Splunk Search

Discussions

Thread Info

How to add a toggle to hide/unhide fields in a table in Splunk Dashboard?

I am working on a dashboard that has a bunch of field and will be used by multiple teams and people who will be needi...

by Explorer in

Search/Job missing in job_manager

I currently do a search monthly for searches/jobs that take a long time. I then look up the job and if there is an al...

by Explorer in

Query src + dst subnet and action

Dear all, I'm trying to search for denied actions in a subnet, regardless if it is the source or destination. I...

by New Member in

Saved Search Scheduling

I have a saved search which is scheduled but it is not showing and not running at the scheduled time.

by Contributor in

Regex to find Multi Line pattern

Hi, I am having some problem to understand How to fetch multiline pattern in a single event. I have logfile in wh...

by Observer in

Extract fields with specific value where multiple combination of "value" exists for same "Key"

I've the below event, where I need to display only event which has action=test and category=testdata. test { l...

by Path Finder in

Add latest field with a filter to table that also displays unfiltered rows

Hi All, newbie here - Sorry if my subject is poorly worded, I'm a little confused! I'm trying to add a field to the...

by Engager in

Is it possible to match a multivalue field containing regex variables to another field

Hello, My team has a search that uses a field called regex, containing a load of different regex expressions to ma...

by Engager in

Grouping by the words in a field

HI,I have a below query, I want to group and count by two different words, one group per word, in a field "text1.valu...

by Loves-to-Learn in

Calculate duration between 2 events everytime those events occur

Hello, I am looking to calculate how long it takes to refresh the view using the time of the events "End View Refre...

by Explorer in

rex help...

Greetings, Please help!! I need to extract the ID value from the two events below, and I’m kinda banging my hea...

by Path Finder in

How to Splunk query to split values of multiple dictionary within a list

Query is to retrieve failed test case matching with exception message. Out of 6 failed test case, one test as excepti...

by Explorer in

Splunk query optimization

Hello Splunker!! Could you please help me to optimize below query ? Customer saying dedup is taking so much resour...

by Motivator in

Trying to look for sessions with login and logout requests

Hello, I'm just trying to learn SPL and am currently trying to find all sessions with login and logout requests, id...

by Engager in

How to find out Server Uptime & Downtime

Hi All I am trying to find out Server Up time & Downtime or offline However i am using the below command whic...

by Path Finder in

Chart with Multiple fields on Y axis and time in X axis

Hello, I would like to create chart with multiple fields in Y axis and time in x axis, Y axis - FIELD_01 FIELD_02 F...

by Contributor in

splunk threat intelligence taxii data

Hi everyone, I have configured otx alienvault taxii source in Threat Intelligence Management, as I can see in logs so...

by Explorer in

Top 10 for each date

I have below splunk which gives result of top 10 only for a particular day and I know the reason why too. How can I t...

by Explorer in

convert eval into search using AND...

Hi All, i have this calculation and at the end iam using where to get only what i need. splunk suggests that put t...

by Path Finder in

Health Check of Servers after patching

Hi , I want to ask community how you do health check of servers after patching? Is there any automation you hav...

by Observer in

How to deal with Logon/Logoff scatterd over multiple events

I have onboarded data from a system, that scatters actual events over many logging events. Especially successful or ...

by Path Finder in

Internal index data and performance data is missing

To investigate the issue of missing data in Splunk for a period of 3-4 hours, where gaps were observed in the _intern...

by Motivator in

Append a lookup value from csv to a chart table

I am looking to append a value in a lookup csv to an existing search index=* |fields _time,x |chart count(_raw...

by Observer in

please excuse... as it is very basic... AND in search or WHERE..what is diff

Hi All, Thanks for your time. I am sorry in advance as this is very basic question. just started exploring the sea...

by Path Finder in

How do you get a Saved Search to ignore a specific automatic lookup?

How do you get a Saved Search to ignore a specific automatic lookup? The reason for wanting to do this is because t...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to add a toggle to hide/unhide fields in a table in Splunk Dashboard?

Search/Job missing in job_manager

Query src + dst subnet and action

Saved Search Scheduling

Regex to find Multi Line pattern

Extract fields with specific value where multiple combination of "value" exists for same "Key"

Add latest field with a filter to table that also displays unfiltered rows

Is it possible to match a multivalue field containing regex variables to another field

Grouping by the words in a field

Calculate duration between 2 events everytime those events occur

rex help...

How to Splunk query to split values of multiple dictionary within a list

Splunk query optimization

Trying to look for sessions with login and logout requests

How to find out Server Uptime & Downtime

Chart with Multiple fields on Y axis and time in X axis

splunk threat intelligence taxii data

Top 10 for each date

convert eval into search using AND...

Health Check of Servers after patching

How to deal with Logon/Logoff scatterd over multiple events

Internal index data and performance data is missing

Append a lookup value from csv to a chart table

please excuse... as it is very basic... AND in search or WHERE..what is diff

How do you get a Saved Search to ignore a specific automatic lookup?

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions