Splunk Search

Ask a Question

Discussions

Thread Info

Parse decoded HTTP data

Hi all, I am new to Splunk and trying here to parse decoded HTTP data to table with unique fields like "Method", "...

by Path Finder in

correlating of events

I want to correlate the login events of aws console to login events of cyberark. people login to aws console vi...

by Engager in

Compare today's search with yesterday's search

Hello Team, I have below search but I want to compare today's data with Yesterday's data in same way this week ...

by Path Finder in

Combining searches that look for a lack of data without using append

Hi All, Hoping someone can point me in the right direction with this one. The use case is there are some processes...

by Explorer in

How to see the sequence of logs

Hello, Is there any way, I can check the sequence of logs. For example: I have following list of msg 1. "M...

by Explorer in

Event count variation between base and non-base search dashboard panels

I have a dashboard which counts the number of times a user performed an action. I have 3 time frames (last 24h, 7d, ...

by Path Finder in

Select a column (named as days of the week) and copy over to a new column

Hello, I have an inputlookup table (test.csv) with a few columns including 7 columns (for 7 days of the week) as sh...

by Explorer in

Multiple Where Clause

I'm running the below query across the network and would like it to pinpoint that search towards two users rather tha...

by Communicator in

Does Splunk Log if a lookup file is modified?

Does Splunk generate logs when a lookup file is modified? I have some searches that use lookup files. I'd like to ...

by Communicator in

Scatterplot elapsed time by date with both earliest and latest query matches

I'm trying to track the elapsed time it takes a user to complete a web application based on the earliest and latest o...

by Explorer in

How to attract a specific word from string using rex?

Hello Splunk Experts! I have a string like below rex " - - (?<text>foo|bar) " | ..... I want to take the text w...

by Path Finder in

Distribution function using bin

I am trying to create a PDF and CDF with limited amount of buckets: ... | bucket bins=10 fs as fsBinned| stats coun...

by New Member in

Extracting Key Value Pairs from a JSON object and convert them to fields

Hello Splunk Community, We have two types of logs being forwarded to splunk a simple .log file and json logs that a...

by Loves-to-Learn Lots in

How to find the no of days different between indexed date time and the field exists date in my search?

Hi, i am new to splunk, i need to find the number of days different between indexed time date and the field exists da...

by Explorer in

InfoSec App Datamodel Searches

I'm trying to use the CIM to look at some firewall data in the InfoSec app. I've setup the event tagging and field al...

by Path Finder in

how to find differnce between epoch

When i try to find the difference between two epoc1)find the days range i get blank values2) and i need to filter onl...

by Explorer in

Repeat index and host time in tablerow

Hi, i need index time and host time to repeat for each data for host, printedA_epoch & printedb_epoch, how can i achi...

by Explorer in

eval status=if ("inputlookup line x<70% and x+1>50%) Boolean While Loop?

Hello, I am looking for some help on status evaluation. What I am trying to do is create a eval column where you ei...

by Engager in

How to sum one field values based on other fields values

i'm trying to sum one of the fields values based on the other field values. For example Source Remediated ...

by Communicator in

inputlookup in search macro generates error message

My search consists solely of a call to a search macro. It looks like this: `blabla1(host="blabla2", mon-host="blabl...

by Explorer in

Use of predict command for alerting

Well , I want to create an alert which alert me whenever there is spike in Errors. Currently we are comparing say pas...

by Path Finder in

Using multivalue field as field-list for transaction

When multivalue field is given as field-list for transaction, transaction does not attempt to combine the events desp...

by Engager in

How to fetch mathed fileds values from index with lookup table ?

Hi Team, I tried all possibilities to extract the data from index which are matched field values with lookup table ...

by Engager in

How to optimize a search which contains a join of 2 queries having different time picker each ?

Hi, I have a performance issue with a query using a "join" command. The problem is that the first search using a ti...

by Builder in

I'd like to get an idea for data grouping.

I have numeric data.I'd like to group the data.It is easy to use 'Kmeans' command, but it cannot be necessarily k=3.I...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Parse decoded HTTP data

correlating of events

Compare today's search with yesterday's search

Combining searches that look for a lack of data without using append

How to see the sequence of logs

Event count variation between base and non-base search dashboard panels

Select a column (named as days of the week) and copy over to a new column

Multiple Where Clause

Does Splunk Log if a lookup file is modified?

Scatterplot elapsed time by date with both earliest and latest query matches

How to attract a specific word from string using rex?

Distribution function using bin

Extracting Key Value Pairs from a JSON object and convert them to fields

How to find the no of days different between indexed date time and the field exists date in my search?

InfoSec App Datamodel Searches

how to find differnce between epoch

Repeat index and host time in tablerow

eval status=if ("inputlookup line x<70% and x+1>50%) Boolean While Loop?

How to sum one field values based on other fields values

inputlookup in search macro generates error message

Use of predict command for alerting

Using multivalue field as field-list for transaction

How to fetch mathed fileds values from index with lookup table ?

How to optimize a search which contains a join of 2 queries having different time picker each ?

I'd like to get an idea for data grouping.

.conf25 Community Recap

Splunk App Developers | .conf25 Recap & What’s Next

Congratulations to the 2025-2026 SplunkTrust!

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions