Splunk Search

Discussions

Thread Info

How can we prevent users from creating knowledge objects within the Search app?

A similar question as in Is there a way to prevent users from saving knowledge objects in the Searching and Reporting...

by Ultra Champion in

Rename Extracted Fields Name

Is there a way to rename the extracted fields in the Interesting Fields section? Example would be Interesting Fields...

by Path Finder in

Is there a systemd unit file for Splunk?

systemd replaces SysV init scripts and some Linux distributions are migrating to or currently support systemd (such a...

by SplunkTrust in

Need to extract elapsed time

hi, I have a query with the below mentioned resultset logger: com.optum.bh.benefit.plan.api.BhBenefitPlansResou...

by New Member in

How to sum multiple columns by multiple names?

Hi, how do I sum multiple columns using multiple columns? For instance, my data looks like this: How do I ...

by Engager in

How to subtract _time field from Multifield value

Hello I have a search with an MV Value this is called HeartBeatTime. I like to create an allert when the HeartBeatTim...

by Explorer in

Has any one created SPL query for detecting Lateral movement of users

I am currently trying to create a SPL query to detect any suspicious lateral Movement to be detected from windows log...

by Engager in

spl query output mismatch

index=_internal host=abc123 source="metrics.log" group=tcpin_connections fwdType=uf |dedup hostname |table hostname ...

by Path Finder in

match function is not working

I have two fields called field1, field2. Both are having same value as "xyz" but when i try to compare them with matc...

by Path Finder in

サーチ結果からアラーム的にブラウザ側で音(MP3)を再生することはできますか。

リモートワークがフォーカスされてきており、オペレーションセンターに勤務ができない状況が続いております。このため、今までアラームをパトランプでセンター側で鳴らしていたのですが、自宅でオペレーションすることになり、自宅側でもアラームを認識...

by Splunk Employee in

Timechart trend

I have to show trends in one search: I'd like to have the results of last 24 hours and to compare it with the result ...

by SplunkTrust in

How to set a bar chart by quarter?

I have the following code that shows leases that end in June. | inputlookup Leases.csv | rename "Lease End" as l...

by Motivator in

Eval If - count one item against sum total of the rest of the items in the group

Hi, So I a page with more than a few urls that represent that same page. However, one of these urls has a value th...

by Communicator in

Customer count between two percentile count of API response times

Hi All, I am little bit of a novice with Splunk, but I am curious to find the distinct number of customers between...

by New Member in

RegEx to Parse Field Containing Json Format

I am attempting to parse logs that contain fields similar to the example below. Field name being ValidFilterColumns, ...

by New Member in

Help with error from a custom command: ERROR SearchStatusEnforcer - sid:1536453655.14705 Search auto-canceled

Hello, Splunk 7.1.3, Linux x86_64. One of my custom (SCPv1) commands errors when the number of events returned ...

by Path Finder in

Query to find Memory in percentage

How would i need to modify the below query to get Memory value in percentage when the threshold exceeds 90. Kindly su...

by Path Finder in

Join Two Searches Using Matching ID - But Different Field Name

Greetings, Our developers are logging what user views a particular web page and flag it via the "ID" field. If a u...

by Path Finder in

Saved search failing with gen_id mistmatch

Hi There, Recently one of our saved searches have been failing intermittently with the error below, the search is ...

by Path Finder in

props.conf to capture specific words from the log files

How to capture only the words "successfully sent using abc.def.com" before indexing in splunk from the below log file...

by New Member in

Field Extractions During Search Time

Hi Team, I want to do a field extraction during the search time itself so i want the following fields to be extrac...

by Contributor in

how i can compare last 5 fields and exclude from result

i want to compare if last 5 digits of user ID are same don't show in result how it can be done 0012345 abc0012345 ...

by New Member in

Timechart with dedup of 2 fields

For my logs with IP and Vulnerability ID (VID), I have few duplicate values. Which I can easily remove with "dedup IP...

by Path Finder in

timechart call Time

Hi, I tried to made a timechart (call duration) , the value I onyl have is the Users and the methods and the call ...

by New Member in

Trellis multi value by date

Hi I want to create chart that compare single values daily. for example want to compare (about 30 different product ...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How can we prevent users from creating knowledge objects within the Search app?

Rename Extracted Fields Name

Is there a systemd unit file for Splunk?

Need to extract elapsed time

How to sum multiple columns by multiple names?

How to subtract _time field from Multifield value

Has any one created SPL query for detecting Lateral movement of users

spl query output mismatch

match function is not working

サーチ結果からアラーム的にブラウザ側で音(MP3)を再生することはできますか。

Timechart trend

How to set a bar chart by quarter?

Eval If - count one item against sum total of the rest of the items in the group

Customer count between two percentile count of API response times

RegEx to Parse Field Containing Json Format

Help with error from a custom command: ERROR SearchStatusEnforcer - sid:1536453655.14705 Search auto-canceled

Query to find Memory in percentage

Join Two Searches Using Matching ID - But Different Field Name

Saved search failing with gen_id mistmatch

props.conf to capture specific words from the log files

Field Extractions During Search Time

how i can compare last 5 fields and exclude from result

Timechart with dedup of 2 fields

timechart call Time

Trellis multi value by date

CX Day is Coming!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions