Splunk Search

Ask a Question

Discussions

Thread Info

ip location and microsoft/google

Hello Everyone, We are currently working on exchange logs (IIS), and trying to detect abnormal traffic from differ...

by Path Finder in

Two conditions for Lookup

Hi, iam stuck with a problem where i need help from you guys. I have a search that runs IDs against a lookup to det...

by Path Finder in

Compare data between multi column tables and find difference

Hi, I have a query that gives a table of records satisfying certain condition. Have another query that gives the sa...

by New Member in

Search by time, then visualize in

Hello Splunkers ! i want to write a command that shows a timeline of authentication activities as following: ...

by Path Finder in

Search Time Masking Using Calculated Field

Hi Splunkers, Good day. I am trying to perform search time masking using a Calculated Field to replace _raw with th...

by Path Finder in

Time Difference and Average

I am trying to get the average of a time difference by using | stats avg(time_dur) by type and sin...

by Path Finder in

How to get Start and End time from failed condition

Hi Splunk, We have data like this: ( how to get the result like on the table StartError EndError and SumCall ?) I h...

by Explorer in

Bitbucket and Splunk integration

I want to view bitbucket files changed , owners who changed bitbucket files in Splunk. Can someone please share the s...

by Communicator in

Comparing sum results between several days

I am trying to average the sum of power consumption readings between 2 days and compare that sum to a 3rd day. If the...

by Explorer in

How to regex specific word string?

Hello, Ignoring commas and spaces, how do I grab just the name string from the below log? Below regex kept returnin...

by Path Finder in

Can I change _time based on time within data that is ingested

Hi , I have a report that is ingested in splunk. Due to the report format not correctly ingested by splunk, I had ...

by Explorer in

Extracting field with spath from JSON sourcetype overwrites field in other None-JSON sourcetype

Hi, looked through documentation and Splunk answers but did not find reason/root cause for the following obervation...

by Path Finder in

Splunk alert for peak errors only

Hi, I am working on a query to write an alert where i need to monitor few pages for 500 Errors. Now currently there ...

by Path Finder in

How to compare two json objects for equality?

I have a table where the x axis labels are a json object of parameters that were passed into a test. The y axis are a...

by Loves-to-Learn Lots in

PII in Email

Hi, How can I find PII data in our email dashboard. Thank you Personally Identifiable Information DetectedDete...

by New Member in

How to dedup multivalued fields?

Some of the data coming in from one of our indexes is doing the following( It appears data is repeating for each fiel...

by Communicator in

Calculate the average of 99th percentile

Hi, I am working on a query where I need to calculate the average of 99th percentile values over a 5 minute period of...

by Path Finder in

earliest and latest information in custom python search command

I was not able to find in the doc a way to get earliest and latest information from the datetimepicker to use in my g...

by Builder in

How do i use eval to calculate two fields?

What I am trying to accomplish with the command is to find the events with the EventCode "4624" and Logon_Type "10" o...

by Engager in

Search for instances of 'test' but not 'testn'

I would like to see instances with the source 'test*' - that is everything that starts with 'test' but eliminate 'tes...

by Explorer in

Subtring from url field and then group using the url

I have a field "BackendURL" which contains different url's. for eg : http://abc.com/emp?name=jim&no=101 http://...

by Explorer in

inputlookup excluding index

I am trying to write a query that will ignore events in certain indexes (these indexes change over time). I have a ...

by Path Finder in

Get a list of ID by date and compare with lookup file and get result not in search

Hi everyone I have a lookupfile that contains a name and an ID Brokers.csv Name ID Broker1 101 Broker2 10...

by Explorer in

Using field values from a lookup to modify other field values

Hey everyone,above you can see an example of what I can expect in my work environment..My goal is to modify the value...

by Contributor in

How to display date values based on picker and sort it based on the value being pick

Hi - i'm working on a simple dashboard where user will pick a certain date in a multipicker. Once date is being picke...

by Loves-to-Learn Lots in

Get Updates on the Splunk Community!

Splunk Search

Discussions

ip location and microsoft/google

Two conditions for Lookup

Compare data between multi column tables and find difference

Search by time, then visualize in

Search Time Masking Using Calculated Field

Time Difference and Average

How to get Start and End time from failed condition

Bitbucket and Splunk integration

Comparing sum results between several days

How to regex specific word string?

Can I change _time based on time within data that is ingested

Extracting field with spath from JSON sourcetype overwrites field in other None-JSON sourcetype

Splunk alert for peak errors only

How to compare two json objects for equality?

PII in Email

How to dedup multivalued fields?

Calculate the average of 99th percentile

earliest and latest information in custom python search command

How do i use eval to calculate two fields?

Search for instances of 'test' but not 'testn'

Subtring from url field and then group using the url

inputlookup excluding index

Get a list of ID by date and compare with lookup file and get result not in search

Using field values from a lookup to modify other field values

How to display date values based on picker and sort it based on the value being pick

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions