Splunk Search

Ask a Question

Discussions

Thread Info

Unknown search command 'dbxlookup'.

Hello Community! I have created a Dashboard with a dbxlookup command in the search. As an admin, i don't have prob...

by Communicator in

Search Timechart max for a day

Hi! Could you please help me with that special case of search? This is my data:User App1. user1 appA2. user1 ap...

by Communicator in

how to not index some data or send it to null queue

Hi, I want to know if there is some mechanism by which i can stop indexing a particular kind of data like if segme...

by Communicator in

Regex help please

I have field username - they show up as username=mike and in some cases username=mike. with a dot in the end. How do ...

by Explorer in

Group multiple events and also index logs with 03 hours less than the time zone.

Hello everyone. I need to index the logs below and the example that is on my Dropbox link in a new sourcetype. ...

by Path Finder in

Fetch the data from the fields which has multiple words in the field name using regular expression?

I have the event as below: Mar 31 13:21:29 vg1 : %ASA-4-113019: Group = EMPLOYEE, Username = VAZQUD68, IP = ...*, ...

by Engager in

What Query should i use to look for a certain directory in Linux Servers where the data is mounted?

What Query should i use to look for a certain directory in Linux Servers where the data is mounted? So basically s...

by New Member in

How Can I Extract Specific Email Subject Keywords?

Good evening, How to extract couple of subject email keywords from specific field "message_subject" Let's consi...

by Engager in

Email from Malicious sender

Hi Guys, I am trying to create search for: "Email received from malicious sender" Can somebody help to create s...

by New Member in

Grouping ans Sum

We have an XML document import into Splunk.

by New Member in

Performing an Splunk LDAP search from a field in an existing csv file

Here is what I'm trying to accomplish. I have an csv file that I generated with an existing search that looks like th...

by Explorer in

Search shows 0 events

I indexed data from a local directory. All of them are Web Access Logs so I set the sourcetype to access_combined. As...

by Engager in

Regex certain value from a field

Hello, I have a regex question. I have a field called "Container" and below are the examples of the values. I woul...

by Explorer in

Keyboard Shortcut to Format Search

At .conf this year, a new feature was showed off that allowed auto-formatting of SPL in the search bar with the press...

by Path Finder in

Splunk search basic queries

Hi so suppose in my results there are 2 logs that are being retrieved. There is a status message which is either true...

by Explorer in

How to search the chain of users that sent an email

Hello, My data are like this, sender , receiver, _time userA, userB, _time1 userB, userC, _time2 userB, userD, ...

by Engager in

Return tag pair if tag contains any value

I would like to return all messages that contains tag 6410. Currently the below will return all messages even if they...

by Path Finder in

How can I use the results of a search in a second search?

I'm running a query which returns destination ip address of external traffic of a user in one column something like t...

by Engager in

Help joining multi row search

Hi everyone, I am new to Splunk and still learning. Can someone please help me on the below query? My log file:...

by Path Finder in

How to update particular row of existing lookup csv ?

I have existing lookup csv. I want to update a row with new value. ID Name Location 549 Test_1 Bangalore 549 Test_2 D...

by Path Finder in

Timezone Query

I have a Deploy server application that I use to control my "SYSLOG" server that receives logs from various other sou...

by Contributor in

StartsWith breaks the transaction

Hello everyone, I am trying to extract some data from the logs. I have created a little search that works well: ...

by New Member in

Getting count of data by days

Hi guys! I am looking to get the number of tickets that are completed in under 14 days, 30 days, 45 days and 45+ days...

by New Member in

VPN count

Hi - We want to get users connected in 1 hour. When a user connects we get event_id="globalprotectgateway-auth-succ" ...

by Explorer in

How to group by date range from JSON Values?

I'm newer of splunk. On my log I've a JSON with two fields of interested: "initialCreationDate":"2020-03-02T00:00:00"...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Unknown search command 'dbxlookup'.

Search Timechart max for a day

how to not index some data or send it to null queue

Regex help please

Group multiple events and also index logs with 03 hours less than the time zone.

Fetch the data from the fields which has multiple words in the field name using regular expression?

What Query should i use to look for a certain directory in Linux Servers where the data is mounted?

How Can I Extract Specific Email Subject Keywords?

Email from Malicious sender

Grouping ans Sum

Performing an Splunk LDAP search from a field in an existing csv file

Search shows 0 events

Regex certain value from a field

Keyboard Shortcut to Format Search

Splunk search basic queries

How to search the chain of users that sent an email

Return tag pair if tag contains any value

How can I use the results of a search in a second search?

Help joining multi row search

How to update particular row of existing lookup csv ?

Timezone Query

StartsWith breaks the transaction

Getting count of data by days

VPN count

How to group by date range from JSON Values?

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions