Splunk Search

Ask a Question

Discussions

Thread Info

Default splunk_server_group

Scenario: Two large organizations with two separate Splunk implementations. Org A acquires Org B and in a consolida...

by Communicator in

Filtered data count against license?

I have to assume this has been asked over and over but I can't seem to find it. If I use inputs..conf on my indexe...

by Loves-to-Learn in

lookup table,

Hi have a report that is sent of a daily basis. The report provides a count for every one hour bucket. Sometimes ge...

by Explorer in

Searches separated by Colon

I source database that displays all of the info i need that is separated by colon. Example "ilruPartNumber":"12345".,...

by Loves-to-Learn Everything in

How to parse a JSON with a mutable node?

I receive some logs in json format, but one of the nodes is mutable, sometimes it's an array, sometimes it is not. Ta...

by Path Finder in

Add count of field instead of just count it

Hi I have log file that each minute store 1 event like this 8:00 1 8:01 1 8:02 1 instead of countin...

by Motivator in

color statistic table cell dynamically on certain rule using other field value

Want to change color of statistic table cell value on certain rule using other field. TABLE: Region, Device, Serv...

by Loves-to-Learn Everything in

How to combine event and summary indexes into a single search?

Is it possible to setup a dashboard query that uses the main event index for "today", and summary index for all other...

by Path Finder in

Running an eval after a sub-search make my comparison negative

I am trying to make a comparison of one field against itself but from a previous day. The use case is I'm trying to ...

by Explorer in

How to run/optimize long ad-hoc searches with lookup

I'm trying to see if there are hits with Kaseya related domains in my Web datamodel. As I understand we need to use w...

by Communicator in

Not able to create a table from fields extracted from a JSON using regex

Hi All, I wrote a regular expression to extract fields from an event containing data in the JSON format. The regula...

by Observer in

Remove double quotes and slashes from the field

i am having field like this below. message :"{"\payement":"xxx", "\account:" xxx"}" I want the first ...

by Path Finder in

Microsoft Office 365 Reporting Add-on not obeying interval configuration

Hi, we are using version 1.2.4 on Splunk 7.3.7, and we noticed our interval setting of (interval=600 / 10 mins)...

by Contributor in

syslogs for network equipments to forward syslog to splunk indexer

Greetings!! I would like to ask about Syslog logs for network devices, I have added new network devices by doin...

by Communicator in

TIME_PREFIX and TIME_FORMAT for Props configuration File

Hi, How I would write TIME_PREFIX and TIME_FORMAT for props configuration file for the following events (4- sample...

by Motivator in

How to display zero value in a chart with multiple fields

Hi! i am trying to create a search to display zero values in my chart. However my current search has multiple calc...

by Path Finder in

Splunk Fundamentals Module 5

Hi, I am testing out Splunk Fundamentals 1, and on Module 5 of the lab portion, after running the search, I am not ge...

by Engager in

search all event after specific string

Hi 1-I want to search result return everything after specific event till now. for example: index=main | search "...

by Motivator in

Splunk REST API with NodeJs: trouble getting started creating a search job

I'm new to this, and would appreciate any help from someone who uses NodeJs with Splunk. I can successfully query pas...

by New Member in

How can I calculate counts for active Qualys vulnerabilities

I am ingesting Qualys data via the Qualys Technology Add-on for Splunk (v1.8.7). To reduce daily volume, I have chose...

by Contributor in

subtracting 2 timestamps and then evaluating if that result is longer than 1 hour

I have two timestamps that are in this format within my log events: start: 2005-07-05T04:28:34.453494Z end: 2005-...

by Explorer in

How to write rex with sed mode so that it shows/extracts all unique numbers with specific digits masked ?

Hi, novice splunker here. How could I search or extract all the unique numbers while keeping certain digits masked...

by Explorer in

New lookup is not working

Hi team, I already worked with the lookup feature of splunk, tables, definitions and automatic lookup, and is worki...

by New Member in

How to overwrite the indexer data.

Is there any possibility to over write the index data , for example the data is indexing by the below query.| inpu...

by Communicator in

How to combine multiple searches in same alert

HI, I have 3 searches that give results for errors and journey length. I wanted to add all these searches together ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Default splunk_server_group

Filtered data count against license?

lookup table,

Searches separated by Colon

How to parse a JSON with a mutable node?

Add count of field instead of just count it

color statistic table cell dynamically on certain rule using other field value

How to combine event and summary indexes into a single search?

Running an eval after a sub-search make my comparison negative

How to run/optimize long ad-hoc searches with lookup

Not able to create a table from fields extracted from a JSON using regex

Remove double quotes and slashes from the field

Microsoft Office 365 Reporting Add-on not obeying interval configuration

syslogs for network equipments to forward syslog to splunk indexer

TIME_PREFIX and TIME_FORMAT for Props configuration File

How to display zero value in a chart with multiple fields

Splunk Fundamentals Module 5

search all event after specific string

Splunk REST API with NodeJs: trouble getting started creating a search job

How can I calculate counts for active Qualys vulnerabilities

subtracting 2 timestamps and then evaluating if that result is longer than 1 hour

How to write rex with sed mode so that it shows/extracts all unique numbers with specific digits masked ?

New lookup is not working

How to overwrite the indexer data.

How to combine multiple searches in same alert

.conf25 Community Recap

Splunk App Developers | .conf25 Recap & What’s Next

Congratulations to the 2025-2026 SplunkTrust!

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions