, one fine day if you see there ...

by Path Finder in

"[Errno 111] Connection refused" when I restart Splunk on my HF

Hello Splunkers,I am facing some errors every time I relaunch my Splunk service on my HF.Inside splunkd.log I have th...

by Contributor in

DNS tunneling detection - Help with fine tuning splunk search

Hey Splunkers,Can someone please help me with the logic, how can I finetune the search below to detect DNS tunnelling...

by Path Finder in

Is this message format possible for sending to splunk?

Tell me, is this message format possible for sending to splunk: curl --location --request POST 'http://170.25.25.2...

by Communicator in

How to use the results of subsearch?

My requirement is to utilize the results of the sub-search and use it with the results of the main search results, bu...

by Contributor in

Time range in rest query- Unable to get it down to last hour?

Hi, ive got the below query that im using to try and see when correlation searches have been edited: | res...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Error in search: Configuration initialization for /opt/splunk/etc

How to replace severity values by respective levels?

How to add multiple field values from a CSV to my main search?

How do I create bar chart where I want x axis to display all the value in field even If Y axis don't have value?

How would I fix my search not counting correctly?

How to generate a parent child process chain to use dendogram visualization?

Why is my eval command with multiple if conditions not working?

Replacing values in a column in a lookup table with the results from a search query?

Check if field match the regex?

Extract count of search field(SPL) by re-search?

Add dashboard tab to app?

How to match case on multiple value assigned

How to split multiple fields?

Why is eval command case function not working?

SPL to extract field and field value?

Combinatorics, permutation, foreach within a foreach... unique stats case to calculate a fields vertical relationship?

Is it possible to concatenate string with a number using eval?

How to achieve a federated search to link the on-prem indexers to the cloud SH?

The default search won't let you click the link, it just lets you filter on that field, is there an override to this?

What happened to the data?

"[Errno 111] Connection refused" when I restart Splunk on my HF

DNS tunneling detection - Help with fine tuning splunk search

Is this message format possible for sending to splunk?

How to use the results of subsearch?

Time range in rest query- Unable to get it down to last hour?

Index This | What’s a riddle wrapped in an enigma?

BORE at .conf25

OpenTelemetry for Legacy Apps? Yes, You Can!

Help Fix My Search

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

Splunk Search

Are you a member of the Splunk Community?

Discussions