Splunk Search

Discussions

Thread Info

Loop through single column list in Inputlookup csv and check if column values are found across multiple index events

Hello. I have an input lookup csv file with a single column named “Domain” that has a list of domain names in that co...

by New Member in

How to get the difference of columns from two different tables? (the number of rows in the column is different)

Hi! My task is as follows: I want to compare the increment of a certain type of errors: the average value of each typ...

by Loves-to-Learn Lots in

Transaction not grouping results with startswith and endswith filter

I am doing the labs for Fundamentals Part 2 and I am not understanding something I have to use the startswith and end...

by Engager in

Group widgets/panel in a dashboard with a common border

How to add group widgets/panel in a dashboard with a common border? Eg group1 : panel1, panel 2 - combined bor...

by Communicator in

specifying field in Field Extraction

in search, w/ rex command I can specify which field I want to apply the Regex as following example| rex field=event "...

by Loves-to-Learn in

Heavy forwarder and sysmon

Hello friends, Suppose I install Microsoft Sysmon on a Windows server. I then go install the Universal Forw...

by Path Finder in

Regex help

Hi, I have below sources, source = C:\Stats\user1\Tmpdata\Mappers\Consolesx\start.log source = C:\Stats\user2...

by Path Finder in

Help with Dashboarding

Hello, Here is the whole context and question: https://community.splunk.com/t5/Splunk-Search/Aggregate-query-help...

by Engager in

How do I implement multiple rename commands based on user input

I have a single algorithm with 2 methods. Each method produces the same type of data but with different fields names ...

by Path Finder in

Multiple Rows into one row with primary key

Hi, I have data that looks like this (as you can see user_id 9 has filled numerous rows). This is just a csv inges...

by Engager in

Dynamically Change panel background color based on returned value (no js possible)

Hi. First, I've been using this forum for a few months now as I'm new to Splunk. Thanks to all the contributors ...

by Explorer in

Combine two stacked bar charts side by side

Hi All, I have a use case to align two stacked graphs side by side. So, there are 4 columns with values for any pa...

by Observer in

Firewall logs

sourcetype=cp_log action!=Drop OR action!=Reject OR action!=dropped I am socked ,when i am searching with above q...

by Explorer in

how to set limit

Hello Experts, I am new to Splunk and trying to build basic queries in Splunk to build use cases. Currently I am wo...

by Explorer in

How can I display values of a common field occurring in two different event ID's?

There are various event codes like eventID = "123" , eventID ="456", eventID = "789" . There are some "appID" field...

by New Member in

Aggregate query help

Hi Team - I am trying to first search and then aggregate results from following Splunk logs: Raw format: "build...

by Engager in

How do I get Spunk to parse the events returned by a custom generating command?

I have a custom generating command that returns events to Splunk, however those events are not parsed, so the kv data...

by Path Finder in

Splunk dashboard : Text input token is caching the previously entered value.

I have a dashboard with multiple inputs. These inputs are like filters on top of basic search. I want 1. if phone m...

by Explorer in

Field extraction with multiple matches per line

Hi all, I'm trying to pull out the MAC addresses from a series of records which is mostly working using the follow...

by Explorer in

How to join 2 indexes

Hi All, I want to join two indexes and get a result. Search Query -1 index=Microsoft| eval Event_Date=mvindex(...

by Contributor in

How to edit my search to omit results of a subsearch from the main search using NOT?

Hello Splunkers, I've been trying to solve this problem for a while now but I am still not able to NOT the contents o...

by Contributor in

How to skip/ignore one letter character from filtered log

Hello Team, rex field=_raw "string_list=%25(?<new_field1>\w+)%25" Above condition will get a word bet...

by Explorer in

How to get data from log and count event values

Hello Team, I'm very new to splunk, I have below two logs "message": "api.main REQ user1 10.10.44.76 \"GET /api/v...

by Explorer in

Performing operations on a list of values with a single value

HI, As mentioned in the subject, I want to perform operations on a list of values with a single value. To be cleare...

by Path Finder in

How to search for last 6 months for event indexed every month?

Hi, I have a summary index which gets indexed once in a month. I have a query which runs based on current month loo...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Loop through single column list in Inputlookup csv and check if column values are found across multiple index events

How to get the difference of columns from two different tables? (the number of rows in the column is different)

Transaction not grouping results with startswith and endswith filter

Group widgets/panel in a dashboard with a common border

specifying field in Field Extraction

Heavy forwarder and sysmon

Regex help

Help with Dashboarding

How do I implement multiple rename commands based on user input

Multiple Rows into one row with primary key

Dynamically Change panel background color based on returned value (no js possible)

Combine two stacked bar charts side by side

Firewall logs

how to set limit

How can I display values of a common field occurring in two different event ID's?

Aggregate query help

How do I get Spunk to parse the events returned by a custom generating command?

Splunk dashboard : Text input token is caching the previously entered value.

Field extraction with multiple matches per line

How to join 2 indexes

How to edit my search to omit results of a subsearch from the main search using NOT?

How to skip/ignore one letter character from filtered log

How to get data from log and count event values

Performing operations on a list of values with a single value

How to search for last 6 months for event indexed every month?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!