Splunk Search

Ask a Question

Discussions

Thread Info

Convert years month days to Days

Hey, Can anyone help me convert Age to Days? Have trouble parsing and calculating. Sample Data Age 2 year...

by New Member in

Search peer and search process errors

hello, Our physical servers had to restart and as such the splunk servers dropped. we are now having issues o...

by Communicator in

How to pass the search results to an email body by using sendresults

I am using "sendresults" command and pass the search results to an email body template; however, the search results d...

by Path Finder in

macro with calculated parameters

I am trying to assign a value to a parameter in a macro that is based on a calculation of a value being sent to the m...

by Path Finder in

lookup table to search lookup table?

I have been trying to figure out why this doesn't work. |inputlookup ioc_domain.csv | table query | search NOT [inp...

by Engager in

Using variables with IN and LIKE functions

I am using Splunk Enterprise V8.2.3.2. I am trying to alert when a scheduled search becomes disabled. The problem is ...

by Explorer in

how to have one droplist input used for 2 panels with adding suffix for one panel?

Hi,Splunkers, I have a dashboard with 2 Panels， which share one droplist input. droplist has name/values as A...

by Communicator in

Join multiple events and separate timestamp fields

I've been having difficulty with this for a while and looking for some help. I'm attempting to find users logging ...

by Engager in

rex to extract duration

HiHow can I extract duration with below condition? (it is important to check these condition to find correct match)1)...

by Motivator in

How to get ServiceNow to create an event ticket

Can someone help me to get ServiceNow to create an event ticket every time my Splunk alert gets triggered? I had foll...

by Engager in

count value not returning

Hi, I'm Trying to calculate success percentage, for that I'm taking total and request count. but, I'm unable to get...

by Explorer in

How to search for values greater than 10 in the results?

I am working on the query that generates a table with count of security violations. I want to filter our the users wi...

by Path Finder in

how to change the lables of x axis of a bar graph

Hi all, I have to plot a bar graph in which duration in hours will be in x axis and number of tasks will be in y ax...

by Communicator in

Group by a substring within a event results

I am actually new to splunk and trying to learn . Is there a way to group by the results based on a particular string...

by Engager in

uncommon data in lookup files

Hi Team, could you please help to get below query: I have 2 lookup files. I want to fetch uncommon data from...

by Path Finder in

Display table base on the if condition

Hi, I want to count the LOGLEVEL only for weekdays. If there's not logs then the query should return '0'. Can you...

by Explorer in

how to check if several strings in chart

I want to check in some strings are exist in a column and if they are I want to add another column with the type of t...

by Observer in

Exclude main search events when JOIN event gives no results

Dear Splunk Community, I have the following query. The main query looks for errors in certain log files. If they ar...

by Communicator in

How to show lookup value if not present in subsearch

Please help!I have a lookup table and some data in two different indexes. Please help with a search that will produce...

by Path Finder in

Need more training with Searching

Good Afternoon, So I've recently been hired on as a Splunk admin/analyst. The scope of my job really relies on my...

by Engager in

User Account Logged On For More Than 12 Hours

Hi , I am trying to figure out how to write a query to create an alert that will alert me whenever a user is logged o...

by Engager in

macro with parameter as eval-base definition

My main query looks like:...| stats min(_time) AS SESSION_START_TIME max(Source_Network_Address) AS EMP_SRC_IP...| ev...

by Path Finder in

Enable input in dashboard for client server

In above image i couldn’t able to access the date input,It’s actually a client server as user I couldn’t able access...

by Path Finder in

If a field contains in an eval statement

My data is like this illustration purposes only: LocalIp aip10.10.10.1192.168.1.110.10.10.2172.58.100.4110.10.12.38...

by Path Finder in

How to setup DOD CAC Login for Splunk Web

I have been asked to ensure that the DOD CAC can be used to log into the Splunk Search Heads. Does anyone know how to...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Convert years month days to Days

Search peer and search process errors

How to pass the search results to an email body by using sendresults

macro with calculated parameters

lookup table to search lookup table?

Using variables with IN and LIKE functions

how to have one droplist input used for 2 panels with adding suffix for one panel?

Join multiple events and separate timestamp fields

rex to extract duration

How to get ServiceNow to create an event ticket

count value not returning

How to search for values greater than 10 in the results?

how to change the lables of x axis of a bar graph

Group by a substring within a event results

uncommon data in lookup files

Display table base on the if condition

how to check if several strings in chart

Exclude main search events when JOIN event gives no results

How to show lookup value if not present in subsearch

Need more training with Searching

User Account Logged On For More Than 12 Hours

macro with parameter as eval-base definition

Enable input in dashboard for client server

If a field contains in an eval statement

How to setup DOD CAC Login for Splunk Web

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions