Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

What is the quickest way to find 100 max values of "Q" on huge log file?

Hi What is the quickest way to find 100 max values of "Q" on huge log file? here is my query: index="my...

by Motivator in

Does rex have an impact on my search performance?

Hi I have couple of rex on my search query that not use anywhere. now question is does it have negative impact ...

by Motivator in

Increasing UI timeout in LDAP Group configuration

I am trying to increase the "Network Socket timeout" in the LDAP group configuration. I tried modifying parameters...

by Communicator in

Rest API - Returning 401 Unauthorized

I'm getting a 401 Unauthorized error no matter what I try, when trying to access the REST API. I've tried with curl a...

by Explorer in

Is it possible to make the data source used by the dashboard conditional on the dropdown choice?

I know with Splunk Dashboard Studio, conditional dashboard on dropdown choice aren't a possibility anymore, but is it...

by Loves-to-Learn Everything in

How to efficiently expand json array entries?

I have a scenario where i want to expand the field and show as individual events. Below is my query, which works f...

by Explorer in

How to create new columns from results?

I'm trying to create table with the top 5 results split into columns, so that I can have multiple results per line, g...

by Engager in

Help with Search != litsearch --- In 'litsearch' there are extra unwanted key=value statements

We are spending a tremendous amount of time tuning our search structures lately. One thing we have run across in our ...

by Path Finder in

Splunk DS deletes props.conf on universal forwarder

Hello, I use Splunk as Indexer and deployment server und I have one universal forwarder installed. I'm getting a...

by Engager in

How to create search for date field?

Hello splunk lovers!i want help with date field and i want fast. i have field, format example: data_started 01.01...

by Explorer in

What regex to use to remove \\ form the hostname fields?

Hi All, I have a hostname stating \\sent134 I need to remove this \\ using regex and it should be like this: s...

by Path Finder in

How to group results and list common occurrences by time?

I have the following data: { "remote_addr": "1.2.3.4", "remote_user": "-", "time_local": "24/Nov/202...

by Explorer in

How to replace join by stats to merge SPL based on common field?

Hi,My datasets are much larger but these represent the crux of my hurdle... Sourcetype= transaction ...

by Explorer in

How to visualize all the search I put using the search command?

HI All, I would like to visualize all the search fields/content I mentioned using the command search: index=* ...

by New Member in

How do I build this Sysmon log search without having required fields?

I want to implement this correlation search: `sysmon` EventCode=10 TargetImage=*lsass.exe CallTrace=*dbgcore....

by Engager in

Nested SubQuery With NOT IN Clause

Hello, I am looking for the equivalent of performing SQL like such: SELECT transaction_id, vendorFROM ordersWHERE...

by Engager in

How to use SED to remove optional fields?

We have api requests that I want to create statistics by the request but to do this I need to remove variable identif...

by Engager in

How do I rename a nested field?

I have an eval query. The details object returned looks like this: { status: 404, code: ERROR } "details.sta...

by New Member in

How to generate _time for search in metadata?

Hi need to generate current date like this "20201123" and use as a search filter on metadata. AFAIK there is no...

by Motivator in

Why am I getting different timewrap results depending on what time of day the search is run?

I have a saved search running every few minutes to append data to a 15 day csv log file within Splunk. I'm trying...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

What is the quickest way to find 100 max values of "Q" on huge log file?

Does rex have an impact on my search performance?

Increasing UI timeout in LDAP Group configuration

Rest API - Returning 401 Unauthorized

Is it possible to make the data source used by the dashboard conditional on the dropdown choice?

How to efficiently expand json array entries?

How to create new columns from results?

Help with Search != litsearch --- In 'litsearch' there are extra unwanted key=value statements

Splunk DS deletes props.conf on universal forwarder

How to create search for date field?

What regex to use to remove \\ form the hostname fields?

How to group results and list common occurrences by time?

How to replace join by stats to merge SPL based on common field?

How to visualize all the search I put using the search command?

How do I build this Sysmon log search without having required fields?

Nested SubQuery With NOT IN Clause

How to use SED to remove optional fields?

How do I rename a nested field?

How to generate _time for search in metadata?

Why am I getting different timewrap results depending on what time of day the search is run?

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Unify Your SecOps with Splunk Mission Control

Data Preparation Made Easy: SPL2 for Edge Processor

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...

Does splunk support Reactive Programming in Java/S...

Alerts not Finalizing- Is there a way to find out ...