Splunk Search

Discussions

Thread Info

Merging events from two indexes

I would like to create a dashboard to query the logs of our two firewall devices (paloalto and sns). Both has their o...

by Contributor in

Iterate over lookup table to perform replace on search field

I am trying to use a lookup table to perform a series of string replacements on a single field in a search resultThe ...

by Engager in

Proofpoint field mapping with splunk

Hi, Can some body help me with a query or basic search WRT Proofpoint as source to identify spoofed emails

by New Member in

Total of 2 rows

Hi everyone, I have a table which gives me 2 fields Username and Duration. How can I dedup the Username and add the t...

by Path Finder in

how to identify malformed regex ?

Dear Splunker, I have a lookup, which contains all the regex patterns. I would like to identify which of them are m...

by Engager in

User agent Android 10 & IOS 14 - Difficult in extracting Field

Hi I am trying to extract field from the user agent details like ( Operating system, Software, Software version, S...

by Loves-to-Learn in

Fillnull on an eval field post stats

Hi, I want to do a fillnull on an eval created field post stats but it never works quite right with either creating...

by Communicator in

Make a stats by value a separate field

I've performed a stats by command I was wondering if there was a way to store all these as fields and then for the by...

by Communicator in

How to use Regex to find values between two strings

I have this event: <f:Table><f:Row><f:Cell>IE Group Policy</f:Cell></f:Row><f:Row><f:Cell>HKEY_LOCAL_MACHINE\SOFTW...

by Motivator in

Parsing kaspersky syslog events

Hi community, I need help in parsing events containing not pure json. This is the raw event: May 28 15:...

by Path Finder in

Time conversion

Hi Team I have the time in this format "startTime":1606406489009 i wanted to convert it to date-month-year hour...

by Path Finder in

Add fonction AVG, STDEV and eval command to contingency command

Hello, I have an excel file like this : And I wanna do this on splunk, but I can't / don't know how to do ...

by Explorer in

Using a stats avg function after an eval case command to categorise

Hi, I have a requirement where we need to categorise events based on the url into 4 separate categories, then calcu...

by Communicator in

Dashboard base search with extra search values

Hello, I have a dashboard with 3 panels that load at the same time.Almost 3 identical searches. The difference is i...

by Path Finder in

Query syslog fields

Dear all, I have a syslog-ng relay server collecting syslog messages from remote network devices and saving them as...

by Explorer in

X axis and y axis title font size change

How to change the font size for x axis and y axis titles in splunk. Need inputs on this.

by Engager in

Transaction Command not returning all results

Hi, I have a splunk query as below: index=platform env=sandbox http_method="GET" This gave me 1 result...

by Engager in

If a field includes certain number of predefined strings?

Hi, data set to search in field1: ("foo", "bar", execute", "thanx", "tax", "trade" ) if field1 includes any rand...

by Path Finder in

Use call stats to calculate concurrent calls.

I have a data source that provides call records for telephone calls. Each call record contains a call duration and t...

by Explorer in

Need to compare the contents of a lookup file with search results

Hi, Brand new to splunk here. I've been using it about 1 month. I have a lookup file, all_identities_prod.csv,...

by Explorer in

How can I get max number of hours without events for all indexes, myindex=* ?

I have the summary index to record hourly event count for all device (de_count). I have the following search to get m...

by Path Finder in

How can I get the search work with multiple indexes

I have the search to get max number of hours without events for feeds. It works just for one index. It wouldn't wor...

by Path Finder in

Sum of field b after making multivalue fields and sort by date

I have created several 'rex' expressions that parse data into their own fields and the created multivalue fields comb...

by Path Finder in

Learning my Companies Splunk Data

I am trying to better learn what data is in the indexes at my company. There is a command that gives you something ...

by Path Finder in

Search for non-matched values

Hello, Is there any way to search non-matched values from two tables like you can do on excel using VLOOKUP? T...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Merging events from two indexes

Iterate over lookup table to perform replace on search field

Proofpoint field mapping with splunk

Total of 2 rows

how to identify malformed regex ?

User agent Android 10 & IOS 14 - Difficult in extracting Field

Fillnull on an eval field post stats

Make a stats by value a separate field

How to use Regex to find values between two strings

Parsing kaspersky syslog events

Time conversion

Add fonction AVG, STDEV and eval command to contingency command

Using a stats avg function after an eval case command to categorise

Dashboard base search with extra search values

Query syslog fields

X axis and y axis title font size change

Transaction Command not returning all results

If a field includes certain number of predefined strings?

Use call stats to calculate concurrent calls.

Need to compare the contents of a lookup file with search results

How can I get max number of hours without events for all indexes, myindex=* ?

How can I get the search work with multiple indexes

Sum of field b after making multivalue fields and sort by date

Learning my Companies Splunk Data

Search for non-matched values

.conf25 Community Recap

Splunk App Developers | .conf25 Recap & What’s Next

Congratulations to the 2025-2026 SplunkTrust!

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions