Splunk Search

Ask a Question

Discussions

Thread Info

earliest and latest value from a chart

Hello community, I am searching since few days a solution to display the earliest and latest value from a chart int...

by New Member in

Account status -> bypassed, is it enabled?

Hi,We have status in one log type, where we would like to track if account is in state: bypassed Example: 2021-13...

by Communicator in

Find events that not occurred daily by servername

Hi How can I find events that not occurred daily? Here is the scenario I have two field on my logfile <servernam...

by Motivator in

rex for extract codes

hiwhat is the rex for extract all brackets contain this pattern[AB_123] [ZXY_987] 1-check all brackets if start wit...

by Motivator in

Splunk query to find amount of data purged based on retention

We know the amount of data ingested daily from the Splunk internal logs and the License dashboard, but we're trying t...

by Builder in

Comparing IP Addresses for differences

Hi All, I'm trying to create a search, to potentially be made into a monitoring rule later on. What I am trying t...

by Explorer in

Splunk DB Connect 3.6 Duplicate, Miss Data when sync a larger table around 1000 TPS

Hi,I am using splunk DB connect 2.1.4 to get data from A table in Oracle database, (table with around 1000 transactio...

by Path Finder in

wrong results for case statement with AND

I used this eval statement with AND conditions but I'm only getting result as "Public" even when the condition satisf...

by Explorer in

Validating if 100 nodes are on boarded in splunk indexes or not. If not ?

I have this task were I am successful in getting result sets from nodes that are present in my splunk instance. How...

by Path Finder in

Merge 2 queries base on id

Need some assistance from the experts. I have two queries below which I would like to merge on id. Query 1 inde...

by Loves-to-Learn Everything in

Splunk dashboard clickable table output

Hi There, I have two queries [Query 1 and Query 2]. what i am planning to achieve is that when user clicks on...

by Explorer in

How to compare values across rows and columns

I have two searches with three fields in common but two field that differ. I'm trying to find returns that don't ha...

by New Member in

Value node <query> is not supposed to have children

I'm doing a query to return the text part of the log, but when using it on my dashboard it gives this error...

by Explorer in

Field results as table column headings

A quick example; Program Name 2.04.0 2.4.3 3.4.24 4.53.5 9 Word 2 1 0 1 Excel...

by Champion in

Splunk Add-on for Check Point OPSEC LEA

I am collecting Firewall logs using OPSEC Lea app. This add on is setup on Heavyforwarder. App is setup correctly a...

by Path Finder in

Edit a lookup file through the REST API

Hello !! I am new to using splunk and would like to know if it is possible to edit a lookup file via Splunk REST AP...

by Path Finder in

Sub Search counts

I have filed called serial_id which have value ABC2022100845001 I need count with contain 45 in last 5 & 6 th byt...

by Engager in

indexing zip files status

HiI want to know when index process is done for zip files through the web ui. I have couple of huge zip files that ...

by Motivator in

Conditional execution of search

Hello All, Can someone help me to build a search query for the below use case ? My use case is to detect if any S3 ...

by Builder in

Time format & Duration Calc

Hello Splunk Community, Can anyone help me build a query based on the below; I want to convert a field (Fri Oct ...

by Path Finder in

rex for chkin chkout

Hihere is the log:23:50:26.698 app module1: CHKIN: Total:[100000] from table Total:[C000003123456] from PC123:33:39.3...

by Motivator in

splunk search returns multiple events along with matched event

Hi,I am making a search similar to this index=abc sourcetype=xyz "searchkeyword"Search result should contain only eve...

by New Member in

How to add extracted fields name as first column value

Hello Splunk Gurus, I am trying to generate tabular data for the API requests. Following is the query to extract ...

by Explorer in

Percent Change by Host and Error Type

We're ingesting Tomcat logs, and looking for items tagged [SEVERE]. I'd like to be able to pull a report of error rat...

by Engager in

Expand XML created variable to search

Hi Splunkers, Hopefully I am posting on the correct place, apologies if not!I have the following code/SPL from ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

earliest and latest value from a chart

Account status -> bypassed, is it enabled?

Find events that not occurred daily by servername

rex for extract codes

Splunk query to find amount of data purged based on retention

Comparing IP Addresses for differences

Splunk DB Connect 3.6 Duplicate, Miss Data when sync a larger table around 1000 TPS

wrong results for case statement with AND

Validating if 100 nodes are on boarded in splunk indexes or not. If not ?

Merge 2 queries base on id

Splunk dashboard clickable table output

How to compare values across rows and columns

Value node <query> is not supposed to have children

Field results as table column headings

Splunk Add-on for Check Point OPSEC LEA

Edit a lookup file through the REST API

Sub Search counts

indexing zip files status

Conditional execution of search

Time format & Duration Calc

rex for chkin chkout

splunk search returns multiple events along with matched event

How to add extracted fields name as first column value

Percent Change by Host and Error Type

Expand XML created variable to search

.conf25 Registration is OPEN!

Detecting Cross-Channel Fraud with Splunk

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

MLTK - What algorithm should I use?

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions