Splunk Search

Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
trentsnowbarger

How to troubleshoot connectivity issues using Splunk?

a customer reports intermittent connectivity issues to the internet, a website, what have you. Our instance of Splunk...
by trentsnowbarger New Member in Splunk Search 09-15-2022
0 1
0
1
nathanluke1986

How to list chosen fields in one field?

Hello, I am trying to list fields I have selected into a single field to display in a dashboard. Currently trying   |...
by nathanluke1986 Engager in Splunk Search 09-15-2022
0 1
0
1
lou_sierra

ES Search Help - How do I multi index join when IP address field is named differently between the two indexes?

I have looked at the join documentation, but I am getting a little lost in translation.What I am trying to accomplish...
by lou_sierra New Member in Splunk Search 09-15-2022
0 1
0
1
Basavaraj

Help with decoding data exfiltration- What time calculation is it doing?

Reference : https://zpettry.com/cybersecurity/splunk-queries-data-exfiltration/ | bucket _time span=1d | stats sum(by...
by Basavaraj Engager in Splunk Search 09-15-2022
0 1
0
1
evallja

How to extract field using regex?

Hello everyone, Please, I need to extract a field named product (with its value in bold) from the below Message field...
by evallja Path Finder in Splunk Search 09-15-2022
0 1
0
1
Phil_S

Help with rex and multi-value fields, assigning key value pairs?

Hi All, I have a search which parses key/value pairs out of a strangely-formatted XML field.         rex field=xml "<...
by Phil_S Engager in Splunk Search 09-15-2022
0 4
0
4
Sanjana

Splunk Search-Where is key dynamic?

Hello , I have data like below. I need to frame a query such that I can calculate number of desync for each rate-pari...
by Sanjana Explorer in Splunk Search 09-14-2022
0 7
0
7
jdonic

How to compare results of 2 periods?

Hello, guys. I am struggling with my search in splunk and would appreciate any help.   Currently I have search that o...
by jdonic New Member in Splunk Search 09-14-2022
0 1
0
1
mark_cet

Lookups with extracted fields not working- Why can't I see the active or group fields in events?

I am a fairly new to Splunk, and I am having a lot of trouble using the table lookups.   I have a lookup CSV table (t...
by mark_cet Path Finder in Splunk Search 09-14-2022
0 2
0
2
DG3bran

How to FILTER same events whit two or more fields in a time interval?

Hello team !! Im working whit CDR of SMS and I have to find a way to visualize that two fields are repeated more than...
by DG3bran Explorer in Splunk Search 09-14-2022
0 2
0
2
LHumberto

Rex mode=sed to substitute < & > with nothing?

Greetings! The target filed is message_id and sometimes the field value comes with brackets <b8047a671f47430cb44afbf1...
by LHumberto Explorer in Splunk Search 09-14-2022
0 1
0
1
KyleMcDougall

"Middle" parameter for stats command?

Hi all! We use stats commands to pull in data from our APIs. But, our APIs get called multiple times in a single sess...
by KyleMcDougall Path Finder in Splunk Search 09-13-2022
0 4
0
4
coreytoast

How can I split Splunk query into time ranges?

Hi Everyone, If I am searching through the past 4 weeks in one query, how can I break this data into two columns, one...
by coreytoast Explorer in Splunk Search 09-13-2022
0 8
0
8
smanojkumar

How to create an alert to notify when a job runs over a specified time?

My requirement is to notify when the job runs more than the specified time, condition 1 - the first job of every day ...
by smanojkumar Contributor in Splunk Search 09-13-2022
0 3
0
3
rpachamuthu

Help with Search in XML file-Multiple lines data for validation of HTTP response content validation for API calls

I am new to Splunk query  I need to capture the  filed value of tn "Subscription_S04_LookupInvoiceStatus" and Respons...
by rpachamuthu Explorer in Splunk Search 09-12-2022
0 4
0
4
AttarSingh1

Regex help, using ^ character

Hey, I was trying to filter some search data in splunk using regex. I was able to figure the regex part. However when...
by AttarSingh1 Explorer in Splunk Search 09-12-2022
0 6
0
6
HelloItsMe76

How to display only a substring of result set?

When i search for the string "ERROR"  in a log i get the below  < DEBUG : blah blah INFO : blah blah blah  ERROR : <s...
by HelloItsMe76 Explorer in Splunk Search 09-12-2022
0 2
0
2
Akdollar

Firewall logs ingest- What is causing spike in firewall data?

My organization has a 10G a day data ingest subscription with splunk. Recently, every Tuesday,  our firewall data ing...
by Akdollar New Member in Splunk Search 09-12-2022
0 1
0
1
zuckermanori

How can I measure the search run time until the first result is returned?

I'm benchmarking performance of search queries. I noticed that although the entire search pipeline takes long to comp...
by zuckermanori Engager in Splunk Search 09-12-2022
0 3
0
3
randqm

Dashboard Studio: How Download as PDF a full table without the scrollbar?

Hello, When I download a dashboard with dashboard studio it come out with the horizontal and vertical scrollbars. The...
by randqm Loves-to-Learn Everything in Splunk Search 09-12-2022
0 0
0
0
jbanAtSplunk

Is there a way to "automate" similar field names function?

Hi, Just curios if this is possible as I have interesting challenge. So, I have extracted fields, key=value id0=0000,...
by jbanAtSplunk Communicator in Splunk Search 09-12-2022
0 4
0
4
abdullah_osail

What are steps to retrieve frozen data and make it searchable again? Can I specify specific data (date) to be retrieved?

What are the steps to retrieve frozen data and make it searchable again? Can I specify specific data (date) to be ret...
by abdullah_osail New Member in Splunk Search 09-12-2022
0 3
0
3
Skysurfer

How to achieve search that If count is less than 0 change it to 0?

Can someone please help me with this.  I have looking for a query so that if count is less than 0 change it to 0, oth...
by Skysurfer Explorer in Splunk Search 09-11-2022
0 3
0
3
Taruchit

How to search each value of a lookup table and update the corresponding column based on SPL?

Hi All,I have a lookup table table1.csv with following fields: -indexsourcetypehostlast_seenI have a custom index: id...
by Taruchit Contributor in Splunk Search 09-11-2022
0 13
0
13
jbanAtSplunk

How to auto dynamically extract all keyN to fields?

Hi, I have a log that will dynamically add "fields" to log record based on some logic. It's syslog begging + payload ...
by jbanAtSplunk Communicator in Splunk Search 09-11-2022
0 2
0
2
Claim a $25 Cisco Store Gift Card
Help us improve the Splunk Community and complete our survey today!
Top Labels
Get Updates on the Splunk Community!

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...