Splunk Search

Ask a Question

Discussions

Thread Info

Remove double quotes and slashes from the field

i am having field like this below. message :"{"\payement":"xxx", "\account:" xxx"}" I want the first ...

by Path Finder in

Microsoft Office 365 Reporting Add-on not obeying interval configuration

Hi, we are using version 1.2.4 on Splunk 7.3.7, and we noticed our interval setting of (interval=600 / 10 mins)...

by Contributor in

syslogs for network equipments to forward syslog to splunk indexer

Greetings!! I would like to ask about Syslog logs for network devices, I have added new network devices by doin...

by Communicator in

TIME_PREFIX and TIME_FORMAT for Props configuration File

Hi, How I would write TIME_PREFIX and TIME_FORMAT for props configuration file for the following events (4- sample...

by Motivator in

How to display zero value in a chart with multiple fields

Hi! i am trying to create a search to display zero values in my chart. However my current search has multiple calc...

by Path Finder in

Splunk Fundamentals Module 5

Hi, I am testing out Splunk Fundamentals 1, and on Module 5 of the lab portion, after running the search, I am not ge...

by Engager in

search all event after specific string

Hi 1-I want to search result return everything after specific event till now. for example: index=main | search "...

by Motivator in

Splunk REST API with NodeJs: trouble getting started creating a search job

I'm new to this, and would appreciate any help from someone who uses NodeJs with Splunk. I can successfully query pas...

by New Member in

How can I calculate counts for active Qualys vulnerabilities

I am ingesting Qualys data via the Qualys Technology Add-on for Splunk (v1.8.7). To reduce daily volume, I have chose...

by Contributor in

subtracting 2 timestamps and then evaluating if that result is longer than 1 hour

I have two timestamps that are in this format within my log events: start: 2005-07-05T04:28:34.453494Z end: 2005-...

by Explorer in

How to write rex with sed mode so that it shows/extracts all unique numbers with specific digits masked ?

Hi, novice splunker here. How could I search or extract all the unique numbers while keeping certain digits masked...

by Explorer in

New lookup is not working

Hi team, I already worked with the lookup feature of splunk, tables, definitions and automatic lookup, and is worki...

by New Member in

How to overwrite the indexer data.

Is there any possibility to over write the index data , for example the data is indexing by the below query.| inpu...

by Communicator in

How to combine multiple searches in same alert

HI, I have 3 searches that give results for errors and journey length. I wanted to add all these searches together ...

by Path Finder in

How to combine multiple searches in same alert

HI, I have 3 searches that give results for errors and journey length. I wanted to add all these searches together ...

by Path Finder in

Fill in 0 for timechart with missing values

I'm generating a chart with event count by date. The problem is for dates with no events, the chart is empty. I want ...

by Champion in

How to use regex to filter out logs?

Hi community, I have the need to exclude AIX logs containing a certain field value. This is the regex the parser ...

by Path Finder in

Best way of making base search

Hello everyone! I need some help with figuring out how to make this base search the best way without hitting the 500....

by Explorer in

Splunk Fundamentals Module 5 Lab

In Module 5 Lab #8, I am asked to perform a search using the "fail* AND password" command over ALL TIME. The search r...

by Engager in

Show hosts that stop reporting logs

Hello, I have many windows machines sending logs through the agent to index = main With what query can I monito...

by Builder in

Search hangs on "TcpOutbound" error

A scheduled search is hanging when it approaches around 28% completion. In search.log, the following message appears ...

by Loves-to-Learn in

Tstats and stats return difference result

Why do I use "tstats" and "stats" but return different results??? I need an explanation. I use Splunk versio...

by Explorer in

Splunk App for Unix and Linux props.conf fields are not calculated

Hi, Given the below system architecture on a single server: 1. When I pass the OS data generated by th...

by Explorer in

Index bz2 files take too much time

Hi I have a directory that contain 60 bz2 files. Totally 27 GB After 24 hours still index processing not complet...

by Motivator in

domain accounts search csv

Hi, i have been looking but cant seem to make much sense of it all. im new to splunk. im trying to create a searc...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Remove double quotes and slashes from the field

Microsoft Office 365 Reporting Add-on not obeying interval configuration

syslogs for network equipments to forward syslog to splunk indexer

TIME_PREFIX and TIME_FORMAT for Props configuration File

How to display zero value in a chart with multiple fields

Splunk Fundamentals Module 5

search all event after specific string

Splunk REST API with NodeJs: trouble getting started creating a search job

How can I calculate counts for active Qualys vulnerabilities

subtracting 2 timestamps and then evaluating if that result is longer than 1 hour

How to write rex with sed mode so that it shows/extracts all unique numbers with specific digits masked ?

New lookup is not working

How to overwrite the indexer data.

How to combine multiple searches in same alert

How to combine multiple searches in same alert

Fill in 0 for timechart with missing values

How to use regex to filter out logs?

Best way of making base search

Splunk Fundamentals Module 5 Lab

Show hosts that stop reporting logs

Search hangs on "TcpOutbound" error

Tstats and stats return difference result

Splunk App for Unix and Linux props.conf fields are not calculated

Index bz2 files take too much time

domain accounts search csv

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions