Splunk Search

Discussions

Thread Info

How to optimize the query that hits disk usage when computing with stats and percentage?

index=A host="bd*" OR host="p*" source="/apps/logs/*" | bin _time span="30m" | stats values(point) as point values(pr...

by Path Finder in

Help with search with the next x amount of commands

Hi all, Is there a possibility that when you've made a query with the hits you want, that also the next x amounts ...

by Engager in

Help with Field Extraction from Complex json files

Hello, is there any way we can extract fields from this sample data, any help will be highly appreciated. Thank...

by Motivator in

How to find ip addresses which have both received and sent a message?

It is sort of like multiplying the set with itself and getting a subset in mathematical term. my data is sth ...

by Explorer in

How to use stats command with eval function and distinct function on two separate columns?

Hi everyone, StateIDAPP_timeINFOABCCar19/08/22 19:51INFOABCCar19/08/22 19:52INFODEFCar20/08/22 19:53INFOZZZBo...

by New Member in

How. to replace string if preceded or followed by particular characters?

Given the below example events: Initial event: [stuff] apple.bean.carrot2donut.57.egg.fish(10) max:311 min 15 a...

by Explorer in

Lookup files permissions- Is there a way to view lookup file without changing permission in GUI?

Hi All,I am trying to view a lookup file that has the sharing set on this app only from another app than it is define...

by Explorer in

Update kvstore based on recalculated metrics?

I have a kvstore like below populated with about 1mil rows. _keynamecount1count2calculated_number1calculated_numb...

by New Member in

How to get stats by month?

Hi, I have my current search giving below output, I want to have stats listed by Month. Can someone help on this on...

by Path Finder in

Searching for multiple strings within all fields of index

Hi I'm trying to search for multiple strings within all fields of my index using fieldsummary, e.g. index=c...

by Explorer in

How to write a Regex to capture the Path(\Απεσταλμένα) and Subject (TYPICAL MAIN SHELF)?

I want to capture the Path (\Απεσταλμένα) and Subject (TYPICAL MAIN SHELF) . I am using below regex Subject\W\s(?<Su...

by Engager in

How to extract the 3 words after [yyy] using regex?

Hi, I need help to extract the 3 words after [yyy] using regex, True [xxx] [yyy] Issue with ios phone 11 Fa...

by Path Finder in

How to rename a value in a table?

Hi, Is there a way to rename a specific value in the column of the table. For example:

by Path Finder in

How to extract the userID?

Hi I want to extract the unique user ID for the users that are successfully logging in the KTB system [2/11/00 ...

by Explorer in

Compare values of most recent event to event before -- Show only the difference?

How do I compare the values of the most recent event to the event before that and show only the difference? ...

by Explorer in

How to get the chart of count and percentage by- in one column?

So i am representing endpoint url (y-axis) and http status code (x-axis). I can show the count of each url & statu...

by Path Finder in

Field values from look up to query?

Hi All, I have one dashboard in that I am fetching the results from a input look up file. I am getting the result...

by Path Finder in

How to find the top 10 events within 24 hours?

Hi, I am new to Splunk, I would like to create a command where it can find top 10 events happened within 24 hours. in...

by New Member in

How to return string in macro after some logics

I have following eval based macro to return a string, in the end I am expecting macro to return something like "earli...

by New Member in

How to create table using nested json?

Hi All I have a nested JSON in my log event. On that basis, I have to create a dynamic table. {status: FINISHED d...

by Explorer in

How to get the combinations of a set of values?

Given a set of values (e.g. A,B,C) in a multi-value field, I want to get all the combinations that can be generated b...

by Path Finder in

How to limit number of column in xyseries with TOP or RARE?

Hi, I'm building a report to count the numbers of events per AWS accounts vs Regions with stats and xyseries. It wo...

by Explorer in

Why am I getting inconsistent stats?

I am befuddled why the below two searches return different counts for the same period of time. The tstats one returns...

by Builder in

How to fix "no module named splunklib" error for python splunk sdk on Windows?

reated splunk python script and set splunk web on "data input" and added all procedures but my script is not runnin...

by Path Finder in

Any guidance on CyberArk TA v1.2 Installation?

Hello, I need some guidance to install CyberArk TA in a single-server SPLUNK enterprise environment. How would I p...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to optimize the query that hits disk usage when computing with stats and percentage?

Help with search with the next x amount of commands

Help with Field Extraction from Complex json files

How to find ip addresses which have both received and sent a message?

How to use stats command with eval function and distinct function on two separate columns?

How. to replace string if preceded or followed by particular characters?

Lookup files permissions- Is there a way to view lookup file without changing permission in GUI?

Update kvstore based on recalculated metrics?

How to get stats by month?

Searching for multiple strings within all fields of index

How to write a Regex to capture the Path(\Απεσταλμένα) and Subject (TYPICAL MAIN SHELF)?

How to extract the 3 words after [yyy] using regex?

How to rename a value in a table?

How to extract the userID?

Compare values of most recent event to event before -- Show only the difference?

How to get the chart of count and percentage by- in one column?

Field values from look up to query?

How to find the top 10 events within 24 hours?

How to return string in macro after some logics

How to create table using nested json?

How to get the combinations of a set of values?

How to limit number of column in xyseries with TOP or RARE?

Why am I getting inconsistent stats?

How to fix "no module named splunklib" error for python splunk sdk on Windows?

Any guidance on CyberArk TA v1.2 Installation?

Can’t make it to .conf25? Join us online!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Detection: Kerberos User Enumeration

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!