Splunk Search

Ask a Question

Discussions

Thread Info

Change maxresulttows for outputlookup?

When running an inline search the results limit is high as we have in limits.conf the following. [searchresults] m...

by Ultra Champion in

Help with RegEx - Select only XML nodes that contain values

Hello Everyone, I'm trying to put together a regex statement that will allow me to select only the XML nodes that ...

by Explorer in

Add a column with count stats in addition to an existing column with avarage stats

I have a json file with some information regarding soa requests. Basically info such as callee, caller, start and end...

by Explorer in

how to set null value ?

If the field value is null, the value is null, and if it is not controlled, it is still the original value I want ...

by Path Finder in

Same report but different lookup file

Hi all, is there a way to pass to a report the filename of a csv as variable, to use it as lookup file ? Example: ...

by Path Finder in

How to filter number from text with regular expression

Hi, I have two types of messages, I would like to receive the numbers from these logs : 2020-03-16 15:12:15,30...

by Explorer in

Matching data across columns

Hi, I'm trying to work out how I can display values from a column based on a unique number appearing in another colum...

by New Member in

How to convert date differences to seconds

Hi all, I have a lookup like this. caseid date a 19-01-01 15:54:43.934000000 b 19...

by Path Finder in

Search NOT Inputlookup match on 2 columns

In a normal search I can do the following: index=foo sourcetype=csv field1!="blah" AND field2!="hah" How would ...

by Contributor in

Detect abnormal failure event based on machine learning?

Hello, I'd like to build a search that will trigger a spike on my authentication agent failure events but I do not...

by Path Finder in

Get windows Local login logs using WMI

Dear , I have cluster setup and we need to collect local logging logs from work station using WMI without install UF...

by Explorer in

I am running an import script for an interval of 5 mins to collect data from all sourcetypes and put it into a summary index.

I have a situation where in the span of 10 mins there could be a possibility that we didn't get any data from one of ...

by Engager in

command map not working

Hi everyone Someone who has used the map command who can help me, I am trying to bind the username of the 12 hours be...

by Contributor in

Count Dashboard for each ip based on traffic count

Hi All, I am trying to build the query to get the website hits for each IP, there are 16 servers ip and wanted to ...

by New Member in

geostats name and status plot

Hi every one. I want to show device names and their status (connected / disconnected) on the map. The color of point...

by New Member in

Back-computation using table contents

I have categories.csv that contains list of sub-categories in each category Category,Sub_category Biology,Botany B...

by Explorer in

Use the output of search A to refine results in search B

I have 2 searches. Search A produces a table output of "UserIP" Search B produces a table output of "FailedDes...

by New Member in

Run Splunk query through excel

I am new to Splunk and still learning.. I have more than 100 queries to run when asked during a daily activity and...

by New Member in

Query not displaying any events

User complained that following query is not displaying any events. index=main sourcetype=wms_oracle_sessions | buc...

by Explorer in

Programmatically parse random key name in json for subfield

Data resembles this pattern. | makeresults | eval _raw="{\"foo\": [{\"randstring1\": {\"fqdn\" : \"ibar.example....

by Explorer in

1multiple value field should again be further splited by a delimiter (output : 2 multivalue fields) for every single event.

Query : index=systemdetails source=sytemdetails* Condition = 0 | eval [ search index=systemdetails source=sytemdet...

by Path Finder in

use timechart with dedup values

I'm trying to count values of field in a time chart with every particular point of time using dedup. like this , inde...

by Communicator in

Rex to get data between curly brackets

I am struggling to fetch the data between curly brackets . Have tried multiple rex searches, however still not gettin...

by Path Finder in

Two searches and result showing only what is in first but not second search?

I have 2 separate searches. search1 = 17 resultssearch2 = 20 results Key column that exists in both searches is...

by Explorer in

search help

Hi, Can i run a search which specify that these type of logs are blocked in palo alto firewall by specific policy...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Change maxresulttows for outputlookup?

Help with RegEx - Select only XML nodes that contain values

Add a column with count stats in addition to an existing column with avarage stats

how to set null value ?

Same report but different lookup file

How to filter number from text with regular expression

Matching data across columns

How to convert date differences to seconds

Search NOT Inputlookup match on 2 columns

Detect abnormal failure event based on machine learning?

Get windows Local login logs using WMI

I am running an import script for an interval of 5 mins to collect data from all sourcetypes and put it into a summary index.

command map not working

Count Dashboard for each ip based on traffic count

geostats name and status plot

Back-computation using table contents

Use the output of search A to refine results in search B

Run Splunk query through excel

Query not displaying any events

Programmatically parse random key name in json for subfield

1multiple value field should again be further splited by a delimiter (output : 2 multivalue fields) for every single event.

use timechart with dedup values

Rex to get data between curly brackets

Two searches and result showing only what is in first but not second search?

search help

Can’t make it to .conf25? Join us online!

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Customer success is front and center at .conf25

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!