Splunk Search

Discussions

Thread Info

Splunk SAML authentication issue when combining SAML and scripted inputs together for Splunk Cloudgateway implementation

Encountered an issue with Splunk SAML authentication in conjunction when using scripted inputs for leveraging splunk ...

by Explorer in

Get results per week for custom _time field

Hello, I am running a search for last 7 days results, and i am using fixed_date field as _time field. fixed_date ...

by Path Finder in

Problem formatting string to json

Hi, I have the following String that is logged by the application and I am wondering if there is a way to pretty p...

by New Member in

Mapping a number against a certain number range in a look up

Hi Everyone, So I'll try and make this as clear as possible, but it's quite hard to explain it in depth. What I'm...

by Loves-to-Learn Everything in

Field extraction and search issue

Hi, I am dealing with an issue because data changed from my source. I was using a lookup as below to search only on...

by Builder in

Would a Splunk guru please explain what span=log2 does or why one might use it?

I've seen the documentation, but it doesn't really explain what or how it might be used. I'm looking for a lightweig...

by Engager in

How to group values

Hi I have a field name called report_name, it can have a number of status values associated with it, i.e. status=a ...

by Contributor in

Event count before and after a specified time

I am looking to count the number of events that occur before and after a specified time (8am) each day to give a tabl...

by Explorer in

DNS Logs field extraction (flags)

Hello Splunkers, I'm actually trying to extract the "flags" field in the DNS logs. Meanwhile, the TA provided by ...

by Path Finder in

Search hosts, Windows updates

Hello! I am new in Splunk Search. I am using this query to find all hosts to which a specific update was installe...

by Explorer in

How do you allow automatically match against lookup file multi-value field

Hello experts - I'm scratching my head trying to figure out if there's something at the low level configuration si...

by Path Finder in

User agent - Difficult in extracting Field

Hi I am trying to extract field from the user agent details like ( Operating system, Software, Software version, S...

by Path Finder in

sourcetypes

Is there a way to tell which method a sourcetype is using to get data into splunk? For example, suppose I look at ...

by Path Finder in

Event-data within retention time is missing

Hi For a given index with retention of 91 days configured, we find some hosts having events for the full 91 days.So...

by Explorer in

How to resolve high increase in forwarders reporting errors, including "Failed to checkpoint" for channel='security'?

We discovered that in early April, around the 7th, we had a HUGE increase in forwarders reporting this error: ERRO...

by Path Finder in

Blacklist lookup - search query

I have a blacklist.csv file that looks like the following, namedescription*vpn*VPN was found.*putty*Putty was found...

by Path Finder in

Time duration between two events from timestamp mentioned in the event.

Hi there, I have a requirement where i need time duration between two events in ms.Events look like this Event ...

by Loves-to-Learn Lots in

Javascript: How to cancel a search mid run?

Hello, I am trying to write a simple SPA using JS on the Search Head. I have a page where objects are generated dy...

by Champion in

Nested Search Question

OK I have been reading most of the morning and I have to just be missing something very simple. To explain what I a...

by Observer in

UNIX time for the first day of the month of last month

I am querying Nessus imported data and I would like to find old vulnerabilities still present today.More precisely, e...

by Explorer in

queries that used datamodels

Hi There is any option to get a list of acceleration data model and what rules / reports / queries) using each of t...

by Explorer in

resolve IP to name

I want to be able to see the host name in search results rather than IP. In this case, the "host" I am looking for is...

by New Member in

Search query using REST in JSON format?

Hello, I am trying to do a search query using JSON. It works if I use the normal form format, but not JSON. Worki...

by Loves-to-Learn in

Join multiple lookup table to get result in single table

Hi, This is the case scenario: when I run this search query: index = "global" productID I get the following r...

by Explorer in

Count of API calls over X time_taken, only if average time_taken is over a threshold

Hi, I currently have a query that returns the a chart of API's whose calls average over a specific time limit (uni...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Splunk SAML authentication issue when combining SAML and scripted inputs together for Splunk Cloudgateway implementation

Get results per week for custom _time field

Problem formatting string to json

Mapping a number against a certain number range in a look up

Field extraction and search issue

Would a Splunk guru please explain what span=log2 does or why one might use it?

How to group values

Event count before and after a specified time

DNS Logs field extraction (flags)

Search hosts, Windows updates

How do you allow automatically match against lookup file multi-value field

User agent - Difficult in extracting Field

sourcetypes

Event-data within retention time is missing

How to resolve high increase in forwarders reporting errors, including "Failed to checkpoint" for channel='security'?

Blacklist lookup - search query

Time duration between two events from timestamp mentioned in the event.

Javascript: How to cancel a search mid run?

Nested Search Question

UNIX time for the first day of the month of last month

queries that used datamodels

resolve IP to name

Search query using REST in JSON format?

Join multiple lookup table to get result in single table

Count of API calls over X time_taken, only if average time_taken is over a threshold

Celebrating Fast Lane: 2025 Authorized Learning Partner of the Year

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Error preventing me from saving search with chart

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

Splunk Search

Are you a member of the Splunk Community?

Discussions