Splunk Search

Discussions

Thread Info

Drilldown for transaction search time range not correct

I have a panel on my dashboard that is a list of transactions. I edited the drill-down to link to the search of the t...

by Path Finder in

In Splunk how to find the number of words based on the a pipe separator and add a value to it and assign it to a new fil

by Loves-to-Learn in

SPL to return list of field values for a particular time

Hi All, I need a spl which will return the list of filenames that came for the latest time . | eval latest_time =...

by Path Finder in

Need help how to find the active rules/usecases and integrated logsources in splunk

Hi Guys, Help me out how to find the active rules in splunk and how many log sources are integrated with splunk. ...

by Path Finder in

Is it possible to save the value in a field in the first time it occurs and then assign it to later events?

For example, if we have several events and there is a field named from, which is only existed in the first event. Is ...

by Explorer in

How can I search for alerts that send emails to specific users in Splunk 6.6?

Our setup has a quite a few alerts and we need to find all of the alerts that send email to a specific user. So far o...

by Explorer in

How to count the number of unique value of reports over the course of a Month?

So suppose that everyday Splunk takes in a report that houses 9 different fields, one of which is called 'status'. St...

by Path Finder in

Need Help to find how many usecases are enabled and total hosts which is reporting to splunk

Hi , I want to see the number of active use cases in splunk and total hosts which is reporting to splunk. Thanks ...

by Path Finder in

The maximum number of concurrent real-time scheduled searches on this instance has been reached

We recently upgraded from 6.5.4 to 6.6.0 as an interim step on our way to 7.3.6. We had about 12 realtime searches th...

by Explorer in

Subtracting column when column name are dynamic

Hello World. I have a splunk search which results in the below table... Col1Col2Col3Col4Row1XXXXRow2XXXXRow3XXXX...

by Engager in

Lookup searches and regex?

Hi guys, New to Splunk so pardon the simplicity of my question! Im trying to bounce my csv list off another one. ...

by Path Finder in

Use another index as lookup

So I'm trying to enrich one search, by pulling fields from another index, they have a matching pair of fields Serialn...

by Communicator in

How can I join unique fields from 2 different sourcetypes to one column and its values to 2 different columns?

Hi, I am trying to create a table from 2 different sourcetypes. Fields in both source types are same but has differen...

by Loves-to-Learn Lots in

Why are exclusions using lookup failing?

I'm looking signatures in snort but I want to exclude some of the signature IDs by using inputlookup, but it doesn't ...

by Engager in

Extract from URL

Hi, I have following kind of url : https://abc.com/loc/country/123/isshttps://abc.com/a1/v1/country/456.json?...

by Explorer in

Custom alert webhook validation

I have a custom webhook which allows user to enter multiple inputs. Eg: NAME ID NODE I want to validate the...

by Path Finder in

Display result=0 rather than "No Results Found"

Hi All, I'm using a query to get the total total count of a field ( different error messages ) .Here is the sear...

by Explorer in

Why are fields returning true for both isNum() and isStr() ?

Hi, I want to setup a search to alarm me if a field ever changes its nature. To play around, I chose the year fiel...

by Explorer in

Correlate multiple events, extract fields, output to table

Hi everyone, I'm trying to correlate some events that have same field and then to output the results to a table...

by Engager in

Why does the case statement works until an AND is added to it?

When I have this case statement like this, it "works". It runs and puts values in the iSeries column, but they are wr...

by Loves-to-Learn in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Drilldown for transaction search time range not correct

In Splunk how to find the number of words based on the a pipe separator and add a value to it and assign it to a new fil

SPL to return list of field values for a particular time

Need help how to find the active rules/usecases and integrated logsources in splunk

Is it possible to save the value in a field in the first time it occurs and then assign it to later events?

How can I search for alerts that send emails to specific users in Splunk 6.6?

How to count the number of unique value of reports over the course of a Month?

Need Help to find how many usecases are enabled and total hosts which is reporting to splunk

The maximum number of concurrent real-time scheduled searches on this instance has been reached

Subtracting column when column name are dynamic

Lookup searches and regex?

Use another index as lookup

How can I join unique fields from 2 different sourcetypes to one column and its values to 2 different columns?

Why are exclusions using lookup failing?

Extract from URL

Custom alert webhook validation

Display result=0 rather than "No Results Found"

Why are fields returning true for both isNum() and isStr() ?

Correlate multiple events, extract fields, output to table

Why does the case statement works until an AND is added to it?

New Cloud Intrusion Detection System Add-on for Splunk

Happy CX Day to our Community Superheroes!

Check out This Month’s Brand new Splunk Lantern Articles

Search uses up large amount of memory

Could someone assist on converting Azure Sentinel ...

[Solution] Dashboard global_time token value not s...

Why the error "sh: /opt/container_artifact/splunk-...

Why the error "sudo: unable to send audit message:...