Splunk Search

Ask a Question

Discussions

Thread Info

how to query time spent by user in a console

Hi I want to create a report to display time spent by user in a console Being beginner doesnt know how to query . ...

by Path Finder in

timechart data derived from lookup

Hi, I have data that contains a field in binary that i can use a lookup table to map the various binary values to a...

by Path Finder in

Post processing gives incorrect results

Hello Everyone, I am new to the splunk and this community. I have searched everyone for my problem but i could not ...

by Explorer in

streamstats and eval combination to find error

by Builder in

Greater and less than

Hi, I'm trying this search and it seems to be working as i'm not getting anything outside the range. The issue is I'...

by Loves-to-Learn in

Need help with creating table and regex

{"line":{"log_type":"testlog","log_version":"1.0.0","service":"test","version":"1.0.0","timestamp":"2021-10-01T22:24:...

by New Member in

How to combine multiple rows into different columns on single row

I have a query that returns the following result. StatusCount200800404344002050012 And I would like to tr...

by New Member in

Extract aggregated micro-service calls

I have a service that is 1 to many microservice so I am aggregating the backend calls into a single entry. ...

by Loves-to-Learn in

collect command and time

I have two Splunk servers and run the following command | makeresults | fields - _time | collect index=temp add...

by SplunkTrust in

How to get locale and numbers shown right in the Splunk UI

Hi @gljiva (and others), I'm situated in Scandinavia, where we no one uses the US way of showing numbers ie: ...

by Explorer in

Splunk query for port scan

Hi All, I am looking for splunk query to detect vertical and horizontal port scan in the Infra. Any help in this re...

by Explorer in

Issue with missing data when using transaction

I use the following querysource="/opt/apps/spring-boot/abc/log/communication.log"| rex "\"correlation\" : \"(?P<corre...

by Explorer in

how to combine 2 separate queries and list there data in tabular format.

e.g QUERY 1: host=jtcstcxbsswb* source="/usr/IBM/HTTPServer/logs/access*" httpmethod="GET" statuscode="200" loaninf...

by Explorer in

What causes Maximum Disk Usage error?

We are working on/ developing 4-5 Dashboards with around 10 Charts in each Dashboard. When we work on multiple Dashbo...

by Explorer in

Filter IP out from datamodel

Hello guys, I'm having issues solving this one. I have a generated datamodel of our network traffic (internal) and ...

by Engager in

multiple event code search

we want to detect the multiple events together, for example, we want to find out those events which have event 4741 a...

by Explorer in

Field extraction using rex

Hi, I am new to splunk, I am trying to extract specific message from my log event. The pattern I am looking fro...

by Explorer in

Query to get the search which consumed more memory and CPU for the past 1 hour

SPL query to get the ADHOC search or saved search (with user info) which consumed maximum memory and CPU for the past...

by Path Finder in

How to return results in sub-search only if it does not match the results in the main search? o365 AD logs

Hello, Using the o365:management:activity logs, I'm trying to create a search where I: Get a list of users and th...

by Engager in

Replace string in column A based on query of multiple columns

HiI have this table: customer | city A | NY B | NY A | LA and I want to replace the value in `cust...

by Engager in

Finding new IP addresses that haven't been seen before.

Hey,I have a splunk instance digesting nmap results. Each host that is found on the network generates an event that h...

by New Member in

csv lookup number vs string

I have a csv lookup that has a column with numerical data (specifically integers). When I do the lookup, splunk is t...

by Path Finder in

Exclude Null in subsearch

I have the following query used to build a chart. Sometimes, the incoming events do not have the fields set. How coul...

by Explorer in

Transaction command is not closing transactions and is hitting the max open transaction limit (maxopentxn).

We recently upgraded to from 7.1.2 to 8.0.3 on on-prem Splunk Enterprise. A previously working saved search is no lon...

by Path Finder in

Query to get the list of all indexes under a specific index cluster

Is there any query to get the list of all indexes under a specific index cluster.

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

how to query time spent by user in a console

timechart data derived from lookup

Post processing gives incorrect results

streamstats and eval combination to find error

Greater and less than

Need help with creating table and regex

How to combine multiple rows into different columns on single row

Extract aggregated micro-service calls

collect command and time

How to get locale and numbers shown right in the Splunk UI

Splunk query for port scan

Issue with missing data when using transaction

how to combine 2 separate queries and list there data in tabular format.

What causes Maximum Disk Usage error?

Filter IP out from datamodel

multiple event code search

Field extraction using rex

Query to get the search which consumed more memory and CPU for the past 1 hour

How to return results in sub-search only if it does not match the results in the main search? o365 AD logs

Replace string in column A based on query of multiple columns

Finding new IP addresses that haven't been seen before.

csv lookup number vs string

Exclude Null in subsearch

Transaction command is not closing transactions and is hitting the max open transaction limit (maxopentxn).

Query to get the list of all indexes under a specific index cluster

Celebrating Fast Lane: 2025 Authorized Learning Partner of the Year

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions