Splunk Search

Discussions

Thread Info

Remove string from field using REX

I am trying to remove a field which has a suffix of sophos_event_input after the username. Example Username_Field ...

by Explorer in

Joining records in a table

I have an audit table with before and after records of changes made to a user table. So every time an update is made ...

by New Member in

spl2 module upload successful, and testing is also successful but it's nowhere to be found.

Am I missing something? I have vscode running splunk extension and created a simple _default.spl2nb. I'm able to te...

by Path Finder in

Splunk query to find a value outside of certain enum

I want to search the "NONE" not in 3 allowed enum value. I need to ignore the "NONE" if it is in the allowed enum. Fo...

by New Member in

Remove string from field using REX or Replace

I have a field, where all values are pre-fixed with "OPTIONS-IT\". I would like to remove this, but not sure on the b...

by Path Finder in

Create new fields using values from another field

I have a field called key. key has multivalues that are also dynamic. I have another field called values, that is als...

by Path Finder in

How to add division line on the scatter chart

Hello everyone. I want to add line as division line on the scatter chart. I'd like to know which values are in speci...

by Path Finder in

Splunk user last login Time through LDAP

I have a requirement where I want to see all users and their last login time, we are connected through Ldap so settin...

by Communicator in

Is there a way to group the data by time and another field?

I was able to write a query that group by api (msgsource) to show the response times, but I am trying to see if I can...

by Explorer in

input lookup

Hi All, I have an input lookup file with 2 fields first filed contains some path and the second filed is an httpco...

by Loves-to-Learn Lots in

Best Search Performance when adding filtering of events to query

I am looking for the best way in terms of performance when adding filtering of certain events for security rules. Nor...

by Path Finder in

How do you use the Database Connect Alert Action?

Hello, I have Database Connect setup and it's working all fine. But I can't wrap my head around how the Alert Actio...

by Path Finder in

Sum of Multivalue (list) Items

Given this search result:Company A Visa 15 MC 5 ...

by Explorer in

SOCKS proxy traffic

Hi everyone and thanks in advance. I'm trying to collate all our SOCKS traffic on our network over the last 90 days...

by New Member in

Splitting an event into multiple events to conform to a data model

I have events already in an index looking like this: { "location": "Paris", "temperature": 25, "humi...

by Splunk Employee in

strptime() returning UNIX epoch time adjusted by timezone

Hi everyone.I'm trying to link my dashboard to a separate platform and the url of this new platform needs to contain ...

by Path Finder in

Why history command only shows my searches, not searches run by all users?

I want to see all the searches that are run on Splunk server in a given time by different users. I am using the “|His...

by Explorer in

loadjob command not working

I have a need to share high level metrics (via tstats) from a couple of indexes that a few of my teammates do not hav...

by Path Finder in

Need help with running Rest API to pull results of a Splunk query to a third party server

I am running a rest APi basically curl to query Splunk for results and export them to the server. below is my api qu...

by Path Finder in

Create table from nested array of json objects that includes lookup value

I have an event that looks as follows: { "app_name": "my_app", "audit_details": { "audit": { "responseContentLe...

by Explorer in

Eval token to be used inside panel

Hi everyone.I have a panel that contains a list of links to other dashboards. I need to create a new list item with a...

by Path Finder in

Correlating two events based on extracted field values

There is a process I'm trying to track. It starts by generating a single event. Then asynchronously a second event is...

by Engager in

how to do a match field between index and summary index Finding match TraceID

Without using a SubSearch since there is a limit of 10000 resultsindex="xxxx" field.type="xxx" OR index=Summary_index...

by Communicator in

Convert Regex to Detect Internal Domains

This may not be the best place to ask given my issue isn't technically Splunk related, but hopefully I can get some h...

by Path Finder in

Issue with NetFlow v9 Templates Not Received by Splunk Stream – Flows Being Dropped

Hi Splunk Community, I'm currently integrating Flowmon ndr as a NetFlow data exporter to Splunk Stream, but I’m enc...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Remove string from field using REX

Joining records in a table

spl2 module upload successful, and testing is also successful but it's nowhere to be found.

Splunk query to find a value outside of certain enum

Remove string from field using REX or Replace

Create new fields using values from another field

How to add division line on the scatter chart

Splunk user last login Time through LDAP

Is there a way to group the data by time and another field?

input lookup

Best Search Performance when adding filtering of events to query

How do you use the Database Connect Alert Action?

Sum of Multivalue (list) Items

SOCKS proxy traffic

Splitting an event into multiple events to conform to a data model

strptime() returning UNIX epoch time adjusted by timezone

Why history command only shows my searches, not searches run by all users?

loadjob command not working

Need help with running Rest API to pull results of a Splunk query to a third party server

Create table from nested array of json objects that includes lookup value

Eval token to be used inside panel

Correlating two events based on extracted field values

how to do a match field between index and summary index Finding match TraceID

Convert Regex to Detect Internal Domains

Issue with NetFlow v9 Templates Not Received by Splunk Stream – Flows Being Dropped

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!