Splunk Search

Discussions

Thread Info

o365 admin center workload

Hi guys, I'm trying to create a search that triggers an alert every time a user has been signed out of their o365 s...

by Explorer in

Grouping within multivalued fields

I have built a query that exports data by a date range and based on a scan or source. Currently I'm grouping them int...

by Path Finder in

compare last 5 days data

I would like to listed those events (reuirements) which state are changed to Agreed from last 3 days. Today have a ...

by Loves-to-Learn Lots in

Export MV field values to CSV

I have specific events with rows and rows of MV data. They have a header and footer data but the bulk of the body is...

by Path Finder in

Getting a list of active users usernames from a list of email addresses

I have a CSV with multiple hundred email addresses and I am trying to run a report to determine which accounts are ac...

by Engager in

Too long query?

Hi, I have an issue with a query of mine. The length of it is exactly 378 lines, and however I managed to save it on...

by Observer in

Field extraction Help

Description Recorded value for [Turn On Test 123] Recorded value for [Turn On Test 456] Ex...

by Path Finder in

Changing rows to columns and maintaining association

Hello,I have a table of items and I need to convert the results in the rows "pa_name" and "pa_valor" to columns and k...

by Explorer in

HOW TO MAKE EXCEPT SQL QUERY IN SPL (A\B)

Hello everyone, I'm new in Splunk. My issue is to make an EXCEPT SQL query in SPL. Something like the following: ...

by Explorer in

Infinite resolution

Hi, I'm using | sim flow query="<My query>" format=table org_id=<ID> resolution=900000 ...

by Loves-to-Learn Everything in

Compare changes today to last 7 days

Hi All, I am a newbie in Splunk world and looking for some help in structuring my query. I have an index with dat...

by Loves-to-Learn Lots in

stats/streamstats to display only last 2 result/row

Hi, i'm looking for a solution which only show the last and last-1 result using stats or streamstats function. Aim i...

by Path Finder in

How do I build correlation rule? "Account was created and deleted"

Hi! There is another way to create a query with EventID ("user-created") and then EvendID ("user deleted") in 5...

by Loves-to-Learn Everything in

How to use foreach with search filter?

Hi All, I have a requirement to use foreach with search filter. Example fileds 192345_Employeestatus,207754_Emplo...

by Builder in

Complex query on IIS log

Hi all, I would like extract from intranet weblog (IIS log) top pages grouped by departments to see which pages are...

by Explorer in

Splunk search query

To obtain "list of suspicious IP addresses that attempt to make an unauthorized web connection having a duration of l...

by New Member in

Create Pie Chart from JSON data

Hey Splunk Gurus! have been going in circles trying to get a query going to give me a pie chart on what I would ha...

by Path Finder in

Convert single row values to multiple rows

Hi Srinath, Srinath USER1 IND0010001 USER2 IND0010002 USER3 IND0010003 ...

by Contributor in

How to unset a token in drilldown based on specific column?

Hi. I am trying to edit a source code of a splunk panel such that, the token should only when the user clicks on a...

by Explorer in

Count events in summary index

Hello, everybody! Does anybody can help with such an easy problem as counting events in summary index? I have a s...

by Path Finder in

How to use regex to extract from _raw and return in table format?

I have logs with data in two fields: _raw and _time. I want to search the _raw field for an IP in a specific pattern ...

by Path Finder in

Total time taken per request

new to Splunk so want to know how I can fetch total time take per request applog.msg=XXXX_Logs,CorrelationId=XXXXX...

by Engager in

Response time

Hi Team, I am having a question regarding log details in Splunk. 1.How response time is generating in logs.? 2....

by Explorer in

how to extract this fields

When i try to extract BiosMake fields in my log file with field extraction (Mode regex).I have this:Error in 'rex' co...

by Engager in

How to colllect avgLoad1m for each cpu core in linux

Hi, Any suggestion about how can I collect avgLoad1m for each cpu core (hosts with multi-core cpu) by Splunk_TA_nix...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

o365 admin center workload

Grouping within multivalued fields

compare last 5 days data

Export MV field values to CSV

Getting a list of active users usernames from a list of email addresses

Too long query?

Field extraction Help

Changing rows to columns and maintaining association

HOW TO MAKE EXCEPT SQL QUERY IN SPL (A\B)

Infinite resolution

Compare changes today to last 7 days

stats/streamstats to display only last 2 result/row

How do I build correlation rule? "Account was created and deleted"

How to use foreach with search filter?

Complex query on IIS log

Splunk search query

Create Pie Chart from JSON data

Convert single row values to multiple rows

How to unset a token in drilldown based on specific column?

Count events in summary index

How to use regex to extract from _raw and return in table format?

Total time taken per request

Response time

how to extract this fields

How to colllect avgLoad1m for each cpu core in linux

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions