Splunk Search

Ask a Question

Discussions

Thread Info

Help with improving Regex

Here is the regex to extract message_type based on CIM. Could anyone make this faster than 1387 steps? https://reg...

by Contributor in

I need help on Splunk query

I need help on the query:

by Engager in

How to get time-based lookups working with KV Store?

Have time-based lookups working well with CSV file. When I try to get it working with KV Store, I CANNOT get it to wo...

by Contributor in

Trying to replace "join" with "stats" but issue with multivalue field to "join" on.

Hi, I have simplified my query as much as possible. Basically I am looking at two issues with this: 1: I cannot per...

by Explorer in

Why am I getting "500 Internal Server Error" when I go to Settings > Lookups > Lookup Definitions?

I was attempting to add a lookup definition in a custom app, but, after visiting the page successfully a few times, n...

by Communicator in

Extract value from first index and search in second index

Hi, I'm new to splunk so pardon if its a straightforward query I want to extract userIds from my first index and ch...

by Engager in

Calculating difference between two strftime fields

Hello Splunkers:I'm looking to determine how many days file is out of date.I have two strftime fields and values:x = ...

by Communicator in

Incomplete search results because of lookup definition's maximum match limit in Splunk

Re-initiation of an older question I had asked: Hi, I have a need for an alternative of | lookup abc field1 A...

by Builder in

How to generate a search to find the average Splunk CPU and Memory usage for 24 hours?

Hi All, I want to get the Splunk average CPU and memory usage for 24 hours using a search. Can you please help in ...

by Path Finder in

Need to create rex command to extract field

Hi, We have below type of logs: Log1-- 2021-02-02 10:12:49.889, APP_NAME="com.abcdef.abcdefghijkl", APP_TEMP_NAME...

by Contributor in

Field will not convert time

Hello Splunkers, I have the following field with a date/time stamp: 2021-02-02 15:58:34.0I am trying to convert it...

by Communicator in

Count objects grouped by transaction

I need to count the number objects grouped by a transaction command. The command is: index=* sourcetype="pan:*"| tr...

by Engager in

How to filter a record among multiple events

I have a table like in splunk this: appname valuetimeapp1102020-12-30app1122020-12-31app2232020-12-30app2202020-12-...

by Explorer in

Real time search seems to match results, but never displays them

Hello, Our goal is to define some alerts based on some custom searches from our indexed data. We wrote the search q...

by Explorer in

Lookup csv file doesn't load completely

Hello, We're running Splunk 8.0.3 with a 2G/day license and want to load a CSV with 332928 lines so that we can use...

by Explorer in

Easy Epoch time transformation

I have a lot of DB Connect inputs connecting to MS SQL databases. a lot of the data i am pulling from these inputs ha...

by Engager in

Is the information in the search job inspector stored in Splunk internally so I can query this data and set up dashboards?

I have been tasked to find a way to report on the overall query load to our Splunk system by customers that we have u...

by Communicator in

splunk stream

Hi My servers (clients) are running splunk stream. I believe within the deployment server will contain the configu...

by Path Finder in

How do i check aws autoscaling reason in the AWS log file ?

Hi I have seen a significant traffic increase (Network In ) in our environment. However i tried investigating th...

by Path Finder in

Query to find events with more than 2 values for a specific field compared to another field

I'm trying to create a query to show me all users who have purchased more than 1 type of product. Each event has a ...

by Path Finder in

How can I group counts by time ranges in a row?

For a certain time range, I want to group together the counts in a single row, divided into equal time slices.For exa...

by Explorer in

list eventccode and host

Hello, I hope someone could help me out figuring out this one out. The core of what I am trying to do is get a list...

by Engager in

create table of first and last logins for multiple users

Hello all, looking to get both the first and last event for each user of the bellow search if anyone can help. i...

by Path Finder in

Files with Multiple extensions

I am a Splunk newbie and need to be able to search for files with multiple extensions (example: filename.ps1.doc) an...

by Engager in

Trouble with Hidden Panel Passing a Value

Hello,I am having trouble with a panel staying hidden when the search above shows no results. I would like to create ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Help with improving Regex

I need help on Splunk query

How to get time-based lookups working with KV Store?

Trying to replace "join" with "stats" but issue with multivalue field to "join" on.

Why am I getting "500 Internal Server Error" when I go to Settings > Lookups > Lookup Definitions?

Extract value from first index and search in second index

Calculating difference between two strftime fields

Incomplete search results because of lookup definition's maximum match limit in Splunk

How to generate a search to find the average Splunk CPU and Memory usage for 24 hours?

Need to create rex command to extract field

Field will not convert time

Count objects grouped by transaction

How to filter a record among multiple events

Real time search seems to match results, but never displays them

Lookup csv file doesn't load completely

Easy Epoch time transformation

Is the information in the search job inspector stored in Splunk internally so I can query this data and set up dashboards?

splunk stream

How do i check aws autoscaling reason in the AWS log file ?

Query to find events with more than 2 values for a specific field compared to another field

How can I group counts by time ranges in a row?

list eventccode and host

create table of first and last logins for multiple users

Files with Multiple extensions

Trouble with Hidden Panel Passing a Value

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions