Splunk Search

Ask a Question

Discussions

Thread Info

How to link multiple sourcetypes based on multiple fields

I have a few sourcetypes, looking something like this: sourcetype=weatherdate, location, temperature sourcetype=a...

by Engager in

Junk characters showing when I use stats with list command to get the logins and logout of a VPN

Dear Community Members , In splunk cloud instance :I am trying to get VPN login and logout for users in a single ta...

by Path Finder in

How to fix Splunk from incorrectly extracting hostname field in syslog events?

Hi there, we have an issue with hostname extraction from syslog events. Normaly the extraction works fine, but fo...

by Contributor in

Enrichment with sub-search in a certain time period by using index

Hi Folks, I am trying to enrich my search with subsearch in the same time bucket/bin. The search can be found below...

by Path Finder in

Mulit lookup with same event-field, lookup-destfield and event-destfield

Hi All I'm new on splunk and have following problem. We need data from a table depending on the value of a variab...

by New Member in

Rex syntax to define result data

Hello, I am looking to clean up the result data from a Splunk query.How do I remove all the text prior to the user na...

by New Member in

Splunk ES and Correlation searches

Hello Splunkers.I'm working on some of the usecases on ES and one of the request that I've got from my upper manageme...

by Path Finder in

Need to remove duplicate data

We have 3 different (Active,Closed,Resolved) records for same Incident and we need to retrieve only Active incident r...

by Explorer in

search different index

I have 3 different indexes and they asked me to search by document number. The structure of the logs is differe...

by Builder in

Datamodel acceleration date range forced to last month

Hi, i need help with some datamodel acceleration issues in CIM.The problem is that i accelerated a datamodel with 1y ...

by Communicator in

Need to pull IP from Message field

Hey all, I'm trying to separate out the IP address (Source Network Address:) from the Windows event Message field. I'...

by Engager in

How to extract value from log events with type as json object or json array??

Our event log has request and response. Request and response body can either be a json object or json array. I need t...

by Explorer in

Several email distribution lists on alert

Hi Splunk Community. I have an alert, which runs a query regularly, for example hourly 24*7*365. If the alert is tr...

by Observer in

Grouping URLs by their path variable pattern

I need to do an analysis on API calls using logs, like avg, min, max, percentile99, percentil95, percentile99 respons...

by Explorer in

How to interpret the asterisk as a wildcard in a join left?

I have an index where one of the relevant fields is a domain. This index is used in a search in a dashboard, where I ...

by Path Finder in

Skipped searches

Hello, community What's skipped search? Do I understand correctly that it's a search which finished with error? H...

by Contributor in

percentile total transactions in IIS

Hello, I am trying to get the Perc99 and Perc95 from the total transaction in IIS which the bellow search: so...

by Communicator in

1% slowest requests in terms of response time

Good morning, I am looking on generating a search to find the 1% slowest requests from IIS logs however I am not su...

by Communicator in

How to fix Could not load lookup=LOOKUP-cisco_asa_* in Splunk Cloud

Every time I search, I get errors: Could not load lookup=LOOKUP-cisco_asa_change_analysis Could not load lookup=L...

by Loves-to-Learn in

rex extraction user & module

Hi Here is my log, what is the rex for extract "0000A0@#0000" and "mymodulename" ...

by Motivator in

Quoting values and CSV export

If I run this search I generate two numeric fields, one called number the other called decimal | makere...

by Path Finder in

rex for source target

Hi here is my log: 2020-01-19 13:20:15,093 INFO ABC.InEE-Product-00000 [MyProcessor] Detail Packet: M[000] T[111]...

by Motivator in

Prop Conf for CSV input data

Hello, Please let me know how I would write Props Configuration file for this csv file. Segment of sample data for ...

by Motivator in

How to filter time AFTER timechart using relative time

Hello! I have a search with timechart that I need to filter time AFTER the timechart based on the current time. ...

by Explorer in

How do I search for a complete list of all the Apps on my Deployment server ? Without the Built In apps.

How do I search for a complete list of all the Apps on my Deployment server ? If possible Excluding the Built In apps...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to link multiple sourcetypes based on multiple fields

Junk characters showing when I use stats with list command to get the logins and logout of a VPN

How to fix Splunk from incorrectly extracting hostname field in syslog events?

Enrichment with sub-search in a certain time period by using index

Mulit lookup with same event-field, lookup-destfield and event-destfield

Rex syntax to define result data

Splunk ES and Correlation searches

Need to remove duplicate data

search different index

Datamodel acceleration date range forced to last month

Need to pull IP from Message field

How to extract value from log events with type as json object or json array??

Several email distribution lists on alert

Grouping URLs by their path variable pattern

How to interpret the asterisk as a wildcard in a join left?

Skipped searches

percentile total transactions in IIS

1% slowest requests in terms of response time

How to fix Could not load lookup=LOOKUP-cisco_asa_* in Splunk Cloud

rex extraction user & module

Quoting values and CSV export

rex for source target

Prop Conf for CSV input data

How to filter time AFTER timechart using relative time

How do I search for a complete list of all the Apps on my Deployment server ? Without the Built In apps.

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Introduction to Splunk AI

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions