Splunk Search

Ask a Question

Discussions

Thread Info

Buckets in splunk- Is it possible to do a 10 minutes from event not 10 minute window?

Hi all, Wondering if it is possible to do 10 minute search from when you see an event instead of doing 10 minute w...

by Engager in

Regex Help to extract the first ip?

Please help with regex to extract the first ip(highlighted red) only 2022-10-25T14:30:28.108+00:00 10.3.4.150 sys...

by Observer in

How to get values count to display in table?

Hi all. I wish to display in a table format the value's count. For example; Computer A has 100 sessions. ...

by Explorer in

How to count number of events and length along with the median value ?

I want to be able to able to count the number of events and the median length of events per sourcetype in Splunk ? ...

by Contributor in

How to update the lookup table dynamically?

I have a list of hosts in the lookup table. These values aren't static and gets updated dynamically every three month...

by Path Finder in

How do I reformat my table?

Hello Splunkers!! As per my requirement my current results are as below : severityVulnablitiesCritical3Medium 4...

by Motivator in

How to get special characters in logs recognized by Splunk by default?

Hi, Log format is JSON I have a Field named Organization Now when Organization = "Systèmes" , this will have...

by Path Finder in

How to search for Windows event followed by another Windows event?

I am trying to create a search which looks for an EventCode 4624 followed by another EventCode 4625 from same user, i...

by Engager in

Why is a function as 3-rd arg in the "replace" function not evaluating capturing groups?

Hi all, Due to utf16/8-mismatch, I find a lot of utf16 \xnn chars in my events; this makes the json-parser kind of...

by Observer in

Performance fields/stats/table

https://community.splunk.com/t5/Splunk-Search/Fields-vs-table-vs-nothing/m-p/498525#M194897 I was looking at a Spl...

by SplunkTrust in

How to calculate the percentage of total bytes by app?

I am having a brain fart on trying to figure out how to find the total bytes per application and the the percent of e...

by Influencer in

Separate multiple splunk values with an OR clause?

I have a text box in a splunk dashboard and I'm trying to find out how I can separate values entered into the text bo...

by Path Finder in

Why am I receiving fewer events when using rename command in Splunk?

I am getting fewer events when using rename command in splunk. ( Compared to the search where I haven't used rename)....

by Loves-to-Learn Everything in

How to join inner?

Inter join is not displaying any results. the search works however, nothing is showing up on the screen index = ...

by Explorer in

How to combine two values from the same field?

I'm trying to combine two simular values from the same field. and rename the values. I would like to co...

by Path Finder in

How can I show empty timechart with global_time date range?

I have three graphs that show results based on a global time range.However, if I have no results (no errors) the thir...

by Loves-to-Learn in

Is there a Dashboard Studio widget to change background colors based upon query result (Yes / No)?

I have seen several posts asking similar questions but I am not that much of a UI guy so they do not make sense. I...

by Contributor in

Result-depending cidrmatch between two lookups?

Hello, I've been searching the internet for quite a while. But can't find any approach. I have a primary search...

by Loves-to-Learn in

How to determine if event is in list of outages?

I have a seemingly simple request: list the events and indicate if it occurred during an outage. I have been tryin...

by Explorer in

Can I limit foreach iterations, or place a where clause (or other filter) in the foreach subsearch?

Can I limit foreach iterations, or place a where clause (or other filter) in the foreach subsearch? I'm attempting...

by Engager in

Is there a more efficient way to match multiple values using rex?

Hello, I have to avoid matching several values in a fields. The following works, but I"m wondering if there is a mo...

by Explorer in

How to dynamically remove events based on field value?

Hello all, I have a search that's something like this: index=* sourcetype=* ID=* (value=1 OR...

by Loves-to-Learn Lots in

How to get 2 unique rows for the values in the list.

I have the following query: application_id=12345 STATUS_CODE IN (300, 400, 500)| head 10 How can ...

by Path Finder in

Inconsistency in search results with time settings?

Hello, | transaction RRN keepevicted=t | search date_hour <6 If I execute this search with a specific date...

by Loves-to-Learn in

What's the easiest way to Regex for any characters in the middle?

Hello, I need to take events with two kind of text (different paths) :Appended to: G:\Streamserve\Appended to: D:\G...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Buckets in splunk- Is it possible to do a 10 minutes from event not 10 minute window?

Regex Help to extract the first ip?

How to get values count to display in table?

How to count number of events and length along with the median value ?

How to update the lookup table dynamically?

How do I reformat my table?

How to get special characters in logs recognized by Splunk by default?

How to search for Windows event followed by another Windows event?

Why is a function as 3-rd arg in the "replace" function not evaluating capturing groups?

Performance fields/stats/table

How to calculate the percentage of total bytes by app?

Separate multiple splunk values with an OR clause?

Why am I receiving fewer events when using rename command in Splunk?

How to join inner?

How to combine two values from the same field?

How can I show empty timechart with global_time date range?

Is there a Dashboard Studio widget to change background colors based upon query result (Yes / No)?

Result-depending cidrmatch between two lookups?

How to determine if event is in list of outages?

Can I limit foreach iterations, or place a where clause (or other filter) in the foreach subsearch?

Is there a more efficient way to match multiple values using rex?

How to dynamically remove events based on field value?

How to get 2 unique rows for the values in the list.

Inconsistency in search results with time settings?

What's the easiest way to Regex for any characters in the middle?

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions