Splunk Search

Ask a Question

Discussions

Thread Info

Table column split

I have requirement to split the single cell into two columns, in which i need to add different search result data. ...

by Engager in

Where to find "Detected Anomaly" notable events in ITSI?

Our ITSI is showing some "Detected Anomaly" for the kpi "Index Usage". Where and how can I find the notable ...

by Path Finder in

How do I exclude Mondays from a Timechart

There are no data on Mondays so my timecharts always dip to 0. {search string} | eval date_wday=lower(strft...

by Loves-to-Learn in

Base search on a dashboard

Hello! I have been trying to make a base search on a dashboard with a time and environment input as a drop-down.It ...

by Explorer in

How to use values from inputlookup for date comparison?

Hi, I want to create a dashboard, where a user has a drop down input to select a named time frame ($value$). The s...

by Engager in

multisearch

Hi , I have 2 queries : index="bar_*" sourcetype =foo crm="ser"| dedup uid| stats count as TotalCount and inde...

by Explorer in

"What to search" is not showing.

Hey, I am working towards Slunk Fundamentals 1 and doing the eLearning assignments. Currently on Module5. I have impo...

by Engager in

Get mean response time for each endpoint in log.

I have an api which has a number of endpoint, e.g., /health, /version, /specification and so on... I have a query w...

by Explorer in

Macro for Backslash Substitution

I have a macro that adds a backslash to an existing backslash: [backslash(1)] args = arg definition = repla...

by Contributor in

Is it possible to implement base search in query with multiple appendcols

index=test sourcetype=test_access tag=prod server_name!="www.test.com" earliest=-4h latest=now | timechart eval(avg(r...

by Observer in

How to exclude combinations of values in lookup from search?

Hi, Team! I have a rule: index = example source = "Rule" | fields user, src_time, src_app, src, src_lat, src_long...

by New Member in

Stats count use last event

Hello, I'm trying to make a report to count the number of interfaces available and used. I found the query that m...

by Explorer in

outputlook with a subset of fields

I have an alert that joins RAW events with a lookup containing thresholds (and yes, it has to be a join). I would li...

by Explorer in

Matching values from two different look up tables but not combining them

Hey guys, So I have two look up tables table1 and table 2. Table 1 ID Username Fname Lname Table 2 Userna...

by Loves-to-Learn Lots in

Query for different lines with status

I have a log as a below cod:5678,status:600cod:9012,staus:600cod:1234,status:600cod: 1234,status:900cod:4987,status...

by Explorer in

stats and join not working in map search

I have a search that counts the amount of times a user runs a program, and then returns the usernames of the users wh...

by New Member in

Unable to do Lookup via Calculated Field

Hi, I am trying to do a Lookup with a calculated field. Details: I have a csv containing three coloumns:DomainNam...

by Engager in

Calculate and Chart the current status of Application

Hi Folks,I am getting the status of my applications(Server-001 and Server-002)every 15mins like the below example in ...

by Loves-to-Learn in

Fields Extraction using RegEx

Hi, i want to extract bytes fields (using the bytes values) from this: Sep 23 14:11:52 XXX.XXX.X.XX date=2021-0...

by Path Finder in

Need a regex that extracts a string from event plus 6 characters after

Dear Splunk Community, I need help extracting a string (CTJT) plus any 6 characters after. CTJT is the start of an ...

by Communicator in

Queries help - CITRIX ADC logs

Hi, recently I deploy the Splunk connect for Syslog in docker and my first candidate to use it was our Citrix ADC V...

by Contributor in

Using Machine Learning Toolkit to detect server latency

Hi I have key value that call (duration) in my application log that show duration of each job done. each day when...

by Motivator in

How to find events that have non RFC1918 addresses

Issue I'm facing: My use case is to detect a successful ssh login from an external ip_address. I have my linux lo...

by Explorer in

Handling events with DateTime or just Time in same sourcetpye

Hi, I am asking if it's possible to ingest logfiles where one logline would contain a DateTime and the following li...

by Explorer in

no data after Transaction

What could be reason that there are no data available after grouping using a transaction command? Before grouping usi...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Table column split

Where to find "Detected Anomaly" notable events in ITSI?

How do I exclude Mondays from a Timechart

Base search on a dashboard

How to use values from inputlookup for date comparison?

multisearch

"What to search" is not showing.

Get mean response time for each endpoint in log.

Macro for Backslash Substitution

Is it possible to implement base search in query with multiple appendcols

How to exclude combinations of values in lookup from search?

Stats count use last event

outputlook with a subset of fields

Matching values from two different look up tables but not combining them

Query for different lines with status

stats and join not working in map search

Unable to do Lookup via Calculated Field

Calculate and Chart the current status of Application

Fields Extraction using RegEx

Need a regex that extracts a string from event plus 6 characters after

Queries help - CITRIX ADC logs

Using Machine Learning Toolkit to detect server latency

How to find events that have non RFC1918 addresses

Handling events with DateTime or just Time in same sourcetpye

no data after Transaction

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions