Splunk Search

Discussions

Thread Info

How to sort a field list which below with an uppercase letter followed by "- N"?

hi I need to sort a field list which below with an uppercase letter followed by "- N" How to do please?

by Motivator in

Why is there a Splunk server Service NS page error?

When I navigate to https://<splunk-server>:8089/ServiceNS I am running into an error. When I go to other pages..."/se...

by Explorer in

How to create a search that should map a session from an internal application to the corresponding VPN session?

Hey guys, I`m trying to create a search that should map a session from an internal application to the correspondin...

by Observer in

How create a search that should map a session from an internal application to the corresponding VPN session?

Hey guys, I`m trying to create a search that should map a session from an internal application to the correspondin...

by Observer in

How to take precision of decimal point for a particular field?

Hello experts,I Just want my field `snow_os_version` to be up to 2 decimal points like the first entry should only b...

by Explorer in

Why is Splunk Search Not Working Properly?

When we are doing searches on Splunk we are encountering a strange issue. For example, when I add sc4s_fromhostip=......

by Explorer in

How to combine two reports if only one report has a timestamp?

Hi Team, I have two reports where one report(report1)has timestamp field where other report(report2) doesn't ha...

by Loves-to-Learn Everything in

How to search to match 2 fields from my raw events with 2 fields from a CSV file and output to a different field?

Hi, how do i craft a search to match 2 fields from my raw events with 2 fields from a CSV file and output if one of ...

by Builder in

How to drop certain username from search?

Hi Guys, I am trying to do a search and also at the same time drop certain information from showing up.As seen from t...

by Engager in

How to take output from a lookup and feed it to another lookup and append the results?

Hi, Let's say I have a Company directory lookup (e.g. Company_Directory) and I want to lookup the entire hierarchy ...

by Builder in

How to complete search string in lookup?

Hi we have a microservices based system and have several services running , the developers put unti a lookup table...

by Explorer in

How to create a search to subtract a token from the previous value in a row

Hello, I need to build a search where I can subtract a token from the previous value in a row. Example I k...

by Explorer in

Why does index creation via Java SDK returns null value?

Hi colleagues, I am trying to create index using the Java SDK for Splunk and to reset the "FrozenTimePeriodInSecs" pr...

by New Member in

How to do field extraction using transform?

Hello Experts, I am facing difficulty at index time fields extraction. My sample log file format: Time s...

by Path Finder in

Is it possible to create a custom script that is a search command that can take in the search's results?

Is it possible to create a custom script that is a search command that can take in the search's results, do something...

by Path Finder in

How to extract value and type in a search?

payload: Message { channel=EMAIL , type=security_event_postinfection_admin , locale=it_IT , recipientAddress...

by Explorer in

How to change the index time as filename timestamp?

Hi Team, I have indexed the file as current timestamp but would like to execute the query by taking the filenam...

by Loves-to-Learn Everything in

How to get Dedup results by specific date?

So I am looking for the number of a specific event (sign-ins) deduped by a user, which is simple. The challenge I am...

by Explorer in

How to create an override?

Following the override documentation, I am confused... When creating an override, and the pop up box appears, do y...

by Explorer in

How to exclude weekends from last 30 days search ?

My query essentially goes thru every event and picks a field with response_time. And then calculates the average valu...

by Contributor in

How to Extract values from one index and see if similar matches exists in other indexes?

Hi,I need to extract host values from one index (index=1) and see if there are similar matches that exists in other i...

by Path Finder in

What is the ServiceNow table name to pull service tickets data using ServiceNow add-on?

The predefined table names in the add-on doesn't list the service ticket related table name, hence wanted to know the...

by Communicator in

Iteration with macro: How to declare a variable in Macro?

Hi Experts When using the following eval, I would like to declare a variable in macro as in create_var(3). | ev...

by Explorer in

Why does the field town not exist in my events when using input text token in my search?

Hello I use an input text token in my search like this town=$town$ By defaut, town = * The problem is tha...

by Motivator in

How to create a search to detect if no increase in the count of fields?

hi,can anyone help me how should I query the counts of kafka_datatype of those stream_type which Im going to set an ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to sort a field list which below with an uppercase letter followed by "- N"?

Why is there a Splunk server Service NS page error?

How to create a search that should map a session from an internal application to the corresponding VPN session?

How create a search that should map a session from an internal application to the corresponding VPN session?

How to take precision of decimal point for a particular field?

Why is Splunk Search Not Working Properly?

How to combine two reports if only one report has a timestamp?

How to search to match 2 fields from my raw events with 2 fields from a CSV file and output to a different field?

How to drop certain username from search?

How to take output from a lookup and feed it to another lookup and append the results?

How to complete search string in lookup?

How to create a search to subtract a token from the previous value in a row

Why does index creation via Java SDK returns null value?

How to do field extraction using transform?

Is it possible to create a custom script that is a search command that can take in the search's results?

How to extract value and type in a search?

How to change the index time as filename timestamp?

How to get Dedup results by specific date?

How to create an override?

How to exclude weekends from last 30 days search ?

How to Extract values from one index and see if similar matches exists in other indexes?

What is the ServiceNow table name to pull service tickets data using ServiceNow add-on?

Iteration with macro: How to declare a variable in Macro?

Why does the field town not exist in my events when using input text token in my search?

How to create a search to detect if no increase in the count of fields?

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions