Splunk Search

Discussions

Thread Info

compare two field values for equality

I have the output of a firewall config, i want to make sure that our naming standard is consistent with the actual fu...

by Communicator in

Palo Alto Networks vendor_action query to list all

I'd like to run an efficient search over an index to find all of the types of 'vendor_action' field present in the da...

by Engager in

vendor_action Field

Hi!I'm trying to find more information about the vendor_action field, however I've not managed to do so with much suc...

by Engager in

Splunk query to check variation in processing time and volume in 5 minutes each (in last 10 minutes)

Hi, Can anyone help, As I want to get an alert if : The volume gets drop or if processing time gets increased of a sp...

by Path Finder in

Splunk query to filter logs

In my search result i am getting AD & Login locations. Now I want to filter result, if both AD and Login locations ...

by Contributor in

Eval Usage data to percentage as 1d span base, and table today, 1month ago, 3months ago, 6months ago

Hello, I'm trying to make time based table to check trend right away. The data is currently accumulated on da...

by Path Finder in

How do I extract the dirname from the filepath

hello How can I get the dirname from the filepath. I am looking something like this Ankits-MacBook-Pro:~...

by Explorer in

Display the different color based on status value and Client Wise.

run the below query and got the output index=xxx sc_status=201 OR sc_status=200 | stats count(eval(sc_status)) as...

by Explorer in

search auto-finalized after time limit: 60 seconds / limits.conf

Hello, Unfortunately, my complete query does not go through because of the following error:The search auto-fina...

by Path Finder in

How to compare output of a search to a lookup file?

So I've got a lookup table full of hostnames that I want to compare to a search that returns only the active hosts so...

by New Member in

a little search assistance

Hello all, I need some assistance using the search below to produce a timechart of the number of events per day...

by Path Finder in

Splunk Table with data from multiple points in time

I have a datasource that drops data into Splunk every 10 minutes that contains data about my team's workflow. The d...

by Engager in

A value remains for a length of time

I am looking for a search that returns an events(s) when the searched value remains for a set length of time. Using W...

by New Member in

How many hours required to upgrade 7.2.1 version to latest version

Hi Everyone, Can anyone please share your comments, how many hours required to upgrade the Splunk version from 7.2....

by Path Finder in

extract some text into a field with rex

I'm using Splunk to examine the event logs on some servers looking for details regarding application crashes with the...

by Path Finder in

Query to compare presence of fields

Hi everyone,I am new to splunk and was unsuccessful with my query.Let's say many events are aggregated in an index fr...

by New Member in

Extracted fields in same table

Hi, I have extracted 2 fields i.e. field1 & field2, while using the stats count command how do i use these extracte...

by Path Finder in

query for transactions or grouping events

Hi Team, I have the below logs in splunk and i'm looking for query to get the time taken to compete the run by each...

by Engager in

Search to group different fields from different events

Hi! So ive been at this for hours attempting to use stats and transactions to do this. I have two events that look ...

by Loves-to-Learn in

Computing column differences

This is result of a query that reflects license consumption by day Index3/2/20213/3/20213/4/20213/5/20213/6/20213/7...

by Path Finder in

Using Regex to search events from a specific ip range

Hello, I am new to Splunk and REGEX for that matter. What I am trying to accomplish is creating an alert when a speci...

by Engager in

Working with periods in spath command

I have a lot of json data that contains periods in the keys. I want to be able to expand one of the arrays in the dat...

by Explorer in

Need to mask the data twice in a single field

Can you please help me in masking the data. Raw Data: -> "login": "44337754-004613081080P"I want the number to be m...

by Path Finder in

Working regex elsewhere does not work in Splunk

As seen in the first example, the expression I've constructed will capture the field values I want. However in the se...

by Path Finder in

Question about geostats

Hello, I am new to SPL language. I have been working on 'geostats' recently and not quite sure what 'translatetoxy' ...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

compare two field values for equality

Palo Alto Networks vendor_action query to list all

vendor_action Field

Splunk query to check variation in processing time and volume in 5 minutes each (in last 10 minutes)

Splunk query to filter logs

Eval Usage data to percentage as 1d span base, and table today, 1month ago, 3months ago, 6months ago

How do I extract the dirname from the filepath

Display the different color based on status value and Client Wise.

search auto-finalized after time limit: 60 seconds / limits.conf

How to compare output of a search to a lookup file?

a little search assistance

Splunk Table with data from multiple points in time

A value remains for a length of time

How many hours required to upgrade 7.2.1 version to latest version

extract some text into a field with rex

Query to compare presence of fields

Extracted fields in same table

query for transactions or grouping events

Search to group different fields from different events

Computing column differences

Using Regex to search events from a specific ip range

Working with periods in spath command

Need to mask the data twice in a single field

Working regex elsewhere does not work in Splunk

Question about geostats

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

Splunk Community Badges!

What You Read The Most: Splunk Lantern’s Most Popular Articles!

How to modify a dashboard

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

Splunk Search

Are you a member of the Splunk Community?

Discussions