Splunk Search

Ask a Question

Discussions

Thread Info

How to find duration between multiple events for multiple occurrences?

Hi all, I'm hoping that someone can help / point me in the right direction. I have two events which are being fed ...

by Explorer in

How can I get just one avg count per day? (With time span = 3h I get 3 counts per day)

Using the below query to get the daily avg user in during biz hours: index=pan_logs sourcetype=json_no_timestamp ...

by Explorer in

How can I modify the search to show only the host_name and the sum total of the avg_kWh column?

I have borrowed a search from an earlier question to help give kWh information on a given month. How can I modify the...

by Loves-to-Learn in

How to find changing serial numbers?

Hello Splunk Enjoyers! I have problem Information about routers arrives every minute, so What I have: name_of...

by Explorer in

How do I replace sourcetype?

Finally we migrated away for Microsoft Azure Add-on for Splunk to Splunk Add-on for Microsoft Cloud Services. In M...

by Observer in

How to search across all my data for any public IP addresses?

Hello all, I've been hoping to play around with some of the iplocation functionality and see if I could leverage i...

by Communicator in

How to customize x-axis and y-axis?

I want to create a chart that show all the services being executed and the percentage of cpu used. I tried this af...

by Explorer in

How to get the count based on sub_group?

platfrom bkc_name domain testcase_id tnl abzke hef gh_1...

by Explorer in

How to add new Lookup?

I am working to leverage the below query for 'Stale Account Usage' from Splunk Security Essentials Docs, which uses l...

by Path Finder in

Search for certain adjacent events in IIS log

Greetings, I've been asked to provide log data for a specific form that has been accessed over a certain time p...

by Engager in

How to write rex to extract string?

Hi, REX command rex mode=sed to remove quotation marks and numbers inside of them OUTPUT file "19214132.IK...

by Path Finder in

How to calculate the difference between two dates?

I have 2 dates first_found: 2022-08-23T21:08:54.808Z last_fixed:2022-08-30T12:56:58.860Z I am trying to calc...

by Explorer in

How to create a count down?

Hello, I need to create a single value panel that displays a countdown from today's date until a target date...

by Explorer in

Why am I getting the last Value column?

Dear Splunk community: So i have the following SPL that has been running fine for the last week or so however, ...

by Path Finder in

Why is my auto lookup not working as intended?

I have some searches that do not appear to be enhancing properly using the asset_lookup_by_str lookup table. In th...

by Path Finder in

Will Limits.conf on an app level overwrite the default for all apps for just the one?

Hi All If I apply a limits.conf for subsearch - maxout and searchresults - maxresultsrow for an app im deploying, ...

by Engager in

Help with Heartbeat check

Good afternoon!I have six Heartbeat messages coming from the system. All messages from the chain are connected by one...

by Communicator in

Which Condition Function for | seach based on Token should I use?

Case Scenario: Dashboard A is clicked, thus sending a token whose value is hostname ($hostnameToken$) to Dashboard...

by Explorer in

How to append a row and a column of averages?

Hi, I have a search that uses the chart command to split by 2 fields, such that the results are shown below. The data...

by Path Finder in

Using multiple time range on the same index to return different row values

Hello all, I have a report that searches for differents time range like Year to now, Month to now, Last 5 days and...

by Path Finder in

How to compare average between two non-adjacent time periods?

Hello, what' the best way to compare averages between two non-adjacent time periods. I have bunch of api call event...

by Explorer in

Thinkst Canary Alerts

Picking up my first project for SOAR detections. Asking if anyone knows groups or sites that helped them when they we...

by Engager in

How do I table multiple data into one cell?

Hello I have a little problem with Splunk! I have a table that basically contains data in the following way numbe...

by Engager in

Why does our Index firewall ingest more logs every Tuesday?

Hello One of my company's firewall ingest more logs every tuesday to splunk which makes us go over the 10G limit p...

by New Member in

Help with regex - How to exclude multiple parentheses and slashes from a field?

Is there a more elegant way to do this? New to using rex & I can’t seem to strip out the multiple parentheses and sla...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to find duration between multiple events for multiple occurrences?

How can I get just one avg count per day? (With time span = 3h I get 3 counts per day)

How can I modify the search to show only the host_name and the sum total of the avg_kWh column?

How to find changing serial numbers?

How do I replace sourcetype?

How to search across all my data for any public IP addresses?

How to customize x-axis and y-axis?

How to get the count based on sub_group?

How to add new Lookup?

Search for certain adjacent events in IIS log

How to write rex to extract string?

How to calculate the difference between two dates?

How to create a count down?

Why am I getting the last Value column?

Why is my auto lookup not working as intended?

Will Limits.conf on an app level overwrite the default for all apps for just the one?

Help with Heartbeat check

Which Condition Function for | seach based on Token should I use?

How to append a row and a column of averages?

Using multiple time range on the same index to return different row values

How to compare average between two non-adjacent time periods?

Thinkst Canary Alerts

How do I table multiple data into one cell?

Why does our Index firewall ingest more logs every Tuesday?

Help with regex - How to exclude multiple parentheses and slashes from a field?

Reduce and Transform Your Firewall Data with Splunk Data Management

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions