Splunk Search

Ask a Question

Discussions

Thread Info

Field Extraction regex, stop at word or $

So I have some data that I'm trying to extract the application name from. These are Citrix ICA syslog events. Her...

by Builder in

How to rank data based on field value?

I've got data say in following format (*there may be more than three types of exception) Name,Exception,count...

by Engager in

Are Splunk-metrics needed to search logs for pods?

Hi, When I perform any search in Splunk, the left side has Interesting Fields and Selected fields showing a list o...

by New Member in

makeresults query stuck in v7.3

Hello, One of the dashboards has a makeresults query like below, with about 250 append statements. | makeresult...

by New Member in

Help me write props.conf /transforms.conf for below data.

36,03/26/20,13:12:04,Packet dropped because of Client ID hash mismatch or standby server.,IP,,B88584ADE973,,0,6,,,,,,...

by Path Finder in

How to handle "no results found" in subsearch

Hi all, I have a subsearch that returns me the delta between two events. The problem is, sometimes the two events...

by Engager in

Need help in time difference for events

Hi All, Pleas help me in getting a query to display the time difference from the events that mentioned below in...

by Communicator in

How to regex multiple events, store it in one variable and display based on User click?

Hi, I am looking for some help on the below query. I have list of APIs which has different parameters in the URL. ...

by New Member in

Fix datetime.xml file in SPlunk

So I have to update my datetime.xml file in Splunk because timestamp extraction problem after 1jan 2020. According...

by Path Finder in

Splunk Add-on for ServiceNow：about the table "sys_audit_delete"

Hello. Please help me.... I failed to get the table "sys_audit_delete" via Splunk Add-on for ServiceNow. I succeeded ...

by Explorer in

Combine some of the results in a field and count the total

Hi all, I am trying to get a count of all users signed into our VPN. While this is easy, i need it broken out base...

by New Member in

Stats issue with multivalue field

Hi, I am tracking my assets with vulnerabilities. My minimized sample query is: index=vuln | stats dc(dns) as i...

by Builder in

How to get LDAP group name by using query or REST API?

by Path Finder in

How to create a bar chart that counts completed tickets and averages

Hi guys! I am pretty new to this and in researching I have not found what I am looking for or did not recognize the a...

by New Member in

Splunk search based on header value

Is it possible to filter the logs based on http header value? I am conducting a load testing by using Jmeter. Whil...

by New Member in

Find and compare a value from one event in a subsequent future event

Hello, I'm trying to figure out how to search and compare values in subsequent/sequential JSON messages where a us...

by Explorer in

Displaying 2 counts (error and total)

There is a requirement in which i need to display total count and errors(in total count). error message is in raw tex...

by New Member in

How to find concurrent VPN users per hour?

We are using pulse secure as our VPN solution and I'm looking to build a search that tracks concurrent users per hour...

by Influencer in

How to set time to search

Hi am getting the earliest tie through a text box and I want to set the latest time automatically to (earliest+24h). ...

by Explorer in

How can i create a "key" for two searches and combine them to one search with a new column by "key"

Hello community i hope you can help me, I'm new here... The field "moid" for 'folder' has the same values like the fi...

by Engager in

Regex working on Regex101 but not in splunk

I am having below event - Subject: Security ID: EMEA\abc Account Name: XXXXXXX Account Domain: EMEA Logon ID: XXXXXXX...

by Path Finder in

query in splunk to check the previous jobs completed

Hi All, I am trying to write a query where we have to check all the jobs in success or not built status before the...

by Builder in

Squid URL lookups?

All, Any service you recommend for doing domain classification and lookups against my Squid proxy logs? Just gene...

by Builder in

Compare case-sensitivity of fields

I'm using a rex to extract a field called field1 from my search... how do I take all the results of field1 and call o...

by Communicator in

Index time extraction

Hi all, I have 10 events containing events from events 1,event2,event 3,....event 10. I need to cobine events2,3,4 an...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Field Extraction regex, stop at word or $

How to rank data based on field value?

Are Splunk-metrics needed to search logs for pods?

makeresults query stuck in v7.3

Help me write props.conf /transforms.conf for below data.

How to handle "no results found" in subsearch

Need help in time difference for events

How to regex multiple events, store it in one variable and display based on User click?

Fix datetime.xml file in SPlunk

Splunk Add-on for ServiceNow：about the table "sys_audit_delete"

Combine some of the results in a field and count the total

Stats issue with multivalue field

How to get LDAP group name by using query or REST API?

How to create a bar chart that counts completed tickets and averages

Splunk search based on header value

Find and compare a value from one event in a subsequent future event

Displaying 2 counts (error and total)

How to find concurrent VPN users per hour?

How to set time to search

How can i create a "key" for two searches and combine them to one search with a new column by "key"

Regex working on Regex101 but not in splunk

query in splunk to check the previous jobs completed

Squid URL lookups?

Compare case-sensitivity of fields

Index time extraction

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!