Splunk Search

Discussions

Thread Info

Missing SSE-data_availability_latency_status.csv in Splunk Security Essentials 3.8.0

When navigating to "ESS" -> "Data" -> "Data Availability", will get the following error:>>>Error in 'lookup' command:...

by Path Finder in

How do I update a lookup file with updated information

I have a lookup file that contains two columns, ip and mac. I want to update this file daily by running a query that ...

by Contributor in

Consider time range when searching in two index

Hi community, My forwarder is putting logs in index A before 2024/06/01, and in index B after this date. To avo...

by Explorer in

Column chart with two fields sharing one "bucket"

I have data with two fields that share a static range of 10 values. I'd like to show a column chart with the buckets...

by Path Finder in

distinct count not working on summary index (sistats)

Splunk Enterprise 9.0.6 and building a summary index of sourcenumbers (count) and distinct destinations called (dc(de...

by Path Finder in

Extracting Data from complex JSON

I would like to extract the results of each test within the logs array by distinct count of serial number. That is,...

by Path Finder in

Outputlookup a baseline lookup and query for anomalies based on baseline lookup?

Say I create a query that outputs (as a csv) the last 14 days of hosts and the dest_ports the host has communicated o...

by SplunkTrust in

Daily Average Count from the past 7 day period

Current query, this shows the how many successful login attempts there have been.index=abc granttype=mobile| fields ...

by Loves-to-Learn in

Measuring time difference between 2 entries

Hi I am getting a log feed for a transactional system. Each log entry has a status either End, Begin or something i...

by Path Finder in

Splunk Query for Windows Process Names and CPU Utilizations

Hi all, Can you please help me with the Splunk query to list the Windows Process Names and CPU utilizations f...

by Explorer in

Log file validation based on serverhost and source

Hi Team,For a business requirement, I need to validate log file generated for last an hour with combination of host a...

by Explorer in

Search for deleted Splunk users?

I had some Splunk users who were deleted from UI Manager page. Is there some way to search for deleted Splunk user...

by Champion in

Use timechart after stats command to show percentage of Successful transaction for each day

Hi Team, I am trying to put conversion of transaction for all days of the week in a line chart for successful...

by Engager in

Multiple operations from a single if condition

Is it possible to action multiple operations in a single if condition, like what can be done in other languages?For e...

by Explorer in

combine results from index search with fields machine inputlookup

Newbie here. Trying get the results from the index to match result int he inputlookup to only return result from the ...

by Engager in

How to use variable on mvfilter regex match?

If I used variable in the mvfilter match, i got the following errorError in 'EvalCommand': The arguments to the 'mvfi...

by Motivator in

Remove leading zeros from IP address using regex

Hello All, I'm trying to remove leading zeros in IP addresses using rex and mode=sed . the regular expression I'm t...

by Explorer in

How to handle JSON object extraction with tstats?

Hi, I have the following JSON object that is indexed via the default JSON extraction (INDEXED_EXTRACTIONS) { ...

by Path Finder in

https error percentage

Hi, I am trying to get the error percentage of the https response request but its not working as expected. ...

by Explorer in

spath - extracting data from groups within JSON

Hi All, Hopefully someone can help with this. We have logs that contain JSON where one of the fields can have mu...

by Path Finder in

Concat query in Azure advanced hunting app

Hi there, I am trying to get some data from MS Defender into a Splunk query. My original KQL query in azure cont...

by Engager in

How can I add list of field values into an array

I have a search that outputs the hostlist by test.index=abc | stats count by host test | stats count as total_count v...

by Communicator in

How to extract the string which is between the two different special characters using regex

Hi Team, I need to extract the string which is between the two different special characters using regex. Could you ...

by Explorer in

how do I create a variable(or new field name) with its value another field name

This is my sample search/data: | makeresults | eval data = " 1 2017-12-01 00:00:00 A 0 1...

by Motivator in

TRUCANTE Logs

Hello, I am using Splunk Cloud, for some our sourcetypes we have defined specific TRUNCATE values. I have a couple ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Missing SSE-data_availability_latency_status.csv in Splunk Security Essentials 3.8.0

How do I update a lookup file with updated information

Consider time range when searching in two index

Column chart with two fields sharing one "bucket"

distinct count not working on summary index (sistats)

Extracting Data from complex JSON

Outputlookup a baseline lookup and query for anomalies based on baseline lookup?

Daily Average Count from the past 7 day period

Measuring time difference between 2 entries

Splunk Query for Windows Process Names and CPU Utilizations

Log file validation based on serverhost and source

Search for deleted Splunk users?

Use timechart after stats command to show percentage of Successful transaction for each day

Multiple operations from a single if condition

combine results from index search with fields machine inputlookup

How to use variable on mvfilter regex match?

Remove leading zeros from IP address using regex

How to handle JSON object extraction with tstats?

https error percentage

spath - extracting data from groups within JSON

Concat query in Azure advanced hunting app

How can I add list of field values into an array

How to extract the string which is between the two different special characters using regex

how do I create a variable(or new field name) with its value another field name

TRUCANTE Logs

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

New Release | Splunk Cloud Platform 10.1.2507

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions