Splunk Search

Ask a Question

Discussions

Thread Info

Comparing Latency from a Subnet to 3 different destinations and output the best option.

I am testing network latency from various subnets to 3 different VCenters. The output gives me 3 results per subnet ...

by Explorer in

command to know what splunk apps/add-ons I have access to ?

Is there any way to know what splunk apps/add-ons I have access to ?Like using rest command or any other SPL ?

by Contributor in

Export dilldown search with variables substituted

Hi Team, I have a query related to drilldown searches of notables. I want to export/show results of drilldown searc...

by Explorer in

Understanding the LOOKUP command

Hi, I'm a bit confused with the lookup command, I.e the syntax. lookup <lookup-table-name> <lookup-field1> AS <...

by Path Finder in

splunk

I have a csv file which has field Account and it has over 1000+. In my logs it is named as yourAccount. how do i find...

by Explorer in

Regex help

Hi, Can someone help with the regex for below log entry, i need regex to extract the below fields in red. Thanks fo...

by Path Finder in

How to search custom IOC file

Hi All, I'm new to Splunk. I'm not much familiar with the query search and lookup files. I have a custom IOC file ...

by New Member in

Search result limit

Hello dears, How can i change search result limit ? At this moment, max 10K line shown..

by Explorer in

contains on lookup table

Hello All, I have a quick question about comparison fields from a lookup table. Just imagine that I have a query l...

by Engager in

inputlook

I have a inputlookup search where I am looking to do a current count vs four week average count. My search is set up ...

by Explorer in

stats, eventstats,streamstats which one return max field by second field?

hihow can i show max duration per servername? index="my-index" | rex "duration\[(?<duration>\d+.\d+)"| rex "id...

by Motivator in

Null value for Country when using iplocation

Hi, When using iplocation to get the Country list ,maximum i am getting null values for Country. How to get the e...

by Engager in

Extracting Source Network Address from Windows Logs

Im working on extracting Source Network Address's from Splunk I've spent the past few hours defining my query and aft...

by Explorer in

How do a search with a string comma separated values ?

Hello team! How are u? I have a question about how to search with a comma separated values: Example: I have...

by Explorer in

how to expand multiple ip addresses on more fields?

Hi, i have more ip address in a field like this: host | IP h1 10.0.2.2; 10.0.2.1 h2 ...

by Engager in

Search between specific time range

Hi, Due to come compliance issue, there is a need to search for logs from 10pm to the following day 10am. This has ...

by Engager in

Searching ranges of event codes from windows event logs

A user within my organization was attempting to search for various windows events that indicated that somebody modifi...

by Path Finder in

Query email sent success or failed

Please suggest a splunk query to find whether email abc@def.com successfully sent emails or any emails failed between...

by Engager in

Search in two table

Hi,I have two table.The first have few ip what i switched dotdecimal splunk_server="xyserver" index...

by Explorer in

Remove original and duplicate items from a query

Hi, from two columns, in order to create a report, i need to remove the elements that are present twice, not only rem...

by Engager in

Grouping of value

Hello guys, I need help building the query for this value to group it like the output I have given below. Current...

by Explorer in

Null value for Country when using iplocation

Hi, When using iplocation to get the Country list ,maximum i am getting null values for Country. How to get the e...

by Engager in

How to find rolling average for last7 days and fill the time gaps where there is no event in last 7 days

Hello, I have a requirement to find the rolling average and variance % as per below requirement. If there is no ev...

by Path Finder in

How can I use the IN operator after tstats to see if a list of strings exists in a field?

Hi, I want to change this first (sanitized) query to use a data model instead but I'm unsure how to incorporate "[fie...

by Engager in

extract errors from unstructured log file with rex

HiI have several unstructured log file that need extract error messges with rex spl command. 1-what is the optimize...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Comparing Latency from a Subnet to 3 different destinations and output the best option.

command to know what splunk apps/add-ons I have access to ?

Export dilldown search with variables substituted

Understanding the LOOKUP command

splunk

Regex help

How to search custom IOC file

Search result limit

contains on lookup table

inputlook

stats, eventstats,streamstats which one return max field by second field?

Null value for Country when using iplocation

Extracting Source Network Address from Windows Logs

How do a search with a string comma separated values ?

how to expand multiple ip addresses on more fields?

Search between specific time range

Searching ranges of event codes from windows event logs

Query email sent success or failed

Search in two table

Remove original and duplicate items from a query

Grouping of value

Null value for Country when using iplocation

How to find rolling average for last7 days and fill the time gaps where there is no event in last 7 days

How can I use the IN operator after tstats to see if a list of strings exists in a field?

extract errors from unstructured log file with rex

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions