Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How do you change a span of 1 week time to start from Saturday to friday?

I have data and I need to visualize for a span of 1 week. I.e: it takes data from Sunday to Saturday. But, I want ...

by Builder in

Search speed up

Hi everyone, silly question but I'm not much practical with Splunk queries. How to speed up a search that is cu...

by Loves-to-Learn Lots in

Define & use variable in same search

Hello, fellow splunkers! I am trying to find a search string where I could define a variable & then use it in the s...

by Explorer in

Can you exclude specific files from the Splunk file validation?

After upgrading to Splunk 6.5.1 we began receiving an error message in the GUI stating "File Integrity checks found 1...

by Path Finder in

Filtering by OS

I have the outcome of my search results but I want to filter by only OS. I was able to get all the results but need ...

by New Member in

I see a list of generic names under "savedsearch_name" on search heads, but where are these searches actually saved?

Hello On my search heads, I am able to find searches that are named "search1", "search2" etc: savedsearch_name ...

by Builder in

Comparing two fields from events with fields from a list Lookup

Hello. Again, these lookups ). The hardest thing about queries. The request itself is the identification of users...

by Loves-to-Learn Everything in

Why is Restrict Search Terms not working

I want to restrict a given role's access to the data in Splunk by using 'Restrict search terms' under access controls...

by Builder in

Splunk Query to find changes in ip address and url

Hi Guys,I am trying find changes in office 365 ip address and URL using SPL by comparing results from today to yester...

by Loves-to-Learn in

How do you get a timechart to display local time in Visualization?

I have the following query: host=PRODPLEX NOT "C:\\WINDOWS\\system32" | timechart span=1m sum(deltatasks) Th...

by Engager in

After extracting a field with rex, what is the most efficient way to call stats on a specific value within this field?

Hi, any help with this would be appreciated! rex field=msg.message "loc=(?<place>\d+)" | search place="16" ...

by Engager in

How to filter events using lookup table?

I've tried to follow others posts as well as the documentation here and I've come up empty. I have a bunch of device ...

by Explorer in

Need help to comparing two pieces of information from two different hosts

how can I compare information from two different hosts? For exemple, On a host I have the name, number and phone ca...

by Engager in

Filter Email Address Country of Origin Using Lookup

Assume I have a simple search that lists in a table the email addresses of those who recently sent an email: in...

by Explorer in

IP address separating from 1 source

I have a list of ip address that come from 1 source, I want a query to list the ip address separately and make them t...

by Explorer in

Unable to get return results from inputlookup

I am unable to get additional columns from a CSV I have referenced in an SPL query that I have written. In the CSV t...

by Contributor in

Listing all saved searches from all apps via REST without correlation searches

Hi All, So, I know I can get a list of all enabled saved searches by doing: | rest count=0 /servicesNS...

by Explorer in

Database Records

Hi @gcusello , Following is the query that used to return database records but now it is not working. dbquery...

by Path Finder in

How do i correlate events using subsearch from two sources based on two different conditions?

Hello Splunker, I have a below scenario where i am struggling to come up with search query, and would like to ask y...

by Explorer in

events results time in milliseconds

hi, i sent Splunk value, for example x=1. after 10 milliseconds i send again x=2 etc. when i search for x. i see ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do you change a span of 1 week time to start from Saturday to friday?

Search speed up

Define & use variable in same search

Can you exclude specific files from the Splunk file validation?

Filtering by OS

I see a list of generic names under "savedsearch_name" on search heads, but where are these searches actually saved?

Comparing two fields from events with fields from a list Lookup

Why is Restrict Search Terms not working

Splunk Query to find changes in ip address and url

How do you get a timechart to display local time in Visualization?

After extracting a field with rex, what is the most efficient way to call stats on a specific value within this field?

How to filter events using lookup table?

Need help to comparing two pieces of information from two different hosts

Filter Email Address Country of Origin Using Lookup

IP address separating from 1 source

Unable to get return results from inputlookup

Listing all saved searches from all apps via REST without correlation searches

Database Records

How do i correlate events using subsearch from two sources based on two different conditions?

events results time in milliseconds

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

Tech Talk | One Log to Rule Them All

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Uninterrupted time (downtime) between alerts whil...

How to search multiple strings from lookup and pro...

Help on tstats search?

Matching index field value with lookup field value

extract fields from json-wrapped postfix logs?