Splunk Search

Thread Info

TRUCANTE Logs

Hello, I am using Splunk Cloud, for some our sourcetypes we have defined specific TRUNCATE values. I have a couple ...

by Explorer in

rename and add 2 count results

Hello community, I'm having a problem with a probably stupid addition but I can't find a solution. I make a simple ...

by Path Finder in

saved searches

can I find all the saved searches which are using index=* rather than giving specific name. And all the saved searche...

by Contributor in

How to use token value in stats group by field in Splunk dashboard

Hi Team, I have stats group by fields as token it will change dynamically based on time selection. for example if s...

by Engager in

Need to pull the Top 100 Hosts License Usage In Splunk Cloud

Need to pull the License Usage in GB for the top 100 Host along with their respective Index Source and Souretype info...

by Contributor in

trace if a server in a network path behind a firewall

How do I trace if a server in a network path behind a firewall?The data is presented in the table below.For example: ...

by Builder in

Conditional Search String based on Time

Hi community, I need to write a query which can adjust its search string based on event time. For example, if t...

by Explorer in

Getting different results in Splunk dashboard for different users

I've made a dashboard to show some statistics on it. The information that appears on my dashboard differs from that o...

by Loves-to-Learn Lots in

Splunk basic left join not working

I am on Splunk 7.0.2 and trying to join two search strings with a common field but for reason this is not working. ...

by Explorer in

Embed Saved Search with API (preferably Python SDK)

I'm programmatically generating saved searches with the Python SDK, which is great. I then want to embed those sav...

by Engager in

Accelerating report that uses bucket _time

Hi All, I have a report running every 6 hour with below search query. This is fetching hourly availability of hapro...

by Path Finder in

Splunk Daily License Usage For Every Month In GB For Index, Host , Source and Sourcetype Seperately

Hi Team, We have deployed Splunk Cloud in our environment and currently have a requirement to generate monthly ...

by Contributor in

Daily License Usage Based on Source Information Along with Host, Index & Sourcetype Information

Hi Team, There is a requirement to get the license usage split in GB on daily basis for the top 20 log sources alo...

by Contributor in

how join with condition

this is part of one tablehostname | monitor | ip | other fields...aaa |v | ....aaa |x | ...bbb | v | ...how can cha...

by New Member in

How to coalesce three events

Hi Experts, I would like to create the following table from the three events. ipv4-entry_prefix network-...

by Explorer in

Error in 'EvalCommand': Type checking failed. '-' only takes numbers.

Hi all, I want to find the difference between two values (values.in65To127OctetFrames). My data is like below. ...

by Explorer in

Need to exclude hosts which matched with event 4608 windows is starting up within 5 minutes

Below is the query which included all the events for windows shutdown and starting up want to exclude host when event...

by Explorer in

Why does my sourcetype works only on standalone environment ?

Hello,I've recently tested a sourcetype for a new input via the props.conf file on my standalone dev environment, and...

by Loves-to-Learn Lots in

Is there a way to display current time with marker in event timeline viz in splunk?

Is there a way to display current time with time marker in this dashboard in splunk?

by Engager in

Timezone issue in Splunk

Hi Team, Need your assistance for the configuration changes in Splunk. The requirement is to change the Timezone ba...

by Communicator in

Alert for specific missing events

Hello, I need to monitor some critical devices (stored in a lookup file) connected to the Crowdstrike console, in p...

by Communicator in

Azure defender advanced hunting to Splunk SPL

I am having an issue in Advanced hunting for Defender app in Splunk htt...

by Engager in

XML Field extraction from Syslog messages

I am receiving XML formated messages via Logstash which are then forwarded to splunk over syslog. xmlkv allows for pa...

by Explorer in

how to convert UTC time into mmddyy format

Hi, how to convert UTC time into mmddyy format. I tried this query for search | makeresults| eval time| eva...

by Observer in

Splunk to slack report integration not displaying all events in results from output

Splunk to slack report integration not displaying all events in results from output. So we have report running which ...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

TRUCANTE Logs

rename and add 2 count results

saved searches

How to use token value in stats group by field in Splunk dashboard

Need to pull the Top 100 Hosts License Usage In Splunk Cloud

trace if a server in a network path behind a firewall

Conditional Search String based on Time

Getting different results in Splunk dashboard for different users

Splunk basic left join not working

Embed Saved Search with API (preferably Python SDK)

Accelerating report that uses bucket _time

Splunk Daily License Usage For Every Month In GB For Index, Host , Source and Sourcetype Seperately

Daily License Usage Based on Source Information Along with Host, Index & Sourcetype Information

how join with condition

How to coalesce three events

Error in 'EvalCommand': Type checking failed. '-' only takes numbers.

Need to exclude hosts which matched with event 4608 windows is starting up within 5 minutes

Why does my sourcetype works only on standalone environment ?

Is there a way to display current time with marker in event timeline viz in splunk?

Timezone issue in Splunk

Alert for specific missing events

Azure defender advanced hunting to Splunk SPL

XML Field extraction from Syslog messages

how to convert UTC time into mmddyy format

Splunk to slack report integration not displaying all events in results from output

Mastering Data Pipelines: Unlocking Value with Splunk

The Latest Cisco Integrations With Splunk Platform!

AI Adoption Hub Launch | Curated Resources to Get Started with AI in Splunk

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...