Splunk Search

Ask a Question

Discussions

Thread Info

Why am I still seeing old data?

Splunk data retention period is for 7 days. But i could still see 2 years back data now. I am not sure why? ...

by Path Finder in

Why SPL syntax highlighting not working correctly?

Hi, I've created this rather complicated piece of SPL. To make it a bit more understandable I added some comment l...

by Explorer in

Why are the time modifiers not working for union command?

Hello everyone, The time modifiers don't seem seem to work for this search, am I doing something wrong? |...

by Engager in

Why are date_ fields missing?

What happened to the date_wday, date_hour, and the others? Am I going nuts, waking from a dream where they used to ...

by Communicator in

How to optimize very slow searching JSON events?

I am searching a new source of json data sent to Splunk (over HEC), and it is very, very slow. Searching over just...

by Communicator in

How to split single multivalue event into multiple multivalue events?

Hello everyone !I'm trying to split a single multivalue event into multiple multivalue events. Here is my base s...

by Explorer in

How to find total execution time for multiple events?

Hey all, I have a summary table that shows these values. Each error log and log in the 'Total logs' column (which c...

by Explorer in

How to get columns associated with max value of specific column in 30 minute time window?

Hello everyone, I have following type of data to analyze: timestampendpointexecutionTime08:12/products0.308:20/...

by Engager in

How do I alter my search for multi (2) line chart that shows as one big line to show "Running" and "Stopped"?

Hello Splunk Community, I have the following search command: index="myIndex" host="myHost" myScript Ru...

by Communicator in

Am I taking the correct steps for monitoring active directory and analyzing user accounts?

Good morning allplease i'm in a big das that i can't solve it: i'm a student and i'm preparing my graduation pro...

by Path Finder in

How to create a weekly report comparing changes in Domain Controllers' Operating System Type and Version?

Hello All, I would like to be able to track down any and every configuration change on our monitored DC, AD etc. ...

by Communicator in

Is there an alternative command for the timeshift(Sumo logic ) in splunk?

Hi Everyone,I need to migrate the report from sumo logic to splunk . In sumo logic report we have time compare option...

by Engager in

How to search for and get all values of a field which occurred, but without the timestamps?

I only want to know for field methodName=XYZ All the methodNames that occurred. I do not want the timestamps for ea...

by Loves-to-Learn in

What are some best practices to import data from an Oracle database table (not database logs)?

I have a very large Oracle database table that is being used as a log sink for an application. There is high transact...

by Engager in

How to Capture optional fields?

rex command im using: (?:\w+\s\:\s)(?<command>[^\;]+)?\;\s(?<Datainput>[^\s]+)\s\;\s(?<Extra>[^\s]+) Data 1) c...

by New Member in

Why is mvexpand not working on lookup?

Hello, I am trying to create dashboard input based on lookup table. I have simple lookup with monitor name and lis...

by Path Finder in

Is there any controls to limit the size of a user search?

Is there any controls to limit the size of a user search? The use case is Splunk Cloud and limiting a search, if it d...

by Splunk Employee in

How to trigger an alert if Event B doesn't occur within 30 minutes of Event A?

Hi all, I'm looking to trigger an alert if our DHCP server loses connection with its partner DHCP for more than 30...

by Engager in

Help with field extraction with complex events

Hello, I have some issues with the field extraction for the following event (one sample event given below). Any re...

by Motivator in

What is the difference between lookup, input lookup and what a definition lookup is for ?

Hi, As asked in the subject I trying to figure out the difference between lookup input lookup because I don...

by Explorer in

When testing federated search, no fields show up- Is this a bug?

We are testing federated search. when on the provider (environment A), the fields are nicely extracted. When o...

by Path Finder in

Why can't splunk add-on for Amazon Web services proxy and no_proxy?

Trying to collect my AWS data using on-prem splunk instance. I need to go via a proxy to access anything on the inter...

by New Member in

Document Flow tracking over multiple sources. Linking unique field

Beginner user here. PART 1Wanting to track documents over multiple sources to ensure they reach their destinationSo...

by Engager in

How to create an Alert for an increase in IIs requests compared to a previous date

Hi, I’m looking at creating Alert for an increase in IIs requests compared to a previous date based on a percentag...

by Communicator in

How to update table?

Hi, Is it possible to Make a table like in the example below, that would refresh every 10 minutes and update the s...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why am I still seeing old data?

Why SPL syntax highlighting not working correctly?

Why are the time modifiers not working for union command?

Why are date_ fields missing?

How to optimize very slow searching JSON events?

How to split single multivalue event into multiple multivalue events?

How to find total execution time for multiple events?

How to get columns associated with max value of specific column in 30 minute time window?

How do I alter my search for multi (2) line chart that shows as one big line to show "Running" and "Stopped"?

Am I taking the correct steps for monitoring active directory and analyzing user accounts?

How to create a weekly report comparing changes in Domain Controllers' Operating System Type and Version?

Is there an alternative command for the timeshift(Sumo logic ) in splunk?

How to search for and get all values of a field which occurred, but without the timestamps?

What are some best practices to import data from an Oracle database table (not database logs)?

How to Capture optional fields?

Why is mvexpand not working on lookup?

Is there any controls to limit the size of a user search?

How to trigger an alert if Event B doesn't occur within 30 minutes of Event A?

Help with field extraction with complex events

What is the difference between lookup, input lookup and what a definition lookup is for ?

When testing federated search, no fields show up- Is this a bug?

Why can't splunk add-on for Amazon Web services proxy and no_proxy?

Document Flow tracking over multiple sources. Linking unique field

How to create an Alert for an increase in IIs requests compared to a previous date

How to update table?

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6