Splunk Search

Discussions

Thread Info

How do I correlate time events from separate indexes?

I want to create alert when user approve MFA from different IP than the one he used prior to connection to VPN. So I'...

by Loves-to-Learn Lots in

How to query a lookup table using the REST API?

Hi guys, I have a Splunk scheduled search which is producing a list of URLs that need to be used by another system...

by Explorer in

How to join 2 searches based on time range?

Hi all, We have events in a single index for flows into and out of a gateway, I’m trying to link an incoming event...

by Explorer in

How to get average for some fields but not all?

Hi, I would like to get the average of multiple fields in the same row but not all, would anyone be able to advise...

by Explorer in

How to check which all logs are getting ingested and if there are any gaps in it?

Hi, I have to do gap analysis on splunk in order to check which all logs are getting ingested and if ther...

by New Member in

How to Parse EMR Log to generate table output?

I have a log events (each about 260 lines) related to our AWS EMR Cluster 'performance' metrics. It seems it's just a...

by Path Finder in

Can we base on trend percent to set Coloring with Dynamic Trend in Dashboard?

With below setup, we can setup the single value dashboard with dynamic coloring change while trendValue change. "...

by Path Finder in

How to write this cron?

Hello Is it possible to use a cron that runs a seach every hour ten minutes after hour and just between 7 AM and 1...

by Motivator in

How to get list of users with user account created date and email associated to it?

Hi All , The requirement is to get all usernames , username created date and email associated to it as below user...

by New Member in

How to display SPL to chart events?

I have a search I can compose using multiple appends and sub-searches to accomplish, but I assume there's an easier w...

by Communicator in

Where do I locate the Splunk default commands?

What is the location of Splunk commands like inputlookup,lookup,mvexpand,multikv,split,stats,eval,chart,tstats in spl...

by Explorer in

How to get alerts when event X isn't followed by event Y within a certain length of time?

I need an alert where you get this message "Attempting to send email to:<email>" but you don't ever get the message "...

by Path Finder in

How to change colors of bars in bargraph chart based on their numerical value?

I'm trying to create a column chart (bar graph) in my Splunk (v8.1.3) dashboard that shows the availabilities of a gi...

by Path Finder in

Why is the Join Operation Is not working properly?

I am seraching as below but my join operation is not bringing results from the join for only couple of imei/records. ...

by Observer in

How to able Formatting _time to be used in the timepicker?

Hi everyone, Pretty new to Splunk and would really appreciate your insight on my current project. Currently creati...

by Path Finder in

Does this mean that _raw cannot be used with tstats?

Hi Splunkers,in my tasks I performed an exam of some already Splunk searches and one of these is about a Log4j vulner...

by Path Finder in

Having trouble with rex command

I have below raw string 03 Mar 2022 10:08:18,188 GMT ERROR [dbdiNotificationService,ServiceManagement] {} - C...

by Explorer in

How to display the results matching the same fields as another fields?

Hi All, I was working on a case where i have 2 fields extracted as "actordisplayName" & "targetUser" in the same r...

by Explorer in

How to have exclude weekend in the splunk dashboard as a input button?

Hi Folks, I have been working on a dashboard that displays result as a timechart grouping by days. I see results ...

by Explorer in

Is there a way for me to read the contents of the script from the search bar?

we have a dashboard that checks endpoint health and creates a message, "Endpoint XYZ is available" The source is a...

by Explorer in

Please help with Date extraction from below string

i have system column "_time" with below output 2022-03-16 11:12:18.723i would like segregate date and time by rex com...

by Explorer in

How to create drilldown from a table with time in order to display more details?

hello As you can see, I use a table with one hour bin span and I need to drillwown on every row in order to displa...

by Motivator in

How to create search for CPU linux to load average?

Hi , I need the help to write splunk query for calculating CPU Linux load average for last 1,5 and 15 mins. I have...

by Explorer in

How to view only one data in graph when there is a list ?

I have list of items plotted in line graph which is basically time-series data. I would like to have an option to sel...

by Loves-to-Learn in

How to write this complex search displayed with a transpose _time command?

Hello I use a complex search with display results ordered by time in a table As you can see the time period is...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do I correlate time events from separate indexes?

How to query a lookup table using the REST API?

How to join 2 searches based on time range?

How to get average for some fields but not all?

How to check which all logs are getting ingested and if there are any gaps in it?

How to Parse EMR Log to generate table output?

Can we base on trend percent to set Coloring with Dynamic Trend in Dashboard?

How to write this cron?

How to get list of users with user account created date and email associated to it?

How to display SPL to chart events?

Where do I locate the Splunk default commands?

How to get alerts when event X isn't followed by event Y within a certain length of time?

How to change colors of bars in bargraph chart based on their numerical value?

Why is the Join Operation Is not working properly?

How to able Formatting _time to be used in the timepicker?

Does this mean that _raw cannot be used with tstats?

Having trouble with rex command

How to display the results matching the same fields as another fields?

How to have exclude weekend in the splunk dashboard as a input button?

Is there a way for me to read the contents of the script from the search bar?

Please help with Date extraction from below string

How to create drilldown from a table with time in order to display more details?

How to create search for CPU linux to load average?

How to view only one data in graph when there is a list ?

How to write this complex search displayed with a transpose _time command?

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions