Splunk Search

Ask a Question

Discussions

Thread Info

How to sort concatenated DATE&TIME field?

Hi, I have concatenated my DATE & TIME Field as below | eval DATE&TIME=DATE." ".TIME EXAMPLE:(%m/%d/%Y %H:%S) ...

by Builder in

Usage of fieldname and field value for a foreach macro

Hi, I am trying to produce a macro with an event summary that would contain both the field name and field value and...

by Engager in

Search a field for multiple values

I am attempting to search a field, for multiple values. this is the syntax I am using: < mysearch > field=valu...

by Motivator in

benefits of using search command

Hi, any one knows the benefits of search command? search src="10.9.165.*" and src_ip="10.9.165.*" , any difference...

by Explorer in

Correlate data from two diffrent splunk logs and evaluate the diffrence of time fields in both logs.

Hi, i am relatively newer to SPL, i have a usecase to evaluate time difference bwn two fields in two different...

by Loves-to-Learn Everything in

Hello, I need help to extract a value from a string

Hi everyone, I hope someone can help me with the following situation.I have multiple events generated from Azure De...

by Path Finder in

make multivalue field from job ID matching multiple customer IDs

In events that we extract CID and JID from, I would like to have an output of all JID that interacted with multiple C...

by Explorer in

Updating KV Store Field Value For Several Events

Hello, I am having problems approaching this problem. Say we have a KV store that stores asset information from...

by Explorer in

lookup input value null

Hey, I am trying to work with lookup table where input contains 3 fields (A,B,C) and output is D Lookup table str...

by Path Finder in

first packet recorded of the reconnaissance

any idea to write the query to capture the first packet recorded of the reconnaissance from the vulnerability scanne...

by Explorer in

Adding new sourcetype and input result in no effect?

On a heavy forwarder, I added a new sourcetype in /opt/splunk/etc/apps/<my_app>/local/props.conf, [sensor_d...

by Communicator in

Searches showing 0 results when using specific text with slashes /'s and -'s in a field?

I have a search index=foobar flashSteamName=foo/bar-moves/12adw320-df21-dasd-124d-12eda234 \ displays 0 results. ...

by Loves-to-Learn in

Fill in 0 if no result is returned

I am showing list of stopped services by host on a dashboard panel. I have 3 servers to show to show stopped services...

by Explorer in

How to get the date time difference of two different formatted dates

Hi, i am relatively newer to splunk, looking for a solution to get time difference is a splunk sample log like this "...

by Loves-to-Learn Everything in

identify scanner and malicious domain

For example, My ip is 202.101.53.4, I want to identify what are the domains sent me the most number of packets (most ...

by Explorer in

How to extract key, field name, and value with regex?

I'm wondering if somebody had faced this freaking behavior. I wanna extract both key, the field name, and its valu...

by Explorer in

Fetching logs via Splunk SDK on index time and event time simultaneously

Hi Team, We are currently extracting logs from Splunk via Splunk SDK based on index time. We have been seeing issue...

by New Member in

Subsearch produced 50000 results, truncating to maxout 50000

Query: index=summary_estore_error_cust report=DelPassError userType=LoyalElite | rex field=raw "(UserId\W*(?\d+))" | ...

by Explorer in

How to filter a result with two timestamp ?

Hi, I have a search which I want to optimise by replace the join command : index="AAA" sourcetype=BBB ...

by Builder in

Search events for multiple samaccountnames

Hello Cam someone assist on how to do a search like below for multiple samaccountnames ? ideally from a txt fil...

by Explorer in

how to query time spent by user in a console

Hi I want to create a report to display time spent by user in a console Being beginner doesnt know how to query . ...

by Path Finder in

timechart data derived from lookup

Hi, I have data that contains a field in binary that i can use a lookup table to map the various binary values to a...

by Path Finder in

Post processing gives incorrect results

Hello Everyone, I am new to the splunk and this community. I have searched everyone for my problem but i could not ...

by Explorer in

streamstats and eval combination to find error

by Builder in

Greater and less than

Hi, I'm trying this search and it seems to be working as i'm not getting anything outside the range. The issue is I'...

by Loves-to-Learn in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to sort concatenated DATE&TIME field?

Usage of fieldname and field value for a foreach macro

Search a field for multiple values

benefits of using search command

Correlate data from two diffrent splunk logs and evaluate the diffrence of time fields in both logs.

Hello, I need help to extract a value from a string

make multivalue field from job ID matching multiple customer IDs

Updating KV Store Field Value For Several Events

lookup input value null

first packet recorded of the reconnaissance

Adding new sourcetype and input result in no effect?

Searches showing 0 results when using specific text with slashes /'s and -'s in a field?

Fill in 0 if no result is returned

How to get the date time difference of two different formatted dates

identify scanner and malicious domain

How to extract key, field name, and value with regex?

Fetching logs via Splunk SDK on index time and event time simultaneously

Subsearch produced 50000 results, truncating to maxout 50000

How to filter a result with two timestamp ?

Search events for multiple samaccountnames

how to query time spent by user in a console

timechart data derived from lookup

Post processing gives incorrect results

streamstats and eval combination to find error

Greater and less than

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

Observe and Secure All Apps with Splunk

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions