Splunk Search

Discussions

Thread Info

Highest value selection from table

Hi All, I am having challenge to filter the highest value and prepare a new column. Code: index=nw_ppm...

by Communicator in

REST API returns empty results when I execute the command in Linux

I am trying to fetch results using REST API from Saved Search and getting empty response. My command is like this... ...

by Path Finder in

REST API returns empty results when GET result

I use API to create searchhttps://[IPaddress]:8089/services/search/jobsBody:search sourcetype = ipfix | regex destina...

by Explorer in

How to count each IP every 6 hours since its first timestamp?

Hi, I recieved the following question which I was not able to answer: Let's simulate a system that charges each e...

by New Member in

New to REX field. How would I go about extracting this data?

I'm trying to track Ringcentral data that we have in Splunk now and the objective is to sort and alert us to missed c...

by Path Finder in

How to extract one filed from two lookups with same fields?

Hey There, I have two lookups, both have same exact fields. I need all the fields from Lookup1.csv, which I have no p...

by Path Finder in

Combining 3 big searches

I am working on project to compare ip and MAC whether they are seen from three different tool. Tanium, ACAS, HBSS. ...

by Engager in

How to query events where the latest event field is only a specific value?

Hi I have a request to find all users that have outcome=fail as the latest event. The outcome can be fail or succes...

by Builder in

How to Use Field Values in Endswith Parameter of Transactions

Hello! I am trying to group my log entries based on very specific criteria but can't seem to figure out how to do s...

by Path Finder in

Coalesce that shows the Field and Value in a Table

Good Afternoon, I am working on a coalesce query that looks like this: | makeresults| eval Name="John", NAME="Jo...

by Explorer in

How to check if a field contains a value of another field?

I would like to take the value of a field and see if it is CONTAINED within another field (not exact match). The text...

by Communicator in

Search statistics format not shared

New to this so probably a very basic question.... A user has a query that comes out with a nicely formatted statist...

by Explorer in

calculated fields with strptime

Hey there, I have a _raw where I am extracting a timestamp. But this is in a bad format. So I wanted to have a "cal...

by Path Finder in

Search on existing search results?

Preemptive note, I am not looking for instructions on how to run a subsearch. I have results from a completed s...

by Explorer in

ta-pfense - new test install, no fields

Trying to use splunk. Installed ta-pfsense, and I have data showing up from my pfsense firewall, the problem is it s...

by New Member in

Counting sessions with missing events

Hey gang - searching for missing data is probably the weakest part of my Splunk skillset. I just have a hard time th...

by Path Finder in

How to upload a lookup file to a Splunk Cloud "staging area" or through REST API?

Hi, In order to automate the deployment pipeline of Splunk Apps into different instances, our team has the require...

by Explorer in

Blacklisting Wineventlog

Hi Team, I got a requirement to filter out for the source [WinEventLog:Security] for 14 host (Host and Computer...

by Contributor in

Query to find newly added sourcetypes

Hi, I am using below query to find the newly added sourcetypes . | metadata type=sourcetypes | eval time=now()-...

by Path Finder in

Using if condition in input and path fields of spath

I have an xml file and using spath for it. My xml is having a tag like:<messages><name>test1</name><message-a><cust...

by Loves-to-Learn Lots in

Splunk Query Regular Expression

Dear Team, I've below Splunk log and trying to get s...

by Observer in

How to customize the view of the values a particular field, in table visualization?

Hello Splunkers, I have used unicode characters, to display trend, in my splunk dashboard. BUt the size of those ch...

by Communicator in

How do I filter events by lookup time?

I have a lookup table like in splunk this: earliest_timelatest_timeS_NOSRC_IP3/1/20214/1/2021E100210.10.10.10 ...

by Explorer in

how to use part of field name to group columns and add values?

Hi, I got a set of table that has "_time" as row values and "hosts" as column values like below. _timehost-1-1host...

by New Member in

Counting percentage with completion and not completed status

Hi, I have following data: And I am trying to create SPL which gets me following result: I tried ev...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Highest value selection from table

REST API returns empty results when I execute the command in Linux

REST API returns empty results when GET result

How to count each IP every 6 hours since its first timestamp?

New to REX field. How would I go about extracting this data?

How to extract one filed from two lookups with same fields?

Combining 3 big searches

How to query events where the latest event field is only a specific value?

How to Use Field Values in Endswith Parameter of Transactions

Coalesce that shows the Field and Value in a Table

How to check if a field contains a value of another field?

Search statistics format not shared

calculated fields with strptime

Search on existing search results?

ta-pfense - new test install, no fields

Counting sessions with missing events

How to upload a lookup file to a Splunk Cloud "staging area" or through REST API?

Blacklisting Wineventlog

Query to find newly added sourcetypes

Using if condition in input and path fields of spath

Splunk Query Regular Expression

How to customize the view of the values a particular field, in table visualization?

How do I filter events by lookup time?

how to use part of field name to group columns and add values?

Counting percentage with completion and not completed status

Can’t make it to .conf25? Join us online!

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!