Splunk Search

Discussions

Thread Info

How to show Error inputs gracefully

How to display the error input or value errors in a pop up? I am trying to build a custom command and want to show er...

by Explorer in

How to check that a field value is unchanged in last two day or if possible two business days?

I am checking for reboot required, if yes, since how long is the status unchanged from reboot required yes. Logic I a...

by Path Finder in

How to calculate the delta between two time intervals for sending messages?

Good afternoon! We receive messages on splunk. The task is as follows: there is a time period between the first me...

by Communicator in

How to search for a string that begins with a square bracket ]?

I have a field value like this that I want to exclude. [22m[2hinfo[3: host.console[0] The sear...

by Explorer in

How do I add a string in the title of a e-mail?

"user-info"index=user_interface_type sourcetype=* | table _time, host, port, _raw | sendemail to="abc@splunk.com" sen...

by Engager in

Help with Dashboard with time span for with tstats

I am trying to build a dashboard with time input, how can I use the time selected to pass to below query? ...

by Explorer in

Chart by Duration (D+HH:MM:SS) which is in string format?

Hello, I used below to convert seconds into D+HH:MM:SS format which is now in string format. However, I want to cr...

by Explorer in

How to show output for last week?

I have spent days working on this, can someone help? how to populate previous week results? Also there are differen...

by Path Finder in

How to build a table out of this log file?

Hi, I have below log file, I would like to build a table out of it (Line1, Line2,Line3,Line4 are just for understa...

by Path Finder in

How would I extract field/value pairs from these sample events (2 sample events given below)?

Hello, How would I extract field/value pairs from these sample events (2 sample events given below)? I can use...

by Motivator in

How to make a table with columns getting results for different time ranges?

Hi All, I want to write a search which gives me total event counts for each host as per the time range picker. Addi...

by Contributor in

How to create timechart for event spikes by comparing to the previous 10 minute?

Hi all! I'm trying to create a Timechart showing only the graph bars where the number of events is 2X the number o...

by Engager in

Comparing data located in two different indexes?

Hello fellow Splunkers! So, I have a series of questions related to comparing data from two different indexes in S...

by Path Finder in

How to extract a value from a field?

Dear all I have a search that returns the description of the windows event and I would like to extract the IP addre...

by Explorer in

How to make multiple searches combine into a table?

Disclaimer - Fairly New to SplunkI'm stuck on building a table for a dashboard.I would like to list a table of Comput...

by Explorer in

How to extract a string in a variable

I have a table in which one of the columns has logs like below 2022-08-21 23:00:00.877 Warning: PooledThread::r...

by Engager in

How to search how many emails are triggered to this DL in one year?

Hi All i have an exchange onprem distribution list, lets say dl@mydomain.com i want to know how many emails are tr...

by Explorer in

How to use dynamic colors and icons for Status Indicator in Trellis layout?

Hi, how do I display my Status Indicator with dynamic colors and icons in a Trellis layout? | eval stat...

by Path Finder in

How to add a field from a subsearch to every event in a parent search?

I'm wanting to do something like this: index=main sourcetype=access_combined [ search index=myidx sourcetype=oncal...

by Communicator in

How to use a lookup file to search for ip addresses in my logs?

I have a lookup file called ipaddress.csv. The column title in the file is ipaddress. I want to search my logs for ...

by Explorer in

How do I fix low disk space in Enterprise indexer?

How do I fix low disk space in enterprise indexer. Please comment back on how to fix.

by New Member in

How can i split this field into multiple columns?

Filed name = pluginText <plugin_output>Information about this scan : Nessus version : 10.3.0 Nessus build : 2...

by Explorer in

How to display count of results based on time value in lookup file vs current time

I have a situation where I'm attempting to display a count on a dashboard of the amount of items in a lookup file who...

by Explorer in

Help on this record select

I have the record like this: _time id status 1 x yes 1 x no 2 x ...

by Explorer in

Why Error: [subsearch]: The lookup table 'dns_serves.csv' requires a .csv or KV store lookup definition?

I'm trying to exclude specific src_ip addresses from the results of a firewall query (example below). The query compl...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to show Error inputs gracefully

How to check that a field value is unchanged in last two day or if possible two business days?

How to calculate the delta between two time intervals for sending messages?

How to search for a string that begins with a square bracket ]?

How do I add a string in the title of a e-mail?

Help with Dashboard with time span for with tstats

Chart by Duration (D+HH:MM:SS) which is in string format?

How to show output for last week?

How to build a table out of this log file?

How would I extract field/value pairs from these sample events (2 sample events given below)?

How to make a table with columns getting results for different time ranges?

How to create timechart for event spikes by comparing to the previous 10 minute?

Comparing data located in two different indexes?

How to extract a value from a field?

How to make multiple searches combine into a table?

How to extract a string in a variable

How to search how many emails are triggered to this DL in one year?

How to use dynamic colors and icons for Status Indicator in Trellis layout?

How to add a field from a subsearch to every event in a parent search?

How to use a lookup file to search for ip addresses in my logs?

How do I fix low disk space in Enterprise indexer?

How can i split this field into multiple columns?

How to display count of results based on time value in lookup file vs current time

Help on this record select

Why Error: [subsearch]: The lookup table 'dns_serves.csv' requires a .csv or KV store lookup definition?

Can’t make it to .conf25? Join us online!

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!