Splunk Search

Discussions

Thread Info

Compare two indexes and report on mismatch

I'm comparing two indexes, A and B, using the hostname as the common field. My current search successfully identifies...

by Path Finder in

Using a lookup table in a base search

I have a lookup table that we update on daily basis with two fields that are relevant here, NAME and ID. NAMEIDTor...

by Path Finder in

How to get ingest volume for 1200 sourcetypes ?

i have a query that will calculate the volume of data ingested in a sourcetype-- index=federated:infosec...

by Loves-to-Learn Lots in

How to filter on KV Store lookup time-based fields using a time picker?

I have a large data set in my KV Store collections. These fields also contains time specific fields. I would like to ...

by Communicator in

Report a value from a field to another result line

Hello community, I need to set up a dashboard that tracks the status of an alert from Splunk OnCall. An alert can h...

by Path Finder in

How to find SQL Injection activity or OWASP attack through the Splunk

Hi Guys, How to find SQL Injection activity or OWASP attacks through the Splunk

by New Member in

Why are not all field values are extracted for long JSON files?

Hi, I am trying to ingest long JSON files into my Splunk index, where a record could contain more than 10000 chara...

by Path Finder in

How to Modify Multiselect Dropdown Menus for Indexes and Backslashes Using Tokens in Splunk

Hello Splunkers, I started to use splunk uni forwarder in my job and I am kinda new to systems.My dashboard working g...

by Observer in

Search generates this error - Regex: regular expression is too large

This is the search with some anonymization. index=index_1 sourcetype=sourcetype_1 field_1 IN ( [ search ind...

by Contributor in

dedup or filter row with condition

How do I dedup or filter out data with condition?For example:Below I want to filter out row that contains name="name0...

by Motivator in

The "where count" clause is showing no results

I'm trying to create an alert. The alert's query ends with " | stats values(*) as * by actor.displayName | stats coun...

by Observer in

How to join two tables for more data

Good day,I have done a join on two indexes before to add more information to one event. example get department for a ...

by Path Finder in

How to find the latest event per device

Good day,I am trying to find the latest event for my virtual machines to determine if they are still active or decomm...

by Path Finder in

How to have multiple fields (non numeric) in x-axis on a bar chart?

My Splunk Search is as follows index="someindex" cf_space_name="somespace" msg.severity="*" | rex field=msg.message...

by Path Finder in

How to write a cron schedule to run Splunk alerts biweekly on Mondays?

I have a requirement to Trigger Splunk Alerts Bi-Weekly Mondays (Not 1st and 3rd OR 2nd and 4th weeks) and if a mont...

by New Member in

Issue with StateSpaceForecast from the MLTK app

I have a dashboard that a specific team uses. Today, they asked about why one of the panels was broken. Looking into ...

by Communicator in

Regex Help

probably a basic question i have the following data 600 reason and this rex (?<MetricValue>([^\s))]+))(?<Rea...

by Engager in

Count X's in each field in a table and total them in the last column

Hello everyone, I have a table (generated from stats) that has several columns, and some values of those columns have...

by Explorer in

Yesterday data dashboard filtering -

An extension of this:https://community.splunk.com/t5/Splunk-Search/Looking-at-yesterdays-data-but-need-to-filter-the-...

by Explorer in

Lookup search wigh showing matched keyword

Hello SplunkersHow can i utilize a lookup in a correlation search showing the detected keyword in the search result ?...

by Path Finder in

Adding a Total column (without using addtotals)

Sometimes I set myself SPL conundrum challenges just to see how to solve them. I realised I couldn't do something I ...

by Splunk Employee in

how to get statistical values for different fields

I have to create a base search for a dashboard and I am kinda stuck. Any help would be appreciated. index=serv...

by Explorer in

Is there a way to monitor the number of files in the dispatch directory over time?

Hi I am looking to monitor the dispatch directory over time. I know I can get the current results by using this ...

by Influencer in

eval percent line is not producing values in the table

I am working on obtaining all user logins for a specified domain, then displaying what percent of those logins were f...

by Explorer in

How to identify a skipped scheduled accelerated report ?

I have noticed that a saved search is chronically skipped, almost 100% but I cannot trace it back to the origin.The s...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Compare two indexes and report on mismatch

Using a lookup table in a base search

How to get ingest volume for 1200 sourcetypes ?

How to filter on KV Store lookup time-based fields using a time picker?

Report a value from a field to another result line

How to find SQL Injection activity or OWASP attack through the Splunk

Why are not all field values are extracted for long JSON files?

How to Modify Multiselect Dropdown Menus for Indexes and Backslashes Using Tokens in Splunk

Search generates this error - Regex: regular expression is too large

dedup or filter row with condition

The "where count" clause is showing no results

How to join two tables for more data

How to find the latest event per device

How to have multiple fields (non numeric) in x-axis on a bar chart?

How to write a cron schedule to run Splunk alerts biweekly on Mondays?

Issue with StateSpaceForecast from the MLTK app

Regex Help

Count X's in each field in a table and total them in the last column

Yesterday data dashboard filtering -

Lookup search wigh showing matched keyword

Adding a Total column (without using addtotals)

how to get statistical values for different fields

Is there a way to monitor the number of files in the dispatch directory over time?

eval percent line is not producing values in the table

How to identify a skipped scheduled accelerated report ?

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions