Splunk Search

Ask a Question

Discussions

Thread Info

How to count events when hour is finished?

Hi everyone, I am doing a search to find all the events that sent from different servers by hour, to find if any s...

by Communicator in

How to calculate the number of times the same event has occured in an index?

How to calculate the number of times the same event has occured in an index

by Engager in

How to extract fields from bluecoat logs?

How to extract the log example below: 2010-09-29 16:23:44 2 172.16.106.54 exam.ple Filter-ID==4 - OBSERVED "Search...

by Path Finder in

Why is multi column join not working whereas single column join is working fine?

single column join is working index=* source=jar columns.path="*/log4j-core*" NOT columns.path=*/log...

by Engager in

How to lookup the best matching ingress url for url field in log?

Dear Splunk community, I'm new to Splunk, so excuse my incompetence... What I'm trying to do is enriching my we...

by Engager in

Dynamic saved search - How do I initialize search tokens in spl?

I like to use savedsearches with token inside a classic xml dashboards e.g. <form>...<search><query>| savedsearch "m...

by Engager in

How to add a column to count for consecutive occurrences?

Hello, I have a monthly report that produce a table like this Violation list EmployeemonthA8-2022B8-2022 ...

by Communicator in

How to search for Dst_ip and Src_ip NOT in lookup table?

Hi, I need your help i have a lookup table as vcs_ip.csv. inside the table, i have a column named as ip. This t...

by Explorer in

How can I create an alert for long running jobs?

Hi there,Search to trigger an alert when the particular job (scheduled jobs) is running more than the threshold time ...

by Engager in

Syntax help to get distinct results from two queries from two different timeframes

Hello all, I would like a single splunk query that does the following: Query "APP_A" for a specific log message, ...

by New Member in

How to optimize my base search for syslog?

Hello Splunkers , I have the below source code and using the base search as index=syslog process!=switchd but its ...

by Builder in

How do I use regex to select a string between two symbols?

Splunk logs looks like below: userid=234user|rwe23|dwdwd -- userid=id123|34lod|2323 textHow can I get value betwe...

by Engager in

How to use the splunk ldapsearch app to list all users' memberships with in a group?

I am having no luck listing users' memberships with in a group, using ldapsearch. I am not an AD LDAP expert, eithe...

by Communicator in

Infoblox reporting splunk question: How to pull into first search query?

Hi, I'm using the following search string in Infoblox reporting: sourcetype=ib:audit index=ib_audit ...

by Explorer in

Is there a way to identify/search what SMB version is being used across the network?

Hello Splunkers, Is there a way to identify/search what SMB version is being used across the network? I am looking...

by Loves-to-Learn in

How to join lookups?

Hello everyone! I have 2 lookups - 1.csv and 2.csv 1.csv contains such table hostuserresulthost1Alexsuccessh...

by Contributor in

Why does it say there are events but then it says "No results found"?

After running a search, I have the below results: 112,471 events (9/20/17 2:00:00.000 PM to 9/21/17 2:10:07.000 PM ...

by New Member in

Timechart - Is there a way to define the <selection> area in-code?

Hello, I'm using a timechart with the following block for allowing the user to select a specific area and see stat...

by Explorer in

How to get pie chart average value in three slices?

Short description:When a consumer orders groceries online, I provide the picker—the individual who picked the foods b...

by Path Finder in

Why does search use up large amount of memory?

I'm trying to export raw linux audit logs to a file. For example: splunk.exe "sourcetype=linux...

by New Member in

Splunk search- How to extract payload?

Hello , I have splunk logger line like below: Address: XXX HttpMethod: POST Headers: {Ama-Internal-REST-Servic...

by Explorer in

How to utilize wildcards in time fields in lookup file?

I have a lookup which has a field with time values (in 24 hr time; i.e. 00:30, 13:45, 23:15), which tells my dashboar...

by Explorer in

Do I use Last(..) or Latest(..) after match(..), or something else?

I am performing a search for two events. A start event and a stop event for a specific job Name. I have ran into a...

by Contributor in

How to use eval within stats for data from tstats

I'm trying to use eval within stats to work with data from tstats, but it doesn't seem to work the way I expected it ...

by New Member in

Time Range "earliest" in SPL not working?

When conducting searches, we have observed that the SPL searches were not working based on the "earliest" time range ...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to count events when hour is finished?

How to calculate the number of times the same event has occured in an index?

How to extract fields from bluecoat logs?

Why is multi column join not working whereas single column join is working fine?

How to lookup the best matching ingress url for url field in log?

Dynamic saved search - How do I initialize search tokens in spl?

How to add a column to count for consecutive occurrences?

How to search for Dst_ip and Src_ip NOT in lookup table?

How can I create an alert for long running jobs?

Syntax help to get distinct results from two queries from two different timeframes

How to optimize my base search for syslog?

How do I use regex to select a string between two symbols?

How to use the splunk ldapsearch app to list all users' memberships with in a group?

Infoblox reporting splunk question: How to pull into first search query?

Is there a way to identify/search what SMB version is being used across the network?

How to join lookups?

Why does it say there are events but then it says "No results found"?

Timechart - Is there a way to define the <selection> area in-code?

How to get pie chart average value in three slices?

Why does search use up large amount of memory?

Splunk search- How to extract payload?

How to utilize wildcards in time fields in lookup file?

Do I use Last(..) or Latest(..) after match(..), or something else?

How to use eval within stats for data from tstats

Time Range "earliest" in SPL not working?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!