Splunk Search

Ask a Question

Discussions

Thread Info

Why is my Splunk query not working for certain time range?

i have a query to pull out stats and counts based on incoming applictiond and request path it gave me stats when ...

by New Member in

How to search for an id where its column values does not include a certain value

Hi everyone, I am new to SPLUNK and I am trying to search for distinct IDs where its PRODUCT column does not inclu...

by Engager in

How retrieve value of second matching word?

In a log if there are two similar words with different value , how to retrieve value of second word using regex ? ...

by Engager in

How can I optimize my search to run faster?

Hello Splunkers While running the attached query, results are populating very slow. From that query i want to achi...

by Motivator in

How to display only the result corresponding to the current time?

hello From the search below, I need to display only the result corresponding to the current time It means that ...

by Motivator in

How to search multiple values using wildcard in a field?

I am producing some stats in splunk but I want to extract data for about 10 uri_method instead of 100s currently disp...

by Explorer in

Bad passwords logged in the DC Netlogon logs:

Bad passwords logged in the DC Netlogon logs: for a specific account name: index=cim sourcetype=netlogon host=*dc*...

by Loves-to-Learn Lots in

How to find time between similar events?

Hello, We are looking to create a search that will return when two similar events occur within 1 second of each ot...

by Engager in

Error auto-canceled search

Dear professional, I want to get the log size of each service in an index.This is my search string index="hcg_oap...

by Explorer in

Search for multiple apperances of a pattern in a field

Hi, is there a way to search for more than one appearance of a pattern in a string?For example:Commandcmd.exe c:\wind...

by Explorer in

Splunk Query about Port Scanning attack attempts

Hi Team, Please help me out in this case. I am searching the Port Scanning attack attempts by the following query...

by Loves-to-Learn in

How to compare the results of 2 single panel between 2 different dates?

Hi I need to compare the results of 2 single panel between 2 different dates The first single panel concerns th...

by Motivator in

Where can I start a new Splunk Search

Can you please point me to the start up screen , where I can start a new search.

by Engager in

Why does tstats returns events by sourcetype, but search doesn't?

I have been using tstats to get event counts by day per sourcetype, but when I search for events in some of the ident...

by Communicator in

How to get details of Windows servers which are not activated or failed to activate Windows via KMS server?

How to get details of Windows servers which are not activated or failed to activate Windows via KMS server? I...

by Loves-to-Learn Everything in

Use alternate field for time and filtering

I am stuck. Have tried all of the options I have found. Most come close, but cannot make it work. I collect data f...

by Contributor in

How to Parse response string value?

I have a log I am am trying to parse one of the responses Field Value Test Response Response Test Testing...

by Explorer in

How to get each where statement just to run the EVAL command that is right under the where statement?

I have code | eval m=case(minute>0 AND minute<15,15,minute>14 AND minute<30,15,minute>29 AND minute<45,30,minute>4...

by New Member in

Filtering on combination of 2 values

Hi Splunk Community, I am currently working with a search but I am trying to filter certain events out. I am trying...

by Path Finder in

How do I found max value of rex field?

I have a splunk event as follow: request-id=123 STOP method TYPE=ABC, ID=[678] --- TIME_TAKEN=1281ms I have lot ...

by Path Finder in

Using search result as object of another search in same query

I am learning Splunk (early stages). I have been playing around with this search for the past 2 hours with little suc...

by Loves-to-Learn in

How to make table in Splunk

Please provide different examples so that its very easy for us to understand.explaining the example with eval command...

by Motivator in

Could someone help me on a transpose header field

hi I transpose header field time like this | eval time=strftime(_time,"%H:%M") | sort time | fiel...

by Motivator in

How to do a timechart from a single panel result?

Hi I need to do a timechart from a single panel result In this single panel, I stats events like this ...

by Motivator in

How to create a query wit top notable event sources with HOSTNAME?

Hello Could someone help me with a query? I have this default report Top Notable Event Sources which returns me...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why is my Splunk query not working for certain time range?

How to search for an id where its column values does not include a certain value

How retrieve value of second matching word?

How can I optimize my search to run faster?

How to display only the result corresponding to the current time?

How to search multiple values using wildcard in a field?

Bad passwords logged in the DC Netlogon logs:

How to find time between similar events?

Error auto-canceled search

Search for multiple apperances of a pattern in a field

Splunk Query about Port Scanning attack attempts

How to compare the results of 2 single panel between 2 different dates?

Where can I start a new Splunk Search

Why does tstats returns events by sourcetype, but search doesn't?

How to get details of Windows servers which are not activated or failed to activate Windows via KMS server?

Use alternate field for time and filtering

How to Parse response string value?

How to get each where statement just to run the EVAL command that is right under the where statement?

Filtering on combination of 2 values

How do I found max value of rex field?

Using search result as object of another search in same query

How to make table in Splunk

Could someone help me on a transpose header field

How to do a timechart from a single panel result?

How to create a query wit top notable event sources with HOSTNAME?

.conf25 Community Recap

Splunk App Developers | .conf25 Recap & What’s Next

Congratulations to the 2025-2026 SplunkTrust!

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions