Splunk Search

Discussions

Thread Info

Why is Splunk search returning additional results not specified in Lookup table?

I have a query to search particular event id's from Active Directory and see what Targets these apply to. Instead of...

by Explorer in

Is there a way to timechart format like this?

Is there a way to make a timechart like this in splunk? I really don't need the number values on the y axis I mostly ...

by New Member in

How to escape special character through regex

Hi experts, I wanted to escape the backslash "\" from the below logs, and capture the status code. The output should ...

by New Member in

After splunk job failed, we are unable to fetch the every 5 mins history data.

@links to members 'search earliest=-10m latest=now index= 'xyz' (host=abcd123 or host=abcd345) TxnStart2End| re...

by New Member in

Why is my search returning error?

I'm trying to run the following commands on an index: | eval elast=strptime(lastSeen,"%Y-%m-%d %H:%M:%S")...

by Explorer in

Help with Splunk query for battery status, cpu usage, disk space

Hi, Please indulge me as I am relatively new to Splunk. I wish to create a query or report I can run on demand ...

by Explorer in

How to only show only unique values over timeseries data with stats

I have a time series data source where an alert writes an event indicating that the number of systems an account is l...

by Contributor in

Querying when the last time, an event was seen from various hosts in the system

How to know the last event's time from each of the hosts in the system?. The output can be of the below format? ho...

by Path Finder in

Is there a possibility to find out the list of curl commands executed in the Splunk using spl

Hi Community, We have encountered a weird case with the curl command. One of the users was running a curl comma...

by Contributor in

Why has field extractor incorrectly mapped the fields or shows same value for multiple fields?

I have a long event which I tried to extract fields from, using splunk's extract additional fields feature. I cho...

by Communicator in

How to correlate to multi-value fields from one event?

Hello, I have logs where there are multiple values for two fields. This data looks like this example below for ea...

by Engager in

How to extract the last three digits after the ">" sign, and than the summation of those values?

Hello, I have a search that prints out a list of numbers in this format. [144 ==> 143][145 ==> 144][144 ==> 145...

by Path Finder in

How to convert `_time` to the column and `host` as an index while using `mstats`?

How to convert `_time` to the column and `host` as an index while using `mstats`? | mstats avg(_value) prestats=t...

by Explorer in

How to subsearch/multisearch date based on minimum of main search?

lets say I have a subsearch or multisearch. I want to have my subsearch/multisearch date to be 30 days before the ...

by Communicator in

How to do the below search without having to use a second lookup with the header being host

I have this search where the splunk_check_hostnames.csv is a single column of hostnames with hostname as the header. ...

by Contributor in

How to implement a Splunk query that is based on if the other Splunk query result exist or not

Hello, I am trying to develop a splunk query. But the query that needs to be run is based on another SPlunk quer...

by Loves-to-Learn in

Lookup file: Why does scheduling the report diff in limitations from running it in free form search?

I have a lookup file that I am generating with a query. The query results in ~59,000 rows currently. If I run the...

by Path Finder in

Why are indexed real-time searches not returning results?

I have a Splunk Enterprise cluster (version 8.1.3) that for some reason, is not returning any results for indexed rea...

by Explorer in

How to create a regex that gives the count, if the url string has two question mark symbols (not consecutive though)?

Hi Experts, I have an issue with the search string, I have a url text like below and I need to filter that ou...

by New Member in

How to get a stats count on multiple fields in a table sorted by count?

Hi All, I am trying to get the count of different fields and put them in a single table with sorted count. stat...

by Explorer in

How to search a splunk search result?

I have a macro named X that uses the lookup in the search and produces the results as follows indexes index IN...

by Builder in

Streamstats command issue with splunk version 8.2.4

We are seeing strange behavior after updating Splunk from 8.0.4.1 to 8.2.4. The major issue is with all queries tha...

by Path Finder in

What are the types of sample logs dump similar to tutorialsdata.zip for exploring splunk search options?

Hi, I am looking for various types of sample logs dump similar to tutorialsdata.zip for exploring splunk search o...

by Explorer in

How to extract string from lookup field?

Hi, I need to extract a string from a field in a lookup. need to extract between <query> and <query> and ...

by Communicator in

Why is Lookup definition in transforms.conf not returning results?

I have created a lookup in the LOOKUP folder placed in local. Post that I defined the lookup in transforms.conf. T...

by Loves-to-Learn in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why is Splunk search returning additional results not specified in Lookup table?

Is there a way to timechart format like this?

How to escape special character through regex

After splunk job failed, we are unable to fetch the every 5 mins history data.

Why is my search returning error?

Help with Splunk query for battery status, cpu usage, disk space

How to only show only unique values over timeseries data with stats

Querying when the last time, an event was seen from various hosts in the system

Is there a possibility to find out the list of curl commands executed in the Splunk using spl

Why has field extractor incorrectly mapped the fields or shows same value for multiple fields?

How to correlate to multi-value fields from one event?

How to extract the last three digits after the ">" sign, and than the summation of those values?

How to convert `_time` to the column and `host` as an index while using `mstats`?

How to subsearch/multisearch date based on minimum of main search?

How to do the below search without having to use a second lookup with the header being host

How to implement a Splunk query that is based on if the other Splunk query result exist or not

Lookup file: Why does scheduling the report diff in limitations from running it in free form search?

Why are indexed real-time searches not returning results?

How to create a regex that gives the count, if the url string has two question mark symbols (not consecutive though)?

How to get a stats count on multiple fields in a table sorted by count?

How to search a splunk search result?

Streamstats command issue with splunk version 8.2.4

What are the types of sample logs dump similar to tutorialsdata.zip for exploring splunk search options?

How to extract string from lookup field?

Why is Lookup definition in transforms.conf not returning results?

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!