Splunk Search

Discussions

Thread Info

How to combine a range of multiple IP address and compare it to a variable

So, I have multiple ip addresses i want to combine them using regex or normal by supplying dashes and compare them to...

by Explorer in

Splunk Query Task

I want Splunk query related to:1. Firewalls availability2. Endpoint protection availability For my own work, you ca...

by New Member in

Field Extraction using Regex

Hi There, In my logs, the specific field "Other Parameters" contains a lot of logs. I want it to extract the logs a...

by Contributor in

Splunk Cloud: Increase limit in field extraction from JSON

I am using Splunk Cloud and I have defined a sourcetype (from the UI) of category Structured and Indexed Extractions ...

by Engager in

Convert UTC time to EPOCH

Hi Team, I am finding a way to convert UTC to EPOCH and vice versa for my search query Sample is here -...

by Loves-to-Learn Lots in

How to automate the export of search results from cloud ITSI to an on-prem server

How may I automatically generate a file on an on-prem server from the results of a search query

by Engager in

Regex to match lines with multiple src_ip

Hello, To pull in specific events in splunk i am trying to write a regex to identify lines that matches both the c...

by Path Finder in

How to split a single line which contains multiple field values separated by spaces into multiple fields in Splunk?

I have a csv file query as follows :- | inputlookup file_1.csv which gives the result as follows in a sin...

by Builder in

How to fetch and compare unique id's from different events in Splunk query

Hi team, I am creating a query to fetch a unique id from different events which are having different statuses....

by Communicator in

Convert Splunk results from spl to JSON before 8.2

Hello everybody, I'm using an spl query that extracts some values from a lookup and sends them to a web API via POS...

by Explorer in

how multiple sourcetype stats

There are multiple sourcetypes in index="main".I'm trying to stats at SOURCETYPE number one and I need a field of sou...

by Path Finder in

Unable to initialize modular input "validation_mi"

I'm unable to use the Validate & Package function of Add-on builder. When I run it, it says 'preparing validation' th...

by Engager in

How to calculate average of response time in seconds

Hi, I need to calculate average of response time in seconds for my application. Query i am using index="pro...

by Engager in

Why aren't all my field extractions working?

Hi, I'm having an odd issue. I made some field extractions and validated them through Regex101. However only some o...

by Communicator in

Difference between two fields from two events based on condition

I have two events as below - event 1 "id=1 api=xyz apiResTime=50" event 2 "id=1 api=x...

by Observer in

Sorting the fields based on values in a row

This is my splunk query index=xxxxx "searchTerm")|rex "someterm(?<errortype>)" | timechart count byerrortype sp...

by Explorer in

Taking Value of One Field, Adding Text, And Comparing Against Another Field

Greetings, I want to exclude search results if a field contains a value compared against another field with additio...

by Path Finder in

change table view

Helloi have a table that looks like this : and i want it to look like this: so the type values...

by Communicator in

Table not generated with join subsearch

Hi, We are sending a reduced size logs to out splunk to do some smarts. We realized for the past year or so one of ...

by Explorer in

Search in splunk with string having " and /

Hi, I want to search "xyzetc\";0, ---this is my string . Unable to search this exact pattern...

by Loves-to-Learn in

How to calculate percentages with multiple count function？

I'm trying to calculate percentages based on the number of events per vary group. There are actually a lot of events,...

by Explorer in

using transaction in subsearch to define earliest latest in mainsearch

I want to use the subsearch to get start and endtime of the newest transaction (here a botsession). The subsearch a...

by Path Finder in

sort table values by table values

Hello I have a table with 3 columns 1 is strings and 2 columns with numbers is there a way to sort the table ...

by Communicator in

Need to get all the values in piechart

Hi, Current piechart In the above piechart highlighted cities details are not displaying.have to use mouse...

by Engager in

Filter data from showing up

Hi Guys, I would like to check if it's possible to prevent some data from showing up in the search. Below is what ...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to combine a range of multiple IP address and compare it to a variable

Splunk Query Task

Field Extraction using Regex

Splunk Cloud: Increase limit in field extraction from JSON

Convert UTC time to EPOCH

How to automate the export of search results from cloud ITSI to an on-prem server

Regex to match lines with multiple src_ip

How to split a single line which contains multiple field values separated by spaces into multiple fields in Splunk?

How to fetch and compare unique id's from different events in Splunk query

Convert Splunk results from spl to JSON before 8.2

how multiple sourcetype stats

Unable to initialize modular input "validation_mi"

How to calculate average of response time in seconds

Why aren't all my field extractions working?

Difference between two fields from two events based on condition

Sorting the fields based on values in a row

Taking Value of One Field, Adding Text, And Comparing Against Another Field

change table view

Table not generated with join subsearch

Search in splunk with string having " and /

How to calculate percentages with multiple count function？

using transaction in subsearch to define earliest latest in mainsearch

sort table values by table values

Need to get all the values in piechart

Filter data from showing up

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

October Community Champions: A Shoutout to Our Contributors!

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions