Splunk Search

Discussions

Thread Info

AnomaliDetection does not detect outlier data

In the below dataset, there are two different ISPs for the user from their usual ones.NordVPN for John and Quadranet ...

by Explorer in

Adding avg and changing min to minutes

Ill start off i am newer to splunk.... I am using the following search index=server source="WinEvent" Event...

by Explorer in

I can`t get more than 10.000 results in a join command

Hi, I would like to know if there is some way to create a query where I can get more than 10.000 results when I used ...

by Explorer in

How to line up 2 reports

Hello Splunk Community, I have 2 reports trying to combine into 1. The fields are different to each other. Say Repo...

by Communicator in

Is there a way to do a NOT IN search

something like; [search index= myindex source=server.log earliest=-360 latest=-60 "

by Path Finder in

How to pass a field value from one search to another search?

Hi All, I'm extremely new to Splunk and have been tasked to do the following: Perform a query against one host (S...

by Explorer in

WinEventLog input xmlRegex modifier -- When did THIS become available?

I've been on the struggle bus with WinEventLog blacklist entries this week and stumbled upon the new xmlRegex modifie...

by Builder in

Splunk Alert Create alert based on count over past time frame

Hi Splunk Community I need some assistance with a Splunk alert, the search result provides exactly what I require ...

by Explorer in

How show 0 when not result

I need show any value in every minute, but I only get value > 0Search:| tstats count WHERE index=XXXXX C_TXN_A IN (1,...

by Explorer in

How to set a backup TCPOUT group in Outputsconf

Hi, From my understanding, the param `defaultGroup` under the stanza `[tcpout]` in `outputs.conf` can be set to a c...

by Builder in

need help in order to compare 2 columns and display one related field

Hi, I'm Alex from Franceas almost everyone here, I need some splunk guru ^^ fields computer and user are in index1,...

by New Member in

Join two indexes based on substring match

Hi, I am struggling with joining two indexes based on substring match.I have following indexes : index1 :having f...

by Explorer in

How to use events only from 'active' host?

I have 2 different data set: 1. host and prevStatus field with IDLE value 2. server (same values as host) and ser...

by Path Finder in

Join by time range

Hi all, Possible to join 2 search results like following? Set 1: _time field1 field2 field3 (com...

by Communicator in

If I use more than 6 times append command in query the Chart command shows incorrect result

I ran the below query, index=s sourcetype=S_1 | search Gene="dow" OR Gene="x" OR Gene="ari" OR Gene="lia" OR Ge...

by Explorer in

Regex replace field text

Hello everyone, I was wondering if this kind of search is possible. I want to replace the text from my search which...

by Path Finder in

ML query to detect categorial outlier per field per day comparing with other day statistics

Hello All, I am trying to find categorial outlier for all the emails sent from our environment with respect to its ...

by Path Finder in

Missing calculated field

Hi, In the logs being ingested Splunk isn't automatically pulling out the action field, so I'm trying to create one...

by Communicator in

search strptime function using %Z and tz database time zones

Greetings, Quoting from https://docs.splunk.com/Documentation/Splunk/7.2.6/SearchReference/Commontimeformatvariab...

by Path Finder in

Create new field based off combination of 2

so I have some data that comes in via a TCP input. I want to quickly run a specific search but it requires me to have...

by Explorer in

Interesting fields/values , MLTK, etc

Hi All, I got a bunch of logs, from which I would like get some business values. Using with or without MLTK. I w...

by SplunkTrust in

Add comments to search code inside search field

Hello everybody, using Splunk 8.1.0 and relaterd to https://docs.splunk.com/Documentation/Splunk/8.1.0/Search/Parsing...

by Explorer in

Splunk more than one mvcount or if statement in mvcount

Hi Community, I'm trying to optimize an existing query to only return values only if a condition is met. The ex...

by Explorer in

How to return first 2 events in a httpSession?

Hi team, I have below sample raw data in splunk: Now I want splunk to return me the first two events in a httpSe...

by Path Finder in

Response time, error count, transaction per second in one graph

I would like to get response time(95 percentile), error count and transaction per second in one graph timechart. This...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

AnomaliDetection does not detect outlier data

Adding avg and changing min to minutes

I can`t get more than 10.000 results in a join command

How to line up 2 reports

Is there a way to do a NOT IN search

How to pass a field value from one search to another search?

WinEventLog input xmlRegex modifier -- When did THIS become available?

Splunk Alert Create alert based on count over past time frame

How show 0 when not result

How to set a backup TCPOUT group in Outputsconf

need help in order to compare 2 columns and display one related field

Join two indexes based on substring match

How to use events only from 'active' host?

Join by time range

If I use more than 6 times append command in query the Chart command shows incorrect result

Regex replace field text

ML query to detect categorial outlier per field per day comparing with other day statistics

Missing calculated field

search strptime function using %Z and tz database time zones

Create new field based off combination of 2

Interesting fields/values , MLTK, etc

Add comments to search code inside search field

Splunk more than one mvcount or if statement in mvcount

How to return first 2 events in a httpSession?

Response time, error count, transaction per second in one graph

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!