Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to add join in one index

This is the piece of code i tried so far but the join part is not working for me i don't know why ((index="ata...

by Loves-to-Learn Lots in

Splunk savesearch expires but still running

Hi I would like to ask why is the Splunk Realtime Savesearch still running even it's expired. Also whats...

by Builder in

How to exclude the private ip range

I try to exclude the private ip range with command | search NOT ( src=10.0.0.0/8 OR src=192.168.0.0/16 OR src=172.16....

by Explorer in

How to create flexible search strings?

Hello Experts, I am wondering is there any ways to make the search strings flexibly? Like I have multiple queries a...

by Path Finder in

Subtract the Results of one search from another search

Search 1 : index=index_123 (msg="*xyz*") | rex field=msg "results\":{\"(?<abc1>.*)\" *" | stats values(_time) as abc1...

by Loves-to-Learn in

create an alert from two diffrent events

We are looking to create an alert that will trigger if two distinct events happens. The first event is a DB health ch...

by Explorer in

Remove additional timestamp from the logs

Hi All i have onboarded linux logs from S3--> Splunk . I found additional timestamp is getting attached to the even...

by New Member in

append or multi search

Trying to make search more efficient. Any tips? Would multi search work more efficiently?index=<myindex> sourcetype=...

by Engager in

How to set span for 1 day and 2 hours?

This is my query and I have some challenges in the log. The thing is my daily job will start at 11 PM. If the job run...

by Contributor in

find other results using search results from first query

its been a while since I've worked with splunk I have an error detail that I can search in splunk: index=* er...

by New Member in

Timechart count by a changing field name

I receive a new csv file every day in the following format: color 1/22/20 1/23/20 1/24/20 1/25/20 yellow 1 ...

by Path Finder in

external_lookup.py is missing

Hi, I'm trying to setup a DNS lookup following the instructions her: https://docs.splunk.com/Documentation/Sp...

by Path Finder in

How to use makemv with tokenizers while keeping non-matching events?

Hi, I have events similar to this example: 1) date1, id1, misc 2) date2, id2, misc 3) date3, , misc 4)...

by Explorer in

How do you use regex to escape a backslash?

Hi, I have the following regex which works on regex101, but gives me an error when I try and use this within a Spl...

by Path Finder in

Fast mode being set automatically

I always use Verbose mode Sometimes I open splunk and it is set as Fast mode as default, why is splunk switching from...

by Engager in

Can i display panel with Even or Odd Click on chart ?

Hi all, Can i display left and right panel based on Even or Odd Click ? For example, I have a chart. And a row ...

by Explorer in

How can we compare two dynamic field values from two lookups

Hi All, I am urgently looking for a help . I have one field object_name which is present in lookup X1.csv and has v...

by Loves-to-Learn Lots in

How to timewrap using the last 1 hour and check the same hour for previous 7 days

Hi everyone, I want to create an alert which runs every hour, checks the last 60 minutes of events to get the count...

by Explorer in

Stuck yet again. percent difference between two searches

So i have this search: index="sense_power_monitor" | where 'usage_info.solar_w'>=0 | bin _time span=1h ...

by Path Finder in

Idle log

i need script in SPL to show when there is an idle forwarder or if a forwarder isn't forwarding

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to add join in one index

Splunk savesearch expires but still running

How to exclude the private ip range

How to create flexible search strings?

Subtract the Results of one search from another search

create an alert from two diffrent events

Remove additional timestamp from the logs

append or multi search

How to set span for 1 day and 2 hours?

find other results using search results from first query

Timechart count by a changing field name

external_lookup.py is missing

How to use makemv with tokenizers while keeping non-matching events?

How do you use regex to escape a backslash?

Fast mode being set automatically

Can i display panel with Even or Odd Click on chart ?

How can we compare two dynamic field values from two lookups

How to timewrap using the last 1 hour and check the same hour for previous 7 days

Stuck yet again. percent difference between two searches

Idle log

Splunk Lantern | Spotlight on Security: Adoption Motions, War Stories, and More

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

Tech Talk | One Log to Rule Them All

How to merge two diff queries, but display only if...

multi-level nested JSON to table?

Matching index field value with lookup field value

extract fields from json-wrapped postfix logs?

How to configure alert when a service is in failed...