Splunk Search

Discussions

Thread Info

How to try to search for new MFA factors with DUO?

I'm trying to find any new MFA factors(DUO) used by any user in the past X days in order to create an alert. As an e...

by Engager in

How to compare and generate percentage from two lookup fields?

file1.csv and file2.csv with a common field of "Tests". Wanting to compare File2 field "Tests" against file1.csv fiel...

by Path Finder in

How to Extract multiple 10-digit numbers from field2

Hi, Novice splunker here. My search only extracts 1st 10-digit number and my data contains atleast 4 or more 10-digi...

by Engager in

How to calculate time difference from 2022-07-14T09:05:08.21-04:00 format

Good Day,I need help to calculate the time difference for field "@timestamp" containing time format 2022-07-14T09:05:...

by Path Finder in

How to implement alert that need to consider state of past alert?

I need to first issue an alert for overheat temperature 24 hours in advance for the affected locations, for their for...

by Communicator in

Why does Xyseries drop duplicates?

index=a host="b" source="0*_R_S_C_ajf" OWNER=dw*|eval ODate=strptime(ODATE,"%Y%m%d")|eval ODATE=strftime(ODate,"%Y-%m...

by Path Finder in

How to achieve field extraction to list domain admins from AD logs?

I have been trying to extract a field to list domain admins from AD logs. The logs have all the admins starting with ...

by Explorer in

How to transform above result into below table?

index="*dockerlogs*" source="*gps-request-processor-dev*" OR source="*gps-external-processor-dev*" OR source="*gps-ar...

by Explorer in

How to achieve conditional eval/searchmatch or subsearch result based on the value of another field?

I have a scenario where I am analyzing the format of a given string to determine what the name of the format is (e.g....

by Contributor in

How to add new fields to certain events via _meta?

Hi Splunkers, I try to get a new internal field "_application" added to certain events. So i added a new field ...

by Explorer in

Firewall logs going into separate index: Why the error "Searching - No results found. Try expanding the time range"?

Hey everyone, I've got all our firewall logs going into separate index. When I perform a search just using the ...

by Engager in

Search Stats with _raw field

Hello, In my search I'm trying to get a series of events (transact - which is in the _raw field) counted out by an...

by Explorer in

How to fix query to prevent Duplication of events when searching multi-value fields in Json using mvzip and mvexpand?

Here is a reduced version of my JSON: { records: [ { errors: 4 name: name1 plugin: p1 ...

by Explorer in

How to create a table with max and sum values

by Explorer in

How to have multiple time series charts of multiple days' temperature measurements during the days stacked for 24 hours

I want to compare the daily temperature measurements at the same period, but different days by a stacked temperature ...

by Communicator in

How I can change color of the graph as per value

Hi , I have created one graph for Success and failure result, but not able to change the color, How I can have the re...

by Explorer in

Remove segmenters in search (lispy) for Norwegian characters

Hi folks. Whenever you do a search in Splunk you can review the lispy in search.log. For example, if I search for my ...

by Builder in

How to create aa chart using xyseries command syntax?

Dears, i would like to create chart that contain two different x axis and one y axis using xyseries command but i ...

by Communicator in

How to get values from a Splunk field to particular decimals?

Hi Team,I have a field like below :Cost :0.45655345534530.00004354634660.00213456677880.0000000005657I want to get va...

by Communicator in

How to find comman value from multiple watchlist

Hi below is one of the requirement I have multiple lookuptable example number name lookuptable 1 ...

by Loves-to-Learn Lots in

Can't get past subsearch limit

I seem to be stuck with the 100 result limit for a subsearch. I've changed maxout= to 10000 in limits.conf (and resta...

by Explorer in

Whats the splunk equivalent of SQL IN clause

What is the Splunk equivalent of an SQL IN clause. I want to run a query where some field has a value which is presen...

by Explorer in

Making sense of stats results for 1 source to multiple destination

Hi All, I have this simple search that shows logins from same SRC IP to multiple Destination hosts. Can someone pls...

by Builder in

How to find common values between two searches?

I have two queries from the same set of index and app names using different search terms from which I am extracting a...

by New Member in

Any idea about the query optimization with using join or subsearch?

Hi, I am trying to get all events with two different kinds of objectname(A or B vs C) but with the same username a...

by Loves-to-Learn Lots in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to try to search for new MFA factors with DUO?

How to compare and generate percentage from two lookup fields?

How to Extract multiple 10-digit numbers from field2

How to calculate time difference from 2022-07-14T09:05:08.21-04:00 format

How to implement alert that need to consider state of past alert?

Why does Xyseries drop duplicates?

How to achieve field extraction to list domain admins from AD logs?

How to transform above result into below table?

How to achieve conditional eval/searchmatch or subsearch result based on the value of another field?

How to add new fields to certain events via _meta?

Firewall logs going into separate index: Why the error "Searching - No results found. Try expanding the time range"?

Search Stats with _raw field

How to fix query to prevent Duplication of events when searching multi-value fields in Json using mvzip and mvexpand?

How to create a table with max and sum values

How to have multiple time series charts of multiple days' temperature measurements during the days stacked for 24 hours

How I can change color of the graph as per value

Remove segmenters in search (lispy) for Norwegian characters

How to create aa chart using xyseries command syntax?

How to get values from a Splunk field to particular decimals?

How to find comman value from multiple watchlist

Can't get past subsearch limit

Whats the splunk equivalent of SQL IN clause

Making sense of stats results for 1 source to multiple destination

How to find common values between two searches?

Any idea about the query optimization with using join or subsearch?

.conf25 Global Broadcast: Don’t Miss a Moment

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions