Splunk Search

Discussions

Thread Info

DAG error in dashboard panel but not in regular search

I have a query that runs completely fine in the regular search but when it is added to a dashboard in the same app it...

by Path Finder in

How can I add a summary row to a table in Simple XML

How can I add a summary row to a table in Simple XML? By summary row I am referring to what is described here, i.e. a...

by Builder in

URL proxy block with high counts and recurring on a host

Hello, i have a spike which comes from A URL being constantly blocked by proxy. I need help with a query on findi...

by Observer in

splunk query with if condition

Hi Teami want to display the success and failure count for that i have only one field i.eb_failed="false"using this i...

by Path Finder in

Show multi values

Hi, i am a beginner. I have 2 sourcetype (table). One of conatins requirement_id other ones conatins Testcase_id an...

by Loves-to-Learn Lots in

'host' field being populated automatically when indexing a report

I have a report that is getting events from an existing index, processing the data and indexing again to another cust...

by Path Finder in

Avoid streamstats truncate to obtain previous value

I have a index with the follow data: KEY_ID, GROUP, DATE With for example:1, group1, 2021-06-011, group2, 2021-06...

by Explorer in

Need to add Additional panel with total?

Hello "Good Day" I am trying to add the extra column for totals. If you observe above picture, I have four count...

by Path Finder in

Drilldown close button

i have a table with multiple values, and on click of any of the value, an inline panel opens (using depends option) v...

by Path Finder in

Instead of using Job Manager, rest call to kill/stop all running current adhoc jobs for one user?

Does anyone know of a rest call that can be used to kill all adhoc queries for a user? I do not wish to all users se...

by Path Finder in

Searching for data from different log files with similar field names

Hi, I'm new to Splunk here... I have a local instance of Splunk Enterprise on my local machine where I've creat...

by Explorer in

Need to exculde data in search by using lookup data

Hello All "Good Day" index="aedc"| rex field=source "-_(?<source>\S+)"| rex "(?<ModuleID>MY\d+)"| rex "(?<Path>/F...

by Path Finder in

How To Exclude Events from Transaction if there is Time Gap Larger than X

Hello, I am creating transactions for the earliest instance of a location being reserved and that location being re...

by Path Finder in

How to get duration for the product A in 2 occurrences ?

So what I have now from my search so far Product Status Time A Start 8.00 AM A ...

by Path Finder in

Add field post stats and transpose commands

Hi, I want my data presented in a very specific way, which means I can't go the typical route of just adding the f...

by Communicator in

Hi, can you help me?? How can I do Three search in the same query, but the results separate for a week

How can I do Three search in the same query, but the results separate for a week (the results of last 4 weeks), and t...

by Engager in

Inputs.conf blacklist with a negative regex

Hello, I need to create a whitelist with the blacklist. I mean... I have three blacklist in the windows securi...

by Path Finder in

Using Regex to break down a string

Hello guys I hope you are all having a great week I work in a hotel chain and we provide transportation services, b...

by Communicator in

Merging events from two indexes

I would like to create a dashboard to query the logs of our two firewall devices (paloalto and sns). Both has their o...

by Contributor in

Iterate over lookup table to perform replace on search field

I am trying to use a lookup table to perform a series of string replacements on a single field in a search resultThe ...

by Engager in

Proofpoint field mapping with splunk

Hi, Can some body help me with a query or basic search WRT Proofpoint as source to identify spoofed emails

by New Member in

Total of 2 rows

Hi everyone, I have a table which gives me 2 fields Username and Duration. How can I dedup the Username and add the t...

by Path Finder in

how to identify malformed regex ?

Dear Splunker, I have a lookup, which contains all the regex patterns. I would like to identify which of them are m...

by Engager in

User agent Android 10 & IOS 14 - Difficult in extracting Field

Hi I am trying to extract field from the user agent details like ( Operating system, Software, Software version, S...

by Loves-to-Learn in

Fillnull on an eval field post stats

Hi, I want to do a fillnull on an eval created field post stats but it never works quite right with either creating...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

DAG error in dashboard panel but not in regular search

How can I add a summary row to a table in Simple XML

URL proxy block with high counts and recurring on a host

splunk query with if condition

Show multi values

'host' field being populated automatically when indexing a report

Avoid streamstats truncate to obtain previous value

Need to add Additional panel with total?

Drilldown close button

Instead of using Job Manager, rest call to kill/stop all running current adhoc jobs for one user?

Searching for data from different log files with similar field names

Need to exculde data in search by using lookup data

How To Exclude Events from Transaction if there is Time Gap Larger than X

How to get duration for the product A in 2 occurrences ?

Add field post stats and transpose commands

Hi, can you help me?? How can I do Three search in the same query, but the results separate for a week

Inputs.conf blacklist with a negative regex

Using Regex to break down a string

Merging events from two indexes

Iterate over lookup table to perform replace on search field

Proofpoint field mapping with splunk

Total of 2 rows

how to identify malformed regex ?

User agent Android 10 & IOS 14 - Difficult in extracting Field

Fillnull on an eval field post stats

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

New Release | Splunk Cloud Platform 10.1.2507

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions