Splunk Search

Ask a Question

Discussions

Thread Info

How to use search and regex command to filter events

The events have fields like below: description, code AAxxxxx, 200 AAxxxx,301 AAxxxx,401 BBxxxx,200 BBxxxx...

by Explorer in

searching for multiple destination ports

I have a search query for: dest_port=4402 I want to include 4404. what would the syntax for dest_port look l...

by Engager in

splunk predict period limit 2000 ??

Dear All expert ~ we have some data that every 5 minutes generated. and we want to predict it , we need to use t...

by New Member in

Windows Servers - High CPU usuage of process that is greater than 90

Hi Team, I wanted to set up alert in Splunk cloud for windows machines when CPU% of a single process is greater tha...

by Path Finder in

Splunk rest api , if hostname matched

Hi,I try to if saved search result hostname is matched, reload deploy-server with rest API. But When saved search run...

by Path Finder in

How to create a table which matches a lookup file and fields created at search time?

Hi All I am trying to create a search which will give me an output similar to below Index Server Name Applica...

by Path Finder in

How can I force a timechart to snap to the end of the week rather than beginning?

I have a very simple search to count the amount of emails delivered by week and display this in a timechart over the ...

by Explorer in

Splunk Add-on for microsoft cloud services not getting loaded in splunk cloud instance.

I installed Splunk Add-on for microsoft cloud services in splunk cloud. I am splunk cloud admin. When I installed App...

by New Member in

how to ignore a column using addtotals/addcoltotals

Here is my search index="aries" splunk tt=HL7* | chart count by si , tt | addtotals | addcoltotals| rename si as...

by New Member in

上位XX位とその他の合計値の集計について

お世話になります。集計のサーチ文の書き方についてご教示ください。やりたいことは下記の通りです。・販売数で集計し、Top3を出力する。・その他は合計して集計する。・販売数で集計した結果に、商品名をキーとして割引販売数の...

by Explorer in

How to get a logging hours report of the employee in splunk

Hi Community, I Need to find the login hours of the user/employee. Did we see those results in splunk...? Please he...

by Path Finder in

Curl command error - b"/bin/sh: -c: line 1: syntax error near unexpected token `?P'\n/bin/sh:

When im trying to pull data using Curl on my mac for command :' curl -s -ku admin:admin -o ?Users/Vivek/Desktop/09012...

by Explorer in

Splunk query find percent of Indexes and hosts used in last 24 hours.

Please help me with splunk query to find below 2 things. 1. To find percent to events/logs utilized by differents I...

by Contributor in

fit command in MLTK detecting categorial outliers

Hi, I tried the below query to fit my model, sourcetype=files command="*cmd.exe*" earliest=-90d@d latest=-1d@d|st...

by Path Finder in

Upgrading Splunk as root modified file system using tar.gz

Hello, looks like upgrading Splunk as root modified our file system using tar.gz, is this normal behaviour? [...

by Motivator in

Scheduling the training set in MLTK

Hello, I have used OneClassSVM algorithm for anomaly detection and after applying fit command I have a training dat...

by Path Finder in

Using three events without common fields to get list of IDs

Hi all, I'm trying to figure out how to get my hands on a list of IDs which are determined by referring to three ev...

by Engager in

Conditional cell format without JS?

Hi, I would like to color the cells from a column table depending on their time value is it possible to be done ...

by Explorer in

Getting alerts on sudden increase in traffic.

I have a custom script that collects stats on a custom HW appliance every minute and forwards it to our splunk system...

by Explorer in

Need results exact URL mentioned in macros

i am using macros for this urls here i have urls like /accountinformationview/AccountInformationView /emai...

by Explorer in

finding percentage

Good Day all, I would like to find the percentage of devices that has updated. The way I would like to do this is ...

by Engager in

Search within dynamic list of items

I have an item to search withing logs with the schema similar to one below. It is kind of searching for certain uri ...

by Loves-to-Learn in

Why is my search on JSON data producing duplicate results for each line, except for the date and time?

Hi guys, I have a problem. Every time I try to run the following search, the result is duplicated in each line, bu...

by Contributor in

How to find the missing number sequence from a table?

For eg: i am having the following table after search in splunk IDS Time 1 30 3 ...

by New Member in

splunk concatenate field in table

Hi, As newcomer to splunk , i have the following ironport log : <38>Sep 22 02:15:35 mail_logs: Info: Message fini...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to use search and regex command to filter events

searching for multiple destination ports

splunk predict period limit 2000 ??

Windows Servers - High CPU usuage of process that is greater than 90

Splunk rest api , if hostname matched

How to create a table which matches a lookup file and fields created at search time?

How can I force a timechart to snap to the end of the week rather than beginning?

Splunk Add-on for microsoft cloud services not getting loaded in splunk cloud instance.

how to ignore a column using addtotals/addcoltotals

上位XX位とその他の合計値の集計について

How to get a logging hours report of the employee in splunk

Curl command error - b"/bin/sh: -c: line 1: syntax error near unexpected token `?P'\n/bin/sh:

Splunk query find percent of Indexes and hosts used in last 24 hours.

fit command in MLTK detecting categorial outliers

Upgrading Splunk as root modified file system using tar.gz

Scheduling the training set in MLTK

Using three events without common fields to get list of IDs

Conditional cell format without JS?

Getting alerts on sudden increase in traffic.

Need results exact URL mentioned in macros

finding percentage

Search within dynamic list of items

Why is my search on JSON data producing duplicate results for each line, except for the date and time?

How to find the missing number sequence from a table?

splunk concatenate field in table

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions