Splunk Search

Ask a Question

Discussions

Thread Info

count over time with open/close events

Hello Splunkers, I would like to create a timechart for status. The data only comes when there's an update, so gene...

by Engager in

ARIMA convert integer machine learning

I'm trying to run this query below: (index=A sourcetype=jobs_info JOB_NAME IN (ACQUA)) OR (index=B sourcetype=FIRE...

by Explorer in

SPL - Creating a list using two time stamp entries

Hi all, I am trying to create a fourth column which would display all values between a given time range in the ...

by New Member in

Multiple same fields in one event with different data

I have this XML data in one event but there are multiple transactions with same fieldnames . We need to display them ...

by Explorer in

Comparing 2 Atrributes in different indexes

I have stored data in 2 indexes. One Index has a attribute which can be a substring of the second index _raw event da...

by Explorer in

Splunk is not able to idetnify transforms.conf lookup configuration

Hi, I have a csv file uploaded in the location /opt/splunk/etc/apps/search/lookups/. My transforms file is in /opt/...

by Explorer in

Match records based on a WHERE condition defined in a lookup table

Hello, Suppose I have raw records like this: user=blabla,org_L1=12345,org_L2=777,department=7890 user=tes...

by Builder in

Splunk Backup

I am facing problems with restoring splunk. I require the searches, indexed data and users created on one installa...

by Path Finder in

How are AWS logs get ingested into Splunk Enterprise or ES?

How are AWS logs get ingested into Splunk Enterprise or ES? Please advise the steps.

by Builder in

Search for user additions to Active Directory privileged groups

I would like to run a query for any user additions to privileged Active Directory groups. I am storing the AD groups ...

by Loves-to-Learn in

Tstats with Sparkline limiting values

I am working on statsing firewall data into a sparkline. However, when I run the search, the sparkline caps out at 1...

by Explorer in

Expand search based on chart

Hi, Is there a way from a dashboard perspective that I present a chart from 2 big groups and if I click on the lege...

by Path Finder in

Filtering Lookup Results

Hi, Below is a result of a lookup command, how do I exclude the other information if I based in on BusinessUnit, F...

by Path Finder in

Search for usage and login attempts for list of users

I recently started learning Splunk . Could you help me!! Have list of users and particular looking for search q...

by Engager in

I have an index searching with event and getting one line string, I need to display it as 2 fields using Regex or rex

Example: My search is index=* source=*xyz* I am getting an event with plenty of lines in string format I wan...

by Engager in

Search Input based on a inputlookup

Hi, I am trying to do the following: 1. Using this | inputlookup Application.csv where BusinessUnit = BU1, it wi...

by Path Finder in

Rounding a Calculated Field

Greeting Splunkers:Referring to: eval - Splunk Documentation where: round(X,Y)Returns X rounded to the amount of de...

by Communicator in

How to fillnull json value pair in a subpath ?

Hello, I'm faced today with something I do not understand. Here the structure of my event (JSON structured) : ...

by Communicator in

Where do I find a list of orphaned searches, Reports and Alerts so they an be deleted or disabled?

Where do I find a list of orphaned searches, Reports and Alerts so they an be deleted or disabled? For the purpose of...

by Builder in

How to remove results of one query from a second query

I'm currently trying to find workstations that haven't been logged into by a human over a period of time. My first ...

by Loves-to-Learn in

How to visualise single series stats sum by filed and it total

I am getting statistics like below (only 3 categories) Category Amount cat1 20 cat2 30 cat3 40 and...

by Path Finder in

Splunk Panel cell clicking not working with cell enabled on drilldown

Good Evening All, I am looking for a solution to a splunk panel when I try to click on any cell value it should ope...

by Explorer in

Pulling new fields out of nested JSON data

Looking at the example field below (part of a JSON event), I'm trying to figure out how at search time to pair up the...

by Path Finder in

Query Duo security for disabled, non-authenicated user

I don't know how to query my duo servers to find out how any users many are set to disabled and some users might have...

by New Member in

Two timecharts for different time frames (today/yesterday) on one graph

Hi all, I'm trying to create a chart containing two timecharts for different time frames (e.g. today/yesterday)...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

count over time with open/close events

ARIMA convert integer machine learning

SPL - Creating a list using two time stamp entries

Multiple same fields in one event with different data

Comparing 2 Atrributes in different indexes

Splunk is not able to idetnify transforms.conf lookup configuration

Match records based on a WHERE condition defined in a lookup table

Splunk Backup

How are AWS logs get ingested into Splunk Enterprise or ES?

Search for user additions to Active Directory privileged groups

Tstats with Sparkline limiting values

Expand search based on chart

Filtering Lookup Results

Search for usage and login attempts for list of users

I have an index searching with event and getting one line string, I need to display it as 2 fields using Regex or rex

Search Input based on a inputlookup

Rounding a Calculated Field

How to fillnull json value pair in a subpath ?

Where do I find a list of orphaned searches, Reports and Alerts so they an be deleted or disabled?

How to remove results of one query from a second query

How to visualise single series stats sum by filed and it total

Splunk Panel cell clicking not working with cell enabled on drilldown

Pulling new fields out of nested JSON data

Query Duo security for disabled, non-authenicated user

Two timecharts for different time frames (today/yesterday) on one graph

Can’t make it to .conf25? Join us online!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!