Splunk Search

Ask a Question

Discussions

Thread Info

Hosts event search by lookup table

Hi all, I have created a lookup table and imported it into SPLUNK. It has 2 columns, one called hosts the other cal...

by Engager in

Splunk Enterprise Security Content Management blank

Hello, I performed a "fresh" installation of ES 4.6.1 in a search head cluster through deployer. Splunk app version...

by Engager in

Quick Reference Guide Card

Hoping to find some physical copies of the Quick Reference Guide on card stock. I was hoping they would be available...

by Path Finder in

Find all newer events logged by application after a certain date

Question: How can we find diff between log statements before and after a given date. Applicability: Let's say we rel...

by New Member in

Get difference of occurence between 2 different day/months/years/date ranges

Hi all, First post here - So I'm a Splunk beginner & recently got this tricky task. So let's say I have these row...

by Explorer in

Like Command with special charecter

Hi Team, I am trying to run below query .. now here problem is its not showing any "Blocked" data .. its showing o...

by Engager in

Query with Thousands IDs in searche whit OR

Hello, i need help. I have 6500 IIN (like id) and put this id to lookup then tried search: index=alfa [|inputlookup...

by Explorer in

Query with Thousands of "OR"s

Greetings, I want to know the least resource intensive way of searching thousands of URLs in one search. So what I...

by Builder in

How to lookup match on IP return user value within event?

Hi, I have a lookup table that consists of 1 column. It contains IP addresses. I have search against an index t...

by Contributor in

Recurring JOIN

I have an index1/source1/sourcetype1 of events that is several "million" records each day. I have a second index1/sou...

by Contributor in

how to search a service that not running on certain hosts

Dear Community, I am writing a search for windows services. I am trying to find out the number of hosts that havin...

by Explorer in

How do I find the queries & searches an App makes in ES or Splunk Enterprise? Thank u in advance for any help.

In order to administer ES better am trying to find the queries, searches an app makes in addition to what data models...

by Builder in

MITRE_ATTACK intelligence download has failed error. Please help. Thank u in advance

I get "intelligence down load of "mitre_attack" has failed. On this date. Multiple reties has failed. I checked the U...

by Builder in

How to list multiple fields results for multiple fields by hosts.

Hi, I'm pretty new to Splunk and I'm creating a dashboard for one of my environments. One thing I can't figure out i...

by Engager in

How to filter specfic result

In my search result, I have the "Description" field.The Description field contains both texts and 2 IP details.I want...

by Contributor in

Substituting host and source data

Hello - I am using the following two searches:The first search is creating a table consisting of _time, idx, and b. ...

by Communicator in

STACKED area chart??

Will Splunk do a stacked area chart? I'm able to get an area chart, but it's not 'stacked' (so each proxy totals to ...

by Explorer in

How to find the difference of multiple event types in non-sequential order?

I have the data with different event types in the data say A to M.. Wanted to find time diffrence which tookfor each ...

by Communicator in

Network topology

Hi everyone!Maybe someone faced such a problem: I want to build a Layer 2 network topology, I have enough data for ...

by Loves-to-Learn Lots in

Get the list of unique combination

I would like to find 1. all unique combination of actionKey, modelName, programName 2. only consider data if they...

by Engager in

I want to calculate a difference between count columns and want to project the growth in the number of messages each mon

Here's my query and I want to calculate the difference between count (_raw) each month . It would be a running column...

by New Member in

Error message when running a subsearch after upgrading to Splunk 8.0.4.: "StatsFileReader file open failed file".

Hi all, Upon a recent upgrade to Splunk 8.0.4, I started seeing this error message when running a subsearch agains...

by Contributor in

Json timestamp miliseconds

Hi, hello, Splunk is not showing up miliseconds for JSON logs. I have find some Questions and Answers here in splun...

by Explorer in

map value not passing

Hi, I have a query which returns around 4000 results and I want to run map query for all that 4000 results. This ...

by Loves-to-Learn Everything in

Regex field extraction

Hello all, I have one sourcetype that does not allow me to create a static field extraction, because we have severa...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Hosts event search by lookup table

Splunk Enterprise Security Content Management blank

Quick Reference Guide Card

Find all newer events logged by application after a certain date

Get difference of occurence between 2 different day/months/years/date ranges

Like Command with special charecter

Query with Thousands IDs in searche whit OR

Query with Thousands of "OR"s

How to lookup match on IP return user value within event?

Recurring JOIN

how to search a service that not running on certain hosts

How do I find the queries & searches an App makes in ES or Splunk Enterprise? Thank u in advance for any help.

MITRE_ATTACK intelligence download has failed error. Please help. Thank u in advance

How to list multiple fields results for multiple fields by hosts.

How to filter specfic result

Substituting host and source data

STACKED area chart??

How to find the difference of multiple event types in non-sequential order?

Network topology

Get the list of unique combination

I want to calculate a difference between count columns and want to project the growth in the number of messages each mon

Error message when running a subsearch after upgrading to Splunk 8.0.4.: "StatsFileReader file open failed file".

Json timestamp miliseconds

map value not passing

Regex field extraction

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions