Splunk Search

Discussions

Thread Info

Extracting Account Name:

Oct 28 20:08:57 XXX.XXX.com Microsoft-Windows-Security-Auditing[4]: EventID: 4663 An attempt was made to access an ob...

by Engager in

Why is this "earliest" not working?

index=myindex | eval createdepoch = strptime(created, "%Y-%m-%d")| eval _time = createdepoch| search earliest=-90d@d ...

by Explorer in

Convert point in time events to timeseries with Data points

I have the following data. That I am trying to convert to a time series by Type with the last Status brought forward....

by Engager in

rex operation -- Regex: syntax error in subpattern name (missing terminator)

Hi, I'm continuously receiving the error Regex: syntax error in subpattern name (missing terminator) when attemptin...

by New Member in

how to exclude the subsearch result from main search

hello, Can anyone tell me how to exclude the subsearch result from main search?I want to exclude the result that fa...

by Explorer in

Evalaute field from different areas

Hi, I would like to determine a field from different areas of a log. eg see below for my expectations. Note: You c...

by Engager in

Calculate sum of duration for Sub calls

I have data in the following structure received for every event. Some events have just one or two sub calls and some ...

by Explorer in

How to add new data in lookup from SPL query output ?

My lookUp is a KV Store lookup. It has three column 'is_active' , 'user', 'robot'.I have a SPL query that gives me ...

by Contributor in

Account deleted query

| datamodel "Change_Analysis" "Account_Management" search | where 'All_Changes.tag'="delete" AND 'All_Changes.user'!=...

by Engager in

Can you use an if statement for the value of two different fields?

Hello, I'm a bit new to Splunk, so I'm still learning. I have created two fields, an opscounter, and a deopcounte...

by Observer in

Regex expression to extract fields

I have two fields below that show up in our log files. I used Splunk tool to create the Regex to extract the fields ...

by Explorer in

mvexpand multi-value fields when not null

Hi all. I'm trying to create a table from AWS WAF logs. There is a section of the log that is called ruleGroupList{...

by Engager in

Search help - find total sum of lengths of array

My current search returns a series of events like: {'field1' : {'field2' : [obj1, obj2, obj3]}} {'field1' : {'fi...

by Loves-to-Learn in

Filtering out HTTP/1.1 200 logs from being forwarded to splunk.

Hi, We have a large amount of data in /opt/app/axtract_fe1/var/log/apache2/main_collector_access-*.log file, and we...

by Loves-to-Learn in

command "where" not working

the "where" command checks only one condition doesn't work like that my search: . . . . | where NOT (id_old...

by Communicator in

How do I properly configure schedule search/cron/alert times?

This question is based on a comment from @woodcock on this post: https://community.splunk.com/t5/Splunk-Search/Wh...

by Path Finder in

Test

by Explorer in

Subsearch in splunk

Is there any way we can add some filter in subsearch savedsearch so that we wont skip any data/records as its limitin...

by Observer in

search user check

It is necessary to check if the user is in the index in this file or not. If not, then add to the file, if it is in t...

by Communicator in

extract errorcode

Hi Here is th e log: 2021-10-26 08:17:19,117 WARN AbCD-App2-0000 [SqlExceptionHelper] SQL Error: -268, SQLState: ...

by Motivator in

How to chance color of the row based on field name

Hi experts, i have below table.. how do i change background colour of the row where error Categories = Total_error_...

by Explorer in

How to pass Input Tokens as arguments to custom search - js-python script

Dear community, I have been trying to integrate splunk for my scripting purpose for some time now and it's time to ...

by Explorer in

How to split the call based on TimeTaken

I would like to create a Pie chart to show how many calls took less than 100ms, 200ms, and 300ms. index=star env=p...

by Explorer in

extract all "cause by"

Hi I have lots "Caused by:" in (single or multiple) events How extract all line that contain "Caused by:" like...

by Motivator in

How can I generate a search to find hosts which are missing a certain sourcetype?

I have a sourcetype which is a log created by the AV application on the host. I would like to find hosts which are mi...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Extracting Account Name:

Why is this "earliest" not working?

Convert point in time events to timeseries with Data points

rex operation -- Regex: syntax error in subpattern name (missing terminator)

how to exclude the subsearch result from main search

Evalaute field from different areas

Calculate sum of duration for Sub calls

How to add new data in lookup from SPL query output ?

Account deleted query

Can you use an if statement for the value of two different fields?

Regex expression to extract fields

mvexpand multi-value fields when not null

Search help - find total sum of lengths of array

Filtering out HTTP/1.1 200 logs from being forwarded to splunk.

command "where" not working

How do I properly configure schedule search/cron/alert times?

Test

Subsearch in splunk

search user check

extract errorcode

How to chance color of the row based on field name

How to pass Input Tokens as arguments to custom search - js-python script

How to split the call based on TimeTaken

extract all "cause by"

How can I generate a search to find hosts which are missing a certain sourcetype?

Wrapping Up Cybersecurity Awareness Month

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

What's New in Splunk Observability - October 2025

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions