Splunk Search

Ask a Question

Discussions

Thread Info

Check on in between of a ranger query

Hello, How can I get all the pod names with a query where the value will be in between 1.5 - 2.5. I can share a sam...

by New Member in

How to change the green color of the timeline in the indexer?

In the indexer, the search for data returns a timeline and details.The timeline is always green: This is fine ...

by Observer in

how to improve eventstats efficiency

Hello,I need help improve efficiency of my search using eventstats.The search worked just fine, but when I applied to...

by Motivator in

eventstats with conditions

Hello,Is it possible to use eventstats with conditions?For example:I only want to apply eventstats only if field name...

by Motivator in

Search based on response from another search query

First Splunk query gives me a value in a table. The value is a jobId. I want to use this jobId in another search quer...

by Explorer in

How to stats count by app name , and avg count per minute by app name together in one query

index=abc cf_space_name=prod-ad0000123 cf_app_name IN (RED,Blue,Green) "Initiating " OR "Protobuf message received" O...

by Explorer in

Splunk regex bug/issue

Hello, I have a case where I need to do regex and I built my regex using regex101, everything works great and catchs...

by Explorer in

How to prepend entry in lookup

Hi All, I want to add entry on first row of my lookup. I know how to append the entry using outputlookup but is the...

by New Member in

comparing datetime with current datettime

following query yields no results: index=shared_data source="lambda:maintenance_window_handler" sourcetype="ht...

by Path Finder in

Using CIDR in a lookup table

Fellow Splunkers I am building a query where I want to report on location based on source IP address. For example ...

by Path Finder in

Help in extract data using rex in Splunk

I have 2 records for PaymentType as send and receive. I would like to extract PaymentType as receive only so that I c...

by Engager in

Match One Without Another, with Delay

Hello, I have programs which write status events to Splunk. At the beginning they write EVENT=START and at the end, t...

by Explorer in

Case with a multivalue field in calculated field not working

For CIM compliance I am trying to fill the action field from some logs using a case. This works in search but not in ...

by Explorer in

Splunk query using azure KQL data with concatenation

Hi there, I am trying to get some data from MS Defender into a Splunk query. My original KQL query in azure cont...

by Engager in

drawing trace and span Splunk enterprise

hello,has anyone worked with traces (generated with opentelemetry) of an application on a splunk enterprise?i am inge...

by Path Finder in

Missing SSE-data_availability_latency_status.csv in Splunk Security Essentials 3.8.0

When navigating to "ESS" -> "Data" -> "Data Availability", will get the following error:>>>Error in 'lookup' command:...

by Path Finder in

How do I update a lookup file with updated information

I have a lookup file that contains two columns, ip and mac. I want to update this file daily by running a query that ...

by Contributor in

Consider time range when searching in two index

Hi community, My forwarder is putting logs in index A before 2024/06/01, and in index B after this date. To avo...

by Explorer in

Column chart with two fields sharing one "bucket"

I have data with two fields that share a static range of 10 values. I'd like to show a column chart with the buckets...

by Path Finder in

distinct count not working on summary index (sistats)

Splunk Enterprise 9.0.6 and building a summary index of sourcenumbers (count) and distinct destinations called (dc(de...

by Path Finder in

Extracting Data from complex JSON

I would like to extract the results of each test within the logs array by distinct count of serial number. That is,...

by Path Finder in

Outputlookup a baseline lookup and query for anomalies based on baseline lookup?

Say I create a query that outputs (as a csv) the last 14 days of hosts and the dest_ports the host has communicated o...

by SplunkTrust in

Daily Average Count from the past 7 day period

Current query, this shows the how many successful login attempts there have been.index=abc granttype=mobile| fields ...

by Loves-to-Learn in

Measuring time difference between 2 entries

Hi I am getting a log feed for a transactional system. Each log entry has a status either End, Begin or something i...

by Path Finder in

Splunk Query for Windows Process Names and CPU Utilizations

Hi all, Can you please help me with the Splunk query to list the Windows Process Names and CPU utilizations f...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Check on in between of a ranger query

How to change the green color of the timeline in the indexer?

how to improve eventstats efficiency

eventstats with conditions

Search based on response from another search query

How to stats count by app name , and avg count per minute by app name together in one query

Splunk regex bug/issue

How to prepend entry in lookup

comparing datetime with current datettime

Using CIDR in a lookup table

Help in extract data using rex in Splunk

Match One Without Another, with Delay

Case with a multivalue field in calculated field not working

Splunk query using azure KQL data with concatenation

drawing trace and span Splunk enterprise

Missing SSE-data_availability_latency_status.csv in Splunk Security Essentials 3.8.0

How do I update a lookup file with updated information

Consider time range when searching in two index

Column chart with two fields sharing one "bucket"

distinct count not working on summary index (sistats)

Extracting Data from complex JSON

Outputlookup a baseline lookup and query for anomalies based on baseline lookup?

Daily Average Count from the past 7 day period

Measuring time difference between 2 entries

Splunk Query for Windows Process Names and CPU Utilizations

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions