Splunk Search

Ask a Question

Discussions

Thread Info

How to delete Windows logs after it was read by Splunk?

Hi All, I have a large number of Windows logs in directory. How can I automatically delete them from the disk spac...

by Engager in

To which index does the sourcetype belong?

Greetings, I have been creating a search that collects all the sourcetypes that have not collected any information ...

by New Member in

How to transform event data for table display?

Hi, I would like display values of variables from an event as a Table. My data format is as follow: TimeEvent9...

by Path Finder in

How to event break with by request ID?

On my attached picture these many events should become one event by ID instead of so many, how can I break those even...

by Engager in

How to create a subsearch based on parent search?

I want to create subsearch based on parent fields search. I want to show only rows from...

by New Member in

How to write search to get the numbers in order for field?

Hello Team, I am running below query to get the stats but I am looking to get the Store numbers in serial order, ...

by Explorer in

How to search using a set of values?

Hello All,I am relatively new to splunk and I am trying to search using sets. Sets here refers to a group of values t...

by Path Finder in

How to pull data from Nested JSON Fields based on Field Value?

Hello, I'm working on creating automated alerts from an email security vendor and would like for them to only inc...

by Path Finder in

How can I sort results for previous week and current week in two seperate columns?

Hi Folks, How can i display the results for 2022-09-02 in Result_Prev column and 2022-09-09 in Result column and ke...

by Path Finder in

Using search to find user using RDP and switch identities usage

What's a good way to find user who logon to RDP with one user account then user another like privilege user account. ...

by Contributor in

What are the differences between Splunk Cloud and Splunk Enterprise lispy?

Hi, We are using both Splunk Cloud and Splunk Enterprise. We recently came across some issues/differences in searc...

by Observer in

I tried accessing an API with the help of Splunk API Modular Input add on, but there is no option for bearer auth?

I want to access an API and I can only use Bearer authentication to access that particular API. I searched a lot abou...

by Explorer in

Translate splunk data to json using cli search?

I have a splunk container running on docker, and was hoping to translate the splunk index data into json using a cli ...

by Engager in

Forescout nested json- How do I categorize the nested json objects into fields within the array?

Hello, I am currently working on a use case which has complex ingested data with nested json. The data I am trying...

by Engager in

How to assign previous month's fetched result to current month's field?

Considering 2022-06 as starting month, If month is 2022-07, i should assign 2022-06's corresponding field values " gr...

by Explorer in

Help with join in searches

Hi Need help with Left join There are two queries as below Query1 index=abc sourcetype=123 | table a.b.re...

by Loves-to-Learn in

How to filter search by value from a json list?

Hi Consider this event structure : {"result" : {"dogs" : [{"name" : "dog-a", "food":["pizza", "b...

by Path Finder in

Why is line chart color is not getting change?

Hi Im trying to change the color of a line chart with: <option name="charting.seriesColors">[000000FF]</option>...

by Path Finder in

How to extract values from existing field and reassign them to field?

Hello, I currently have a field that contains a long string over 100+ events and in that field there are varying f...

by Explorer in

How to write regex to read all the value in all the lines?

Hi Everyone, I am desperately seeking help for my new query in SPLUNK. The search result will look like the below:...

by Loves-to-Learn in

How to search for different events on the same day, with different time frames?

Hi all! I have been absolutely stumped by this and hoping you can help me out. I am trying to find users that have...

by Explorer in

How to exclude matching results from Lookup?

Hi all - I am trying to exclude matching results from a lookup and can't get it to work. I've tried multiple searches...

by Communicator in

How to add URL Link to Alert Email?

I have a search that is run as a cron and creates an email. It is very simple; index=my_index host=* logon Ev...

by Builder in

How to count number of applications associated with a given user and report if less than 10?

I'm working on a search that evaluates events for a specific index/sourcetype combination; the events reflect SSO inf...

by Path Finder in

How would I configure CyberArk TA, Search Head, and Syslog Server?

Hello, Data in CyberArk comes through the Syslog Server and CyberArk TA needs to be installed into Search head (or...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to delete Windows logs after it was read by Splunk?

To which index does the sourcetype belong?

How to transform event data for table display?

How to event break with by request ID?

How to create a subsearch based on parent search?

How to write search to get the numbers in order for field?

How to search using a set of values?

How to pull data from Nested JSON Fields based on Field Value?

How can I sort results for previous week and current week in two seperate columns?

Using search to find user using RDP and switch identities usage

What are the differences between Splunk Cloud and Splunk Enterprise lispy?

I tried accessing an API with the help of Splunk API Modular Input add on, but there is no option for bearer auth?

Translate splunk data to json using cli search?

Forescout nested json- How do I categorize the nested json objects into fields within the array?

How to assign previous month's fetched result to current month's field?

Help with join in searches

How to filter search by value from a json list?

Why is line chart color is not getting change?

How to extract values from existing field and reassign them to field?

How to write regex to read all the value in all the lines?

How to search for different events on the same day, with different time frames?

How to exclude matching results from Lookup?

How to add URL Link to Alert Email?

How to count number of applications associated with a given user and report if less than 10?

How would I configure CyberArk TA, Search Head, and Syslog Server?

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions