Splunk Search

Ask a Question

Discussions

Thread Info

splunk query to get data last two or three months in week range

Hi, I'm trying to figure out how to get data for the past few weeks and data will be filtered.week start should...

by Communicator in

splunk Waiting for queued job to start getting error for a particular user

Hi, I have splunk Waiting for queued job to start getting error for a particular user however no jobs are queued fo...

by Communicator in

Filter private ip from src AND dest

New to the community so all help is appreciated! RequirementWe have a requirement to filter some network data in a ...

by Engager in

need better option than join

Need better option to get user id from first search to populate results using the subsearch. thought join would ...

by Loves-to-Learn Lots in

Information extraction

Hi folks, Hoping you might be able to help. I've some raw logs coming in and one of the "extracted" fields is a f...

by Path Finder in

Filter out pan_traffic_start eventtype

Hi, I have installed and configured Palo Alto Addon which is creating multiple eventtypes , one of which is pan_tra...

by Explorer in

splunk search query to get data last two months every friday with in time range

Hi,Splunk search query to get data last two months data.need only every Friday data in the time range for 15 mins (i....

by Communicator in

timechart limit=0 useother=false span=2d count by serviceとしたとき、serviceごとに2日分の合計がされてしまう。

Splunk search headで以下のクエリとした場合、service毎に2日ごとに合計量が表示されてしまいます。 timechart limit=0 useother=false span=2d count by serv...

by Observer in

filed ignore textx within " "

Hello, I see following in _raw. However, when I run search with table or fields it does not display text within d...

by Explorer in

How do I optimize the query to avoid forceful termination ?

My query after finalizing for some time , gives me, The search processs with sid= was forcefully terminated because i...

by Contributor in

Join multiple lines using free text

I was trying to join multiple lines generated in /var/log/secure. I tried with transaction but looks like that doesn'...

by Engager in

Regex for field extraction with or without comma

I found that the format of a sourcetype had changed some time ago.Now I need to extract the data correctly for both c...

by Explorer in

How can i dedupe a multivalue field in props or transforms?

There are a couple of good answers here for deduping a multivalue field in a search, but how can I dedupe a multivalu...

by Splunk Employee in

Date conversion needed

Hi, I am trying to calculate age for a task. Time is in below format. What am I missing? | makeresults | eval L...

by Builder in

How do I create a query to look at multiple sources which have very similar names but with different numbers at the end?

Hi, all! Here are the sources that I want to contain at my search: - /appvol/wlp/DIVR01HK-AS01/applogs/appl.log ...

by Path Finder in

Calculating the duration

Hi, I am trying to calculate the duration of a call from the bellow search however it is appearing blank, the forma...

by Communicator in

Query

Supposed if i have huge data off employees Like name department and status (login /logout ) One person can login an...

by Path Finder in

PROPS Configuration file for data sources with timestamp more than 10 years

Hello, I am getting some error messages within my PROPS Configuration file to parse timestamp data. The sample file...

by Motivator in

Joining two sourcetypes on a common Id where the names differ

I've been looking around here and on Google but can't find an answer to this specific usecase: I have two sourcetypes...

by Explorer in

Search for users Splunk login activity for * days

Hello, I'm trying to search Splunk for user activity pertaining to logging into Splunk for X # of days. Everything ...

by Loves-to-Learn Everything in

Need Help in regex expression

Hi team, I need to fetch the 'InterfaceName' from the below payload. I built a regular expression but it is n...

by Communicator in

How do I fix my field extraction to account for whitespace in some paths

Hello I have some data in a txt file that I am working on extractions for. It extracts fine except that in some of...

by Communicator in

How to return stats from subsearch if first search returns no events

I have created a search that will trigger if no events from the following search is being returned index=ipl_prod s...

by Contributor in

identify host not in a list...

I have a query that returns a set of hosts that have an event string. index=anIndex sourcetype=aSourceType ("aStrin...

by Contributor in

How to automatically initiate second search using the results of the first search

index=logs appname="nameofapp " url=somewebsitenamestring | stats count by user | sort - count | where count > ...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

splunk query to get data last two or three months in week range

splunk Waiting for queued job to start getting error for a particular user

Filter private ip from src AND dest

need better option than join

Information extraction

Filter out pan_traffic_start eventtype

splunk search query to get data last two months every friday with in time range

timechart limit=0 useother=false span=2d count by serviceとしたとき、serviceごとに2日分の合計がされてしまう。

filed ignore textx within " "

How do I optimize the query to avoid forceful termination ?

Join multiple lines using free text

Regex for field extraction with or without comma

How can i dedupe a multivalue field in props or transforms?

Date conversion needed

How do I create a query to look at multiple sources which have very similar names but with different numbers at the end?

Calculating the duration

Query

PROPS Configuration file for data sources with timestamp more than 10 years

Joining two sourcetypes on a common Id where the names differ

Search for users Splunk login activity for * days

Need Help in regex expression

How do I fix my field extraction to account for whitespace in some paths

How to return stats from subsearch if first search returns no events

identify host not in a list...

How to automatically initiate second search using the results of the first search

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions