Splunk Search

Discussions

Thread Info

How to write a query which take all this values and search for results in different sourcetype=source2?

index=instance1 sourcetype=source1 "Invalid-Access" | fields reqId | table reqId The above query ...

by Loves-to-Learn Lots in

How to create a search to show any amount of traffic (even if 0) passing through a list of subnets ?

As the title says, I have a list of subnets and I would like to create a search which would show traffic (using Palo ...

by Contributor in

How to use REX in a search called via REST API?

In my first post, I need to search Splunk using the REST API. How do I get the system to actually return me some r...

by New Member in

How to set an alert to fire based on lookup table value?

Hi, struggling why I can't seem to get this working. I want to have an alert evaluate to true (trigger) based on if i...

by Contributor in

How to fetch the second last word of a sentence with the Splunk regex?

My query is: Mozilla/5.0 (X11; Linux x86_64; Catchpoint) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87...

by Explorer in

What Capabilities do I need to enable so a user can change sharing permission on their searches?

by Path Finder in

How to compare value of 2 logfiles for notification?

Hi all, I'm a beginner working with splunk. I have 2 Logfiles with the same Name, but from 2 different Hosts. I wo...

by Explorer in

How to get Chrome extension list of a user?

Hi all, Hope you are well. I have a task about getting users'Chrome extension list with Splunk Search with queries....

by Engager in

Why am I unable to get Splunk Search query in Ansible Playbook (everything works with curl)?

Currently we manually monitor splunk dashboards during our deploys. We would like to automate this. For this, we woul...

by New Member in

How to write a search that divides values in two distinct tables?

Hello all, I have a scenario where I need to make calculations regarding license consumed, per host. However,...

by Explorer in

How to search not equal with multivalued?

host="SPL-SH-DC" sourcetype="csv" source="****" Severity!="Info"Severity!="low"Plugin_Name!="SSL Certificate with Wro...

by Path Finder in

How to lookup in Splunk?

Hi Team, i have one abc.csv file with only one colunm as Source_IP where values are in10.10.10.0/24 format . n...

by Explorer in

Does sort like "order by" in sql for list of fields?

Hi, I'm new to Splunk. The question I want to ask is does sort like "order by" in sql for list of fields, which divid...

by Path Finder in

How to extract all fields like DISK?

----------------------- DISK INFORMATION ---------------------------- DISK="/dev/sda" NAME="sda" HCTL="0:0:0:...

by Path Finder in

How to extract all values?

----------------------- DISK INFORMATION ---------------------------- DISK="/dev/sda" NAME="sda" HCTL="0:0:0:0" TY...

by Path Finder in

How to build a query by last date

Hello All, I need some help please. I would like to query for the last upddate. However, the field bele...

by Observer in

How to get the sum of each columns?

Hello everyone, Thanks for reading, my english is not good at all. I have this: ABCDEFG110410012022090001308...

by Engager in

Why is there a Regex Character Limitation

I have a very long regex query (12,000) character long- it consist o different hostname and IP Address combinations. ...

by Builder in

How to match my list of qualys events against the list of CVEs found in the KEV lookup?

Hi, I'm looking to match my list of qualys events against the list of CVEs found in the KEV lookup on cisa.gov. I'...

by Path Finder in

How to table a single event field joined with a multi-event field?

Hi. I am having trouble figuring out how to execute this, although it's probably simple: search 1 | field 1 | join...

by Explorer in

How to write rex so command can extract the fields from json data?

hello, Please help me with the rex commands for extracting the below fields from the json data. "resourceName" ...

by Engager in

Need Help Searching / Visualizing AWS WAF Data

Good Afternoon Splunkers, Let me start by saying that I hope this is the right sub-forum for this question. I'm wor...

by Path Finder in

How to detect a successful login after multiple failed logins?

Hello, fellow splunkers! What I am trying to do is to detect a successful login after multiple failed attempts. I'...

by Explorer in

How to use chart command to show results for only days with values?

So I'm trying to chart blocked traffic(IPs) over 7 days... the purpose to help locate beaconing traffic (this has wor...

by Loves-to-Learn in

How to sort and match column based on last 4 strings based on column1 (ref1)?

This is my first post here! _I am new and I am learning Hi Experts, I have data like below coming into a csv fi...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to write a query which take all this values and search for results in different sourcetype=source2?

How to create a search to show any amount of traffic (even if 0) passing through a list of subnets ?

How to use REX in a search called via REST API?

How to set an alert to fire based on lookup table value?

How to fetch the second last word of a sentence with the Splunk regex?

What Capabilities do I need to enable so a user can change sharing permission on their searches?

How to compare value of 2 logfiles for notification?

How to get Chrome extension list of a user?

Why am I unable to get Splunk Search query in Ansible Playbook (everything works with curl)?

How to write a search that divides values in two distinct tables?

How to search not equal with multivalued?

How to lookup in Splunk?

Does sort like "order by" in sql for list of fields?

How to extract all fields like DISK?

How to extract all values?

How to build a query by last date

How to get the sum of each columns?

Why is there a Regex Character Limitation

How to match my list of qualys events against the list of CVEs found in the KEV lookup?

How to table a single event field joined with a multi-event field?

How to write rex so command can extract the fields from json data?

Need Help Searching / Visualizing AWS WAF Data

How to detect a successful login after multiple failed logins?

How to use chart command to show results for only days with values?

How to sort and match column based on last 4 strings based on column1 (ref1)?

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions