Splunk Search

Discussions

Thread Info

Splunk search - is it possible to automatically expand a result property wrap?

Hi,In my query: index="my_local" | sort -DateI get a list of items, and if I look at one item (and lick "show as ra...

by Explorer in

PROPS CONF-Text file with header

Hello, I have some issues to create PROPS Conf file for following sample data events. It's a text file with header in...

by Motivator in

Password spraying search

Hi, I am attempting to create a search for a password spraying attempt. I need the IP address and Hostname made...

by Explorer in

Looking for a result each day in the week

Hello In my base search I'm looking for stores with the minimum count of 1 for 4 differend kind of errors. I count ...

by Explorer in

List of realtime searches showing deleted reports/alerts

Hi, I have the following SPL as a dashboard panel which shows realtime searches. This is so I can contact the owners ...

by Path Finder in

how to remove a portion of string

Hi all, my data as below: 11111_aaaa/ppppaaaa 1110_bb/kjm I want to remove anything after /, like this 1111...

by Engager in

Splunklib API retrieve inputlookup

Hi all, have been using the splunklib package in Python to connect to the Splunk API for some time now, and it work...

by Explorer in

How does OR work with strings?

Hello, I noticed that ... WHERE somefield = string1 OR string2 works the same way as ... WHERE s...

by Communicator in

Use two stats function with different group by

how to get this two stats result in one query (earliest=-24h@h index="s_data_sum" (type="c" OR type="s") (sourcetyp...

by Loves-to-Learn Lots in

How to search for failed login attempts?

I hate to say it, but I am a Splunk-newb. I plan on taking a Splunk course, but for now, I am just trying to get my f...

by Explorer in

Compare Multivalue Fields With Lookup

Greetings Splunkers,I've been banging my head against the keyboard to try and resolve this comparison issue, I know t...

by Communicator in

how to compare two events in one search to highlight what's changed

Hi, I am trying to compare the between two events (json format), say, I can pipe with "head 2" to output only two eve...

by Engager in

Uses Transform Field Extraction-Delimiter

Hello, I was using Transform type Field Extraction, I have an issue to select my Delimiter and facing some errors (...

by Motivator in

Check if time is within last 3 hrs

Hi all, I am looking to check if there has been a event within the last 3 hrs for three different categories. If an...

by Path Finder in

Splunk search - How to search the fields1 values contains in field2

Hi All, Hope you guys are doing fine.I do have few doubts with relates to field comparison. Please find the below sam...

by Communicator in

Edit data In Splunk

I have a data in Splunk like index="main" FnameCountryfname1USAfname1USAfname3USA I want to add and change ...

by Explorer in

How to obtain duration if the End Time is conditional?

Currently my Splunk Search is shown as below: SerialDescriptionDateTimeStartTimeEndTimeMY111Registration2021-05-01 ...

by Path Finder in

ITSI search editor hotkeys

When editing searches in ITSI, control-e expands macros and control-z undoes the last change. I know this only by be...

by Engager in

How do I do a search for multiple IP's, URL's and File Hashes

by Observer in

Event Breaking for PROPS Configuration File

Hello, Please let me know how I would break the events, write TIME_PREFIX and TIME_FORMAT for my PROPS Conf. file ...

by Motivator in

Detecting Spikes/Anomalies in Failed Logins - over time

My goal is to calculate a score of confidence based on how anomalous the amount of failed logins is compared to activ...

by Explorer in

searching a lookup table with multiple values in a field

I have a csv file that that I am using for a lookup which has multiple values in a particular field. I am trying to d...

by Path Finder in

Split without delimiter

How can I split a field, into many other fields, but without using a delimiter, and using the position range instead?...

by Engager in

How to get a predicted value from the data statistics

I want to get a predicted value from the data statistics.Is it possible to output the predicted value for each patter...

by Engager in

[Lookup] Unable to filter/display out data from modify lookup

Hi Splunkers, I have query where i want to filter out all the legitimate process by path process which ive identify...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Splunk search - is it possible to automatically expand a result property wrap?

PROPS CONF-Text file with header

Password spraying search

Looking for a result each day in the week

List of realtime searches showing deleted reports/alerts

how to remove a portion of string

Splunklib API retrieve inputlookup

How does OR work with strings?

Use two stats function with different group by

How to search for failed login attempts?

Compare Multivalue Fields With Lookup

how to compare two events in one search to highlight what's changed

Uses Transform Field Extraction-Delimiter

Check if time is within last 3 hrs

Splunk search - How to search the fields1 values contains in field2

Edit data In Splunk

How to obtain duration if the End Time is conditional?

ITSI search editor hotkeys

How do I do a search for multiple IP's, URL's and File Hashes

Event Breaking for PROPS Configuration File

Detecting Spikes/Anomalies in Failed Logins - over time

searching a lookup table with multiple values in a field

Split without delimiter

How to get a predicted value from the data statistics

[Lookup] Unable to filter/display out data from modify lookup

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions