Splunk Search

Ask a Question

Discussions

Thread Info

How to get searches with time range as All Time?

Hello All, I need to search for SPLs having time range as All time. I used the below SPL:- ...

by Contributor in

Use time and field from subsearch as search criteria in main search

I have a subsearch [search index="june_analytics_logs_prod" (message=* new_state: Diagnostic, old_state: Home*)|spa...

by Path Finder in

How to compare the field values from last 48 hours with field values from today

Hi Splunkers, I'm trying to compare the policy names from Today with policy names from past 48 hours to see if ...

by Explorer in

Unknow command (__f!=v) in search log at job inspector

Hello, I've create a search which contains (...(CallerCountry="CN")). When I take a look in the search log in the...

by Path Finder in

fileSizeGB AND fileCount thresholds

Wondering if there are any industry best practices and/or recommendation for setting fileSizeGB AND fileCount thresh...

by New Member in

Table using regex

Below is my raw log [08/28/2024 08:14:50] Current Device Info ... *******************************************...

by Engager in

Adding asterisk to host list

I'm working on a dashboard in which the user enters a list of hosts. The issue I'm running into is they must add an ...

by Contributor in

Regex for string between to delimeters

Hello, Thank you for your help on this in advance, I just need to create a field in Splunk Search that contains th...

by Path Finder in

Forage Task Guide

The task guide for the Forage job sim states this: For example, to add “Count by category” to your dashboard, type...

by New Member in

Need a help with splunk query

HI Team, When i am trying to exclude one field by inserting condition sessionId!=X its not working . even though I ...

by Observer in

Extra data

I have never been one to understand regex, however I need to extract everything after the first entry (#172...) into ...

by New Member in

Handling nulls in a string

I've got this search index=my_index data_type=my_sourcetype earliest=-15m latest=now | eval domain_id=if(isnull...

by Contributor in

Simplifying/combining queries

Howdy, Im fairly new to splunk and couldnt google the answer I wanted to Here we go. I am trying to simplify my queri...

by Engager in

Split output of query into separate files

Running queries on really large sets of data, and sending the output to an outputlookup works well for weekly refresh...

by Explorer in

2 different lookups in if statement.

When I search I want something like this: if(ID =99): then lookup 1, else: lookup 2. What I have right now is s...

by Path Finder in

Join two indexes with the same field data

Good day, I have a query that I would like to add more information onto. The query pulls all users that accessed a AI...

by Path Finder in

Detecting successful login after multiple failed logins in a transaction

I'm not very good with SPL. I currently have Linux application logs that show the IP address, user name, and if the u...

by Path Finder in

Reference multiple fields into a single name

Is there a way to reference or combine multiple fields into a single name so that it can be referenced by that new na...

by Explorer in

Splunk wont open on localhost:8000.

Im getting a "not found" error. On trying to start splunk in the 'bin' folder I am getting am error. Any help appreci...

by New Member in

Is it required to set a static ip on the localhost for Splunk with Universal Forwarder to work?

I'm a student running the free Community Edition in my homelab. My host currently receives a dynamic IP. Is a static ...

by Engager in

Before and after values from separate events.

Hi, I have a log that tracks user changes to a specific field in a form. The process is as follows: 1. The user acc...

by Explorer in

Is there a way to get the addcototals to show in the first column instead of appending to the last?

Here is my current query. I either get the Totals label in the last column or not at all. I need it to show in the fi...

by Path Finder in

REST Splunk job

Hi Splunkers,I'm trying to get diskusage for searches running by user. | rest /services/search/jobs | rex fiel...

by Engager in

Find Event B Based on the time of Event A

I have a search which yields a time and correlated serial number for event A. I want to use this time and serial nu...

by Path Finder in

Summarize date per week

Good day,I have a query to summarize data per week. Is there a way to display my tables in a better way as my dates f...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to get searches with time range as All Time?

Use time and field from subsearch as search criteria in main search

How to compare the field values from last 48 hours with field values from today

Unknow command (__f!=v) in search log at job inspector

fileSizeGB AND fileCount thresholds

Table using regex

Adding asterisk to host list

Regex for string between to delimeters

Forage Task Guide

Need a help with splunk query

Extra data

Handling nulls in a string

Simplifying/combining queries

Split output of query into separate files

2 different lookups in if statement.

Join two indexes with the same field data

Detecting successful login after multiple failed logins in a transaction

Reference multiple fields into a single name

Splunk wont open on localhost:8000.

Is it required to set a static ip on the localhost for Splunk with Universal Forwarder to work?

Before and after values from separate events.

Is there a way to get the addcototals to show in the first column instead of appending to the last?

REST Splunk job

Find Event B Based on the time of Event A

Summarize date per week

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions