Splunk Search

Ask a Question

Discussions

Thread Info

How to force my user to specify an index

Hi, So I've been facing some challenges with some of my users and I don't really know exactly how to tackle this.De...

by Path Finder in

Extract Http status from - event text -.. [2020-11-26T11:27:56.025047450Z] "PUT /sendmail HTTP/1.1" 400 203 252 "-"...

i am trying to extract http status from below event row text using search , but could not able to get status, event...

by Loves-to-Learn Lots in

Help with output csv by combining tokens from dashboard for the filename

Here is a sample of the search, can anyone help? The query works and returns data but errors out on the output filen...

by Explorer in

Hi Team , I need Field extraction of status Error and INFO status in logs .

ERROR [monki_HMCatalogSyncJob::de.hybris.platform.servicelayer.internal.jalo.ServicelayerJob] -[J= U= C=] (monki) (00...

by Explorer in

How to get the latest violator value and its month and the number of times it has violated

Hi, I have a below search result which shows Violators as red in color. Violators are more than 2 sec I wo...

by Communicator in

How to get the full directory path to a file? (e.g. dirname)

Similar to the Regex to find a directory in a path question, how does one find the full directory path to an file (e....

by Path Finder in

Regex to find a directory in a path

I have these paths as sources for an index (the paths are linux file system paths) /usr/local/myfiles1/myfacilityA...

by Explorer in

How do I compare search results from two different time periods?

I have shown the queries I made with set diff and eval below. My aim is to compare the report of 07:00 to 07:00 of th...

by Path Finder in

How to replace join command with any other alternative command for the below query?

index=105261-cli sourcetype=show_processes_cpu pid=0| dedup deviceId| fields deviceId, idle, fiveMinutes| eval cpuLoa...

by Engager in

search optimization: getting values with tstats for fields that are sometimes NULL

Search optimization question for y’all: We have an accelerated data model to try to drive improved performance for so...

by Contributor in

creating a correlation search for data exfiltration via email using datamodel

Hi all, I am trying to create a correlation search query for "data exfiltration via email" using email datamodel ...

by New Member in

Is there a SPL query pattern that can perform hierarchical counting?

Is there a SPL query pattern that can perform "hierarchical counting" beyond the two levels of depth outlined in thes...

by Engager in

List of events from transactions starting with A

Hi all, I am using data from 3 different indexes. They contain events which can be attributed to specific transacti...

by Loves-to-Learn Everything in

How to count filled and blank cells in excel spreadsheet by writing splunk query?

I need help on splunk query that will count both filled and empty cells in excel spreadsheet differently and give th...

by Path Finder in

Does Splunk distribute individual member searches of a multisearch to available Slots on any/all available Search Heads?

Like the title says - how are individual searches in a multisearch handled? Are they distributed across any/all ava...

by Builder in

How to extract multiple hostname from one regex search in globalprotect logs?

Hi everyone, I'm trying to create a simple list with all the devices found on the logs from globalprotect. The dea...

by Explorer in

List of all indexes containing access logs

Hello all, and thanks for the assistance ahead of time. How can I produce a list of all Splunk index names for indexe...

by Engager in

Extract multiple words in a filed

Hi, I have some syslog logs and I need to extract the first words of a field values. The field value starts like th...

by Communicator in

Transaction command - Way to change from timestamp to a different field?

Good morning all, I'm leveraging the transaction command in order to gather statistics around the duration of my re...

by Explorer in

Correlate different events with a common value

Hi all, I'm a new Splunk user and I would like to have some help from you. I have two query: First query: index...

by Engager in

search

Hi, I have 2 different events. these 2 events can be identified by "Id". I am trying to display it in table in...

by Loves-to-Learn Lots in

Is there a workflow to populate field on page not in URL?

I know through a workflow action I can add add a token value to a URL string. Is there any way to populate a value on...

by Contributor in

when consulting for sourcetype it does not bring data

I understand that I should obtain results if I also consult only specifying the sourcetype and the rest of the search...

by Builder in

Best Way to Search based on a Token Value

Hello, I am trying to find the best way to change my search based on a token value that I will pass through an inpu...

by Path Finder in

This search has encountered a fatal error and has been marked as zombied.

I'm trying to optimize this report to successfully run without errors. It will currently run for 3-5 hours and grow ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to force my user to specify an index

Extract Http status from - event text -.. [2020-11-26T11:27:56.025047450Z] "PUT /sendmail HTTP/1.1" 400 203 252 "-"...

Help with output csv by combining tokens from dashboard for the filename

Hi Team , I need Field extraction of status Error and INFO status in logs .

How to get the latest violator value and its month and the number of times it has violated

How to get the full directory path to a file? (e.g. dirname)

Regex to find a directory in a path

How do I compare search results from two different time periods?

How to replace join command with any other alternative command for the below query?

search optimization: getting values with tstats for fields that are sometimes NULL

creating a correlation search for data exfiltration via email using datamodel

Is there a SPL query pattern that can perform hierarchical counting?

List of events from transactions starting with A

How to count filled and blank cells in excel spreadsheet by writing splunk query?

Does Splunk distribute individual member searches of a multisearch to available Slots on any/all available Search Heads?

How to extract multiple hostname from one regex search in globalprotect logs?

List of all indexes containing access logs

Extract multiple words in a filed

Transaction command - Way to change from timestamp to a different field?

Correlate different events with a common value

search

Is there a workflow to populate field on page not in URL?

when consulting for sourcetype it does not bring data

Best Way to Search based on a Token Value

This search has encountered a fatal error and has been marked as zombied.

Can’t make it to .conf25? Join us online!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!