Splunk Search

Discussions

Thread Info

Using transaction command to group jobs together based on different Statuses.Multiple startwith and endswith transaction

Ideally, JOB should start with Status as either RUNNING or STARTJOB or maybe both and it can end with either status a...

by Engager in

multisearch not allowing dedup individual search

I have two searches that I wanted to do some filtering before doing multisearch, Is that not possible? my code look...

by Communicator in

Splunk Alert to Incident add-on multiple results

Hello All, I have a simple search for the alert: Index="vpn" message="recently failed"|table _time, host,message ...

by Observer in

How do I search for business hours or non-business hours during the month?

I would like to search for business hours(09:00 ~ 18:00) or non-business hours(18:00 ~ 09:00) during the month. How d...

by Explorer in

Creating Custom IP reputation Check

Hello guys, I am fairly new to splunk, and i wish to create a system where i can extract unique client ips from our o...

by Engager in

Sync Max Y Value Between Different Charts

Hi everyone. I have three charts in a panel in a Simple XML dashboard and I'm trying to programmatically (i.e., with ...

by Explorer in

sub search does not return string on splunk 8.1.4

I get number from subsearch but get null for string like below on splunk 8.1.4.I found the splunk answer that resolve...

by Explorer in

JSON nested field extraction

I have the following JSON: { "kind": "report", "id": { "time": "2021-12-24T15:45:01.331Z", }, "events": [ { "pa...

by Explorer in

token passage

Hi , I have requirement like there two panels, in which the 1st one has success and failure as a column name and on...

by Engager in

How could I exclude the selected fields like "host", "source","sourcetype" in the event column which is displayed on the

Hi, all! I wish to display the event without the fields like "host", "source", and "sourcetype" like the photo belo...

by Path Finder in

How to write a search where if a specific value for FIELD1 is present in subsearch results, run Search1, but if not, run Search2?

I have a search which has a field (say FIELD1). I would like to search the presence of a FIELD1 value in subsearch. I...

by Communicator in

How to create a query to track received and sent bytes transferred daily through a VPN tunnel?

I am trying to write a query to calculate the amount of bytes received and sent per day from one of our firewalls at...

by Engager in

regex to find a word in a string and validate numeric value (followed by a %) is above 80%

i would like to find a query where it is looking for the word 'DISK' & ##% is above a certain percentage. i have t...

by Path Finder in

Get count of multiple fields in a single column using STATS or any other

HI, I have events in splunk, where two fields description and msg denotes error messages. When I try to use to belo...

by Explorer in

Export unlimited results from CLI search - not working

Hi. I am running a Splunk query from the CLI and would like to export the results as rawdata to a file. When I speci...

by Builder in

User gets subsearch error in a dashboard in one app but not the default search app

I have one user out of many that gets a red triangle error on a dashboard panel inside an app that uses a subsearch a...

by Path Finder in

splunk query to get data last two or three months in week range

Hi, I'm trying to figure out how to get data for the past few weeks and data will be filtered.week start should...

by Communicator in

splunk Waiting for queued job to start getting error for a particular user

Hi, I have splunk Waiting for queued job to start getting error for a particular user however no jobs are queued fo...

by Communicator in

Filter private ip from src AND dest

New to the community so all help is appreciated! RequirementWe have a requirement to filter some network data in a ...

by Engager in

need better option than join

Need better option to get user id from first search to populate results using the subsearch. thought join would ...

by Loves-to-Learn Lots in

Information extraction

Hi folks, Hoping you might be able to help. I've some raw logs coming in and one of the "extracted" fields is a f...

by Path Finder in

Filter out pan_traffic_start eventtype

Hi, I have installed and configured Palo Alto Addon which is creating multiple eventtypes , one of which is pan_tra...

by Explorer in

splunk search query to get data last two months every friday with in time range

Hi,Splunk search query to get data last two months data.need only every Friday data in the time range for 15 mins (i....

by Communicator in

timechart limit=0 useother=false span=2d count by serviceとしたとき、serviceごとに2日分の合計がされてしまう。

Splunk search headで以下のクエリとした場合、service毎に2日ごとに合計量が表示されてしまいます。 timechart limit=0 useother=false span=2d count by serv...

by Observer in

filed ignore textx within " "

Hello, I see following in _raw. However, when I run search with table or fields it does not display text within d...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Using transaction command to group jobs together based on different Statuses.Multiple startwith and endswith transaction

multisearch not allowing dedup individual search

Splunk Alert to Incident add-on multiple results

How do I search for business hours or non-business hours during the month?

Creating Custom IP reputation Check

Sync Max Y Value Between Different Charts

sub search does not return string on splunk 8.1.4

JSON nested field extraction

token passage

How could I exclude the selected fields like "host", "source","sourcetype" in the event column which is displayed on the

How to write a search where if a specific value for FIELD1 is present in subsearch results, run Search1, but if not, run Search2?

How to create a query to track received and sent bytes transferred daily through a VPN tunnel?

regex to find a word in a string and validate numeric value (followed by a %) is above 80%

Get count of multiple fields in a single column using STATS or any other

Export unlimited results from CLI search - not working

User gets subsearch error in a dashboard in one app but not the default search app

splunk query to get data last two or three months in week range

splunk Waiting for queued job to start getting error for a particular user

Filter private ip from src AND dest

need better option than join

Information extraction

Filter out pan_traffic_start eventtype

splunk search query to get data last two months every friday with in time range

timechart limit=0 useother=false span=2d count by serviceとしたとき、serviceごとに2日分の合計がされてしまう。

filed ignore textx within " "

Fun with Regular Expression - multiples of nine

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

What’s New & Next in Splunk SOAR

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions