Splunk Search

Ask a Question

Discussions

Thread Info

the response time is quite long

Hello, the response time is quite long sometimes but the microservice itself responds very quickly (it just ret...

by New Member in

Extracting key-value pairs using regex at search time

I am trying to extract multiple key value pairs from data like this: Image |Loading |\path\to\obfuscated\\C...

by Path Finder in

Windows Logon_Type

When I am running this search I am not getting the results for EventType=4769: index=main (EventCode=4634 OR E...

by Path Finder in

Difficult extracting fields

I have events that look like this and I am using the field extractor "timestamp": "2020-12-09T18:05:03.6664112...

by Explorer in

How to exclude IPs through lookup

Hi, I want to exclude IPs when performing this search, but despite the IPs being present in the lookup they still a...

by Communicator in

Get Count for Each of the Values Listed

I have the query below and I'm trying to get the count of hosts affected by the vulnGrouping split by priority. Where...

by Path Finder in

Monotonic Time Stuck and Search_Telemetry

Good day, We have been preriodically receiving the following message in our splunkd.log and I am having issues fin...

by Path Finder in

Can i extract a dataset from a single column and show it as another field

Hey Splunkers! I have several events from a particular index, and am looking to extract field value pair from one o...

by Explorer in

stats automatically converts to tstats

Greetings Splunkers,I recently attended Splunk Fundamentals 3 and the instructor mentioned about a Splunk feature tha...

by Path Finder in

How do you create multiple timechart graphs with the same time scale?

I have many different but simultaneous metrics that I am graphing over time. The y axis for each have different range...

by New Member in

Lookup filter based on time

Hi Everyone, I have subnet of IP's. whenever we see any traffic from that IP's we need alert but in between we have...

by Path Finder in

Calculation of availability

Hello dear community.I'm a beginner on Splunk. I would like to have your help today on a project that I am doing. I h...

by Path Finder in

Regex Truncation vs Rex

Hi,I searched and found several tickets regarding my situation, but all lead to nowhere. So, my situation... Unfor...

by Contributor in

Duration Filter help

Hi All, Need help in the Duration filter. Code: index=opennms "ciscoLwappApIfUpNotify" OR "ciscoLwappA...

by Communicator in

Sourcetype not same in index & tstats

I am trying to create a query using tstats from datamodel Malware, one of the sourcetype 'abc' that i want to includ...

by Loves-to-Learn Lots in

Results on daily basis with rangemap

My Query : --- | stats count by "response time" | rename "response time" as "time_taken" | rangemap field=time_taken ...

by Engager in

How to input a file and retrieve output in splunk dashboard?

Hi Team, I have a query that executes in my dashboard. I want to provide the input as a CSV file(with list of IDs) an...

by Explorer in

Help with Stats count expression??

Hi Everyone, I'm newer-ish to splunk. I'm doing a search similar to this in splunk : index=mfa sourcetype=lexus Su...

by Explorer in

count events by day when stats has multiple BY clause

Goal - I am searching for "number of actions per unique customer" metrics from API metric logs.below is my query. Be...

by Observer in

Maniupulating _time to remove 0 values from line chart

I have a line chart in which I'm trying to monitor response time for a certain network call. I want to see the averag...

by Observer in

Eval JSON_EXTRACT Issues

All, I'm working on extracting some key info out of an Ansible HEC collector. I'm hoping to use json_extract stuff...

by Explorer in

Extracting fields from nested JSON event

I have a very complex nested JSON event and need to extract 2 fields. I've managed it with less complicated ones but ...

by Motivator in

How to correlate an event using two different indexes?

I'm trying to create a query that will provide me with events that use two indexes. The results are to show events wh...

by Explorer in

Extracting new fields from data in another field

Hi gurus, I am new to Splunk but have this task that I'm stumped on: I have a query that looks like this: i...

by Engager in

Spl

Hello Splunkers, Can you please guide me, my assignment_group column is not populating. Any issues i have done whil...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

the response time is quite long

Extracting key-value pairs using regex at search time

Windows Logon_Type

Difficult extracting fields

How to exclude IPs through lookup

Get Count for Each of the Values Listed

Monotonic Time Stuck and Search_Telemetry

Can i extract a dataset from a single column and show it as another field

stats automatically converts to tstats

How do you create multiple timechart graphs with the same time scale?

Lookup filter based on time

Calculation of availability

Regex Truncation vs Rex

Duration Filter help

Sourcetype not same in index & tstats

Results on daily basis with rangemap

How to input a file and retrieve output in splunk dashboard?

Help with Stats count expression??

count events by day when stats has multiple BY clause

Maniupulating _time to remove 0 values from line chart

Eval JSON_EXTRACT Issues

Extracting fields from nested JSON event

How to correlate an event using two different indexes?

Extracting new fields from data in another field

Spl

.conf25 Registration is OPEN!

Detecting Cross-Channel Fraud with Splunk

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

MLTK - What algorithm should I use?

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions