Splunk Search

Discussions

Thread Info

How to show lookup value if not present in subsearch

Please help!I have a lookup table and some data in two different indexes. Please help with a search that will produce...

by Path Finder in

Need more training with Searching

Good Afternoon, So I've recently been hired on as a Splunk admin/analyst. The scope of my job really relies on my...

by Engager in

User Account Logged On For More Than 12 Hours

Hi , I am trying to figure out how to write a query to create an alert that will alert me whenever a user is logged o...

by Engager in

macro with parameter as eval-base definition

My main query looks like:...| stats min(_time) AS SESSION_START_TIME max(Source_Network_Address) AS EMP_SRC_IP...| ev...

by Path Finder in

Enable input in dashboard for client server

In above image i couldn’t able to access the date input,It’s actually a client server as user I couldn’t able access...

by Path Finder in

If a field contains in an eval statement

My data is like this illustration purposes only: LocalIp aip10.10.10.1192.168.1.110.10.10.2172.58.100.4110.10.12.38...

by Path Finder in

How to setup DOD CAC Login for Splunk Web

I have been asked to ensure that the DOD CAC can be used to log into the Splunk Search Heads. Does anyone know how to...

by Contributor in

Events from windows and linux without domain name

Hello, I would like change bare host name to host name with a domain name. According to all articles I have change...

by Engager in

Combining 3 data sources with rolling ID

Hi, various tables from a database are read by Splunk. I need to combine fields from all 3 datasources. The ID-fiel...

by Explorer in

Warn and Error messages below search bar

While most Warn and Errors show up on the Job dropdown (1) some are also displayed in an area right below the search ...

by Path Finder in

Top 10 of a top 10

Hello there, I want to make a top 10 of applications based on top 10 of categories. Here is an example: Categor...

by Explorer in

timechart command with subsearch yields no results after update to 8.2.4

Hi all, I have been using a subsearch in a timechart command to dynamically select the correct span. The query looks ...

by New Member in

Splunk Query

If i have n numbers of router in my index and i want to know the current status of router if its connected or failed...

by New Member in

How to find who deleted the file from a folder?

Hello,Can someone please help me with a query to find who deleted the files of users (user=x, y, z) from a folder. in...

by Path Finder in

How to add field from different event for data model purpose

Is there a way to add a field to an event from a different event assuming they have a common key using a simple searc...

by New Member in

SSO login banner when using a CAC

I've been able to configure SSO for CAC via Apache proxy and everything works fine. I'm trying to figure out how to d...

by Explorer in

Can search time limit be applied by index?

Can a search time limit be applied differently by index rather than by role? Currently, we have a search roll limi...

by Path Finder in

Need to modify the search by eliminating append commands.is it possible?

index IN (A,B) sourcetype IN (A,B) earliest=-12h latest=@m| transaction UUID keepevicted=true| eval ReportKey="Today"...

by Path Finder in

lookup CSV file and then search server disk performance

Hi All, I have done a index search for disk data and then lookup to the CSV to check as per the Application which s...

by Loves-to-Learn Lots in

fields are not extracted properly

recently we onboarded these logs but most of the fields are not extracted though these values are mentioned with =. I...

by Engager in

manipulating different table rows

Hi, I want to create the following excel table using splunk. The first 3 columns are based on the output of a quer...

by Engager in

Exclude empty fields from search

Dear Splunk Community, I'm trying to extract a list of changed fields, but they should only be listed if they have ...

by Explorer in

seperate fields of events by pipes

Hi I have events like this: 1900/10/26| 1900/10/25|333|CHECKOUT |U |2222|00...

by Motivator in

Usecase of integrating Splunk with ETL

Hi what is the usecase of integrating Splunk with ETL tools? Send splunk data to ETL? Send ETL data to splunk? ...

by Motivator in

How to get count of repeated, unique and total values by group?

Hi I am working on query to retrieve count of repeated, unique and total visits by user through different channels....

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to show lookup value if not present in subsearch

Need more training with Searching

User Account Logged On For More Than 12 Hours

macro with parameter as eval-base definition

Enable input in dashboard for client server

If a field contains in an eval statement

How to setup DOD CAC Login for Splunk Web

Events from windows and linux without domain name

Combining 3 data sources with rolling ID

Warn and Error messages below search bar

Top 10 of a top 10

timechart command with subsearch yields no results after update to 8.2.4

Splunk Query

How to find who deleted the file from a folder?

How to add field from different event for data model purpose

SSO login banner when using a CAC

Can search time limit be applied by index?

Need to modify the search by eliminating append commands.is it possible?

lookup CSV file and then search server disk performance

fields are not extracted properly

manipulating different table rows

Exclude empty fields from search

seperate fields of events by pipes

Usecase of integrating Splunk with ETL

How to get count of repeated, unique and total values by group?

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions