Splunk Search

Discussions

Thread Info

Splunk SPL Examples for WebSphere SystemOut Logs

We use Splunk, and I do know that our SystemOut logs are forwarded to the Splunk indexer. Does anyone have some examp...

by Explorer in

Generate a report where it will output table with different timings in columns

I need to generate a report where it will output table with different timings in columns. Trick part is logs captur...

by New Member in

Splunk Security Essential - MITRE ATT&CK Matrix

HI all, I just installed the security essential app on my splunk but i'm having issues retrieving the MITRE matrix....

by New Member in

How do report for Windows logon and logoff per user day-by-day

Is it possible to get each day first login event( EventCode=4634) as "logon" and Last event of (EventCode=4634) as...

by Explorer in

splunk query with substring not working

Hello Everyone, I have written the splunk query to remove last 2 character from the string: processingDuration = ...

by Path Finder in

Combining 3 queries output to produce table

|union [ search index=osp source=xxx EVENT_TYPE=xxx EVENT_SUBTYPE=xxx field1=* field3=xxx field4="" | eval DATE = str...

by Observer in

Troubleshooting

how can i troubleshoot when using a dashboard to export data, the data exported has numerous NULL values where there ...

by Explorer in

Could not load lookup=LOOKUP-reply_code

Good morning! I am receiving the Error: Could not load lookup=LOOKUP-reply_code on multiple boxes. Any similar sit...

by Engager in

How to get count 0 for the field value which is not matching with events

Hi Splunkers, My requirement is below . I have lookup where 7 hosts defined . when my search is running for bot...

by Path Finder in

Splunk Citrix get-brokersession

I have a powershell script running get-brokersession which then exports the results to a txt file. The file is then...

by Path Finder in

SPL Time range is giving issue

Hi Splunkers! I wish to get data in a specific time range using earliest and latest command . I have checked with...

by New Member in

Framing query with tstats command

Hi, Can anyone please help me to frame the SPL script. I have to collect the list of devices reporting in splunk al...

by Explorer in

Head for each value of a field

Hi there. I'm relatively new to searching in Splunk so I can't sometimes get my head wrapped up around some Splunk ...

by SplunkTrust in

"Corrupt csv header" : how to find the corrupted csv?

I find on splunkd.log a lot of warnings as: "Corrupt csv header, contains empty value (col #3)" without any other det...

by Explorer in

How to remove missing value timestamps for accurate delta calculation

HI, I'm running a search for two different timeranges, for missing datapoint pair it's creating discrepancy with m...

by Explorer in

Hi Splunkers - Heat Map Index - Host

Hello friends, I am trying to create a heat map where I can see the indexes on the left side and in each cell of the ...

by New Member in

Multiple Server New Field

Can we create a new field which contains the group of multiple servers name and that field I can use directly in all ...

by Explorer in

Regex issue

Hi Teami am trying to make below field regex which is coming in every single event. but its not allowing me to use sa...

by Path Finder in

How to loop through times for same search

Hi Splunk Experts,I'm not sure how easy it's using Splunk, I've a field (_time) with list of epoch_time values in it....

by Contributor in

How to extract the json based key value pair for defined match?

below is my json file. I want to notify whenever there is a change in last property , "displayName": Included Update...

by Observer in

Fill field with first value

I have a data set for web traffic. A sessionID ties all traffic for an individual browsing session together - all ev...

by Engager in

Regex to query csv raw data

I have a CSV raw data which has files names and data inside the files which is seperated by double quotes and comma. ...

by Explorer in

Getting unique values of a field.

Hi all. I have a field called TaskAction that has some 400 values. But, I only want the distinct values of that field...

by Communicator in

How to use eval with If ,AND

Hello Splunkers,I have the following query returning the search results, index="demo1" | search "metrics.job.o...

by Explorer in

Optmise dedup Splunk search

Hi - I am looking to optimise this search by removing dedup, the idea of the search is to remove duplicate paymen...

by Observer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Splunk SPL Examples for WebSphere SystemOut Logs

Generate a report where it will output table with different timings in columns

Splunk Security Essential - MITRE ATT&CK Matrix

How do report for Windows logon and logoff per user day-by-day

splunk query with substring not working

Combining 3 queries output to produce table

Troubleshooting

Could not load lookup=LOOKUP-reply_code

How to get count 0 for the field value which is not matching with events

Splunk Citrix get-brokersession

SPL Time range is giving issue

Framing query with tstats command

Head for each value of a field

"Corrupt csv header" : how to find the corrupted csv?

How to remove missing value timestamps for accurate delta calculation

Hi Splunkers - Heat Map Index - Host

Multiple Server New Field

Regex issue

How to loop through times for same search

How to extract the json based key value pair for defined match?

Fill field with first value

Regex to query csv raw data

Getting unique values of a field.

How to use eval with If ,AND

Optmise dedup Splunk search

What the End of Support for Splunk Add-on Builder Means for You

Solve, Learn, Repeat: New Puzzle Channel Now Live

Building Reliable Asset and Identity Frameworks in Splunk ES

disable automatic search execution when time range...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions