Splunk Search

Discussions

Thread Info

How to correct the time in the "elapsed_Time" field?

index="SOMETHING" earliest=-30d@d| stats earliest(_time) as action_StartTime latest(_time) as action_EndTime| eval e...

by Engager in

How to optimize this search ?

Hi,I have an SPL, which should exclude the ip values from 4 lookups. So i tried it with a subsearch approach. But thi...

by Path Finder in

How does Splunk calculate Time to Triage?

How does Splunk calculate Time to Triage, what data does it use? e.g. time an event occurred and time the event was p...

by Observer in

Why do I need a | when using a macro with a generating command?

I have a macro that starts with a search command. When I ran it, I noticed I was getting a different number of resul...

by Explorer in

Help with a simple search

I am trying to do a search where by: index=firewall (src_ip=172.16.0.0/12) dest_ip!(172.16.0.0/12) | table s...

by Engager in

Why is search for multiple Windows events failing?

I am running Splunk Enterprise and am trying to create a dashboard panel "Events" search string that pulls multiple W...

by Path Finder in

How to calculate the percentage increase (or decrease) in each error/success code based on previous hour?

Team, I have below timechart which is counting http error/success codes for a span of 1hr. Now I need to calcu...

by Explorer in

How to create a table to show all the values from the below log lines?

Log Lines are as given belowReports obtained. MyId=NameOne, sId=s0, Reports=true, LogString= url=status.com, Type=bas...

by Engager in

How to represent two fields values in row wise and one field value column wise in Splunk table?

HI, I am trying to recreate the same structure in Splunk which was created in excel. I have five fields week, tota...

by Path Finder in

How to Work Around Distinct 10K Limit

Hi, trying to get stats of user search stats. I'm struggling trying to workaround the 10K limit with distinct , stats...

by Contributor in

Getting error while accessing Splunk dataset- How do I fix?

Getting error : "The lookup table 'Horizon_Feb_2022.csv' requires a .csv or KV store lookup definition."while running...

by Explorer in

Need to add the lookup for existing query and show the status

I have the stores and I want to check the status of store whether it is up or down i want to show the status with hel...

by Path Finder in

Help with search that creates Table with host, sourcetype, sample event or log

Hi Splunkers, I need to make a statistical table to show me the hosts and each sourcetype that it generates and th...

by Path Finder in

Is there a way to send full dashboard results with CSV file not PDF file?

Dears, Is there a way to send the dashboard results by use CSV file rather than PDF? Regards

by Explorer in

How do I Display fields in a table after stats command?

Working with some Apache logs. I am trying to get a table that displays the uri, the clientip, and the number of time...

by Explorer in

What's the lifespan of the new created fields? Will be available after re-login and available to all users?

Hello Splunk Community! Regarding extract new fields in splunk search, what's the lifespan of the new c...

by Explorer in

REGEX - Replace numbers with an asterisk, multiple apperances

Hi, I am trying to find a way to replace numbers in strings with an asterisk, if they are concatenated with one, and ...

by Explorer in

How do I add the time zone after the time in the field?

Hello,Good Day! I having the values in the field Data As shown below 2022-05-31 10:18:09 emea...

by Path Finder in

How to Evaluate a field from the list of another search and create a table

There are two queries `query 1` will give ID, TIME fields `query 2` will give list of SPECIAL_ID I want to c...

by Engager in

How to extract a multi value field called "GroupName" from my JSON data via the Field extractor IFX?

Hello, Can someone pls guide how to extract a multi value field called "GroupName" from my JSON data via the Field e...

by Builder in

How to build a query which would take input CSV file and search for logs?

I am importing signin logs from azure and I want to built a query which should take input from a csv file (appid) ...

by New Member in

How to only allow token authentication for REST API?

Is it possible to only allow REST API access with token authentication and not username:password? Is there a confi...

by Path Finder in

This delim in my query is not working, how could I possibly solve this problem?

Hello everyone. I'm fairly new to Splunk, I've recently joined a job as a security analist in a SOC where I get to ...

by Explorer in

Find similar pattern in query- which one it used most?

Hi I have table like below, each word is parameter of a search query, now want to know which of them mostly use? ...

by Motivator in

tstats - Why won't Job finalize/ takes a long time to finalize?

Search job won't finish and causing resource drain on shared indexers and ES.I am suspecting I might not be using 'ts...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to correct the time in the "elapsed_Time" field?

How to optimize this search ?

How does Splunk calculate Time to Triage?

Why do I need a | when using a macro with a generating command?

Help with a simple search

Why is search for multiple Windows events failing?

How to calculate the percentage increase (or decrease) in each error/success code based on previous hour?

How to create a table to show all the values from the below log lines?

How to represent two fields values in row wise and one field value column wise in Splunk table?

How to Work Around Distinct 10K Limit

Getting error while accessing Splunk dataset- How do I fix?

Need to add the lookup for existing query and show the status

Help with search that creates Table with host, sourcetype, sample event or log

Is there a way to send full dashboard results with CSV file not PDF file?

How do I Display fields in a table after stats command?

What's the lifespan of the new created fields? Will be available after re-login and available to all users?

REGEX - Replace numbers with an asterisk, multiple apperances

How do I add the time zone after the time in the field?

How to Evaluate a field from the list of another search and create a table

How to extract a multi value field called "GroupName" from my JSON data via the Field extractor IFX?

How to build a query which would take input CSV file and search for logs?

How to only allow token authentication for REST API?

This delim in my query is not working, how could I possibly solve this problem?

Find similar pattern in query- which one it used most?

tstats - Why won't Job finalize/ takes a long time to finalize?

See just what you’ve been missing | Observability tracks at Splunk University

Weezer at .conf25? Say it ain’t so!

How SC4S Makes Suricata Logs Ingestion Simple

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions