Splunk Search

Ask a Question

Discussions

Thread Info

How to sort dynamic column names after timechart and transpose

Hi, I'm creating a report with the following search that runs each month covering the past 3 months of data. It w...

by Explorer in

Regex/Rex - Non Capture Groups

Hi all. New here. So I have been working with some data strings that contain varied asset numbers for computers...

by Observer in

Create a dashboard that displays a user name accounts that have received a password reset email.

I'm trying to create a dashboard that displays a user name accounts that have received a password reset email.

by Explorer in

What I did wrong here with makeresults command

Hello experts, I am trying to create a custom macro, from that it will returns a result depends on the argument I p...

by Path Finder in

Checking mvexpand Memory Usage

Hi All,We are trying to get the memory usage of mvexpand command so that we can set the max_mem_usage_mb in the limit...

by New Member in

Local Documentation: Is it possible to have a local copy of what is at docsCheckerBaseURL?

Is it possible to have a local copy of what is at docsCheckerBaseURL

by Engager in

How to use iplocation to search for instances of a specific city or region?

Hello, I am trying to use iplocation to search for instances of a specific city or region for example: * ...

by Loves-to-Learn in

How to add DATE to a timestamp without a date

We have some log files with name like this: logs_2020-06-30.logs. A sample events looks like this: 2020-07-...

by Contributor in

transforms.conf INGEST_EVAL cannot get current time

Hi everyone, I am trying to add a field for the current OS time. Here is my props.conf and transforms.co...

by Contributor in

How to create custom command in python to write result SPL to CSV file?

Hi splunker, I would like to create a python custom commands to write results of SPL commands in a CSV file. th...

by New Member in

Statistical analysis of failed logins

I have been trying to look at statistical figures for failed login attempts over a 30 day period for each user by the...

by Explorer in

Co-relation Search between two data sources

Mighty Splunk people... I'm having a problem creating an alert for following scenario: Data source 1: index=mail s...

by Engager in

Finding ip's not in a inputlookup

Hi All, I appreciate that there are tons of answers on this but I am having issues getting it to work! I have a c...

by Explorer in

'Empty' a csv on a daily basis

Hi all, I have a dashboard where users can add comments to a .csv lookup file. The comments are only related to th...

by Communicator in

How to compare and match timestamp of one field with the latest timestamp of other field before calculating duration ?

Hi All, I am currently getting following results from my search query - time1 ...

by Path Finder in

How to sum all the Latest events for the specific field

How to sum all the Latest events for the specific field Example: Raw data of the event: Client=XXXXX,Cr...

by New Member in

Dynamic lookup - how to remove entries?

Hello, I have following issue: I have VPN GW used to remote connecting of users, this GW sends log to Splunk. I w...

by Path Finder in

Search for IP Addresses more efficient using wildcards or CIDR ranges

Hello I'm looking to run a search in a Firewall log index for connections to a know IP range and trying to deci...

by New Member in

Search Data 1 Minute Ago

I have data that has _time from 18:00:20-18:00:52 and I set my current time to 18:01 so it should search the 18:00 ti...

by Path Finder in

Error with Search Scheduler

Hi Splunk users, After I successfully deployed a Splunk standalone, I see this error message reg Searches skipped:...

by Path Finder in

Question about replace(X,Y,Z) function

I'm kind of new in Splunk and found one syntax of replace when I read the official document. Here is the link https:/...

by Explorer in

Extract multiple name value pairs from a field

Hello, I have a field that contains the string below. a) There can be fewer/more than the 4 events listed below....

by Engager in

Inconsistent behavior with eval after stats

I have this query that matches two types of events, sending a request and receiving an answer. My goal is to take the...

by Engager in

Splunk users won't update in Ldap authentication

I can't assign roles to and can't see new users in Splunk search head for last 2 weeks. We have LDAP auth. A part o...

by Path Finder in

If I use an automatic lookup to overwrite field values, can it be configured to overwrite only if a match exists?

Hello all, The question is self explanatory I think. I've seen similar questions that are resolved with an eval, but ...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to sort dynamic column names after timechart and transpose

Regex/Rex - Non Capture Groups

Create a dashboard that displays a user name accounts that have received a password reset email.

What I did wrong here with makeresults command

Checking mvexpand Memory Usage

Local Documentation: Is it possible to have a local copy of what is at docsCheckerBaseURL?

How to use iplocation to search for instances of a specific city or region?

How to add DATE to a timestamp without a date

transforms.conf INGEST_EVAL cannot get current time

How to create custom command in python to write result SPL to CSV file?

Statistical analysis of failed logins

Co-relation Search between two data sources

Finding ip's not in a inputlookup

'Empty' a csv on a daily basis

How to compare and match timestamp of one field with the latest timestamp of other field before calculating duration ?

How to sum all the Latest events for the specific field

Dynamic lookup - how to remove entries?

Search for IP Addresses more efficient using wildcards or CIDR ranges

Search Data 1 Minute Ago

Error with Search Scheduler

Question about replace(X,Y,Z) function

Extract multiple name value pairs from a field

Inconsistent behavior with eval after stats

Splunk users won't update in Ldap authentication

If I use an automatic lookup to overwrite field values, can it be configured to overwrite only if a match exists?

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions