Splunk Search

Ask a Question

Discussions

Thread Info

How to access Splunk web without port

Now im accessing Splunk web using https://splunk.company.com:8000/ I would like to access it without entering the...

by Explorer in

lookup/inputlookup from csv

Hey, Im trying to search splunk indexes, for the content within a CSV. The CSV will eith contain ip addresses o...

by Engager in

How to check since how long the field is having null value?

I want to check for how long my field TPP_ID is empty. I want to check date and time. Is it possible using splunk que...

by Explorer in

How to use two queries in one?

Hello, Today i have this query in my dashboard : | loadjob savedsearch="myquery" |eval FromDate = "2020-01-23"...

by Explorer in

srchIndexesDefault parameter is not respected when srchFilter is defined

We noticed that when a srchFilter is configured for a role in authorize.conf, the srchIndexesDefault setting is ignor...

by Splunk Employee in

Change base search based on dropdown

Is there a way other than using the panel depends to display based search depending on a dropdown? Dropdown <i...

by Path Finder in

Regex for CIDR exclusion

Hi, Need some help with getting a correct Regex for CIDR exclusion. *(This is an example. Not the real IP range...

by Path Finder in

The bug of fields extraction in Splunk Web

Hi, Splunkers: I found a bug of fields extraction in Splunk Web like following picture: As you can see, I was ext...

by Path Finder in

transaction: inconsistent results

The following two logical events are supposed to be one as they share the same threadId - but instead they are split ...

by Contributor in

Why is my search slow when performed in a dashboard and fast when entered directly into the search box?

Dear All A search command that performed directly under "Search" takes 10-12 sec, takes 2 Minutes and 30 sec to co...

by Builder in

I need to know which index and app has been access how many time in last one month

I need to know how many time all the indexes in my splunk has been accessed in last 30 days by app name(I tried so ma...

by Loves-to-Learn in

How to create dynamic inputs using lookup

I have a dashboard that shows 3 priorities/3panels -Critical, high, low. the dropdown Input is hardcoded using certai...

by Explorer in

how to compare avg server response time with the one from the current day?

Hello, here is what I try to do: I want to know if my todays average duration is slower or faster than my average ...

by New Member in

How to correctly use mstats rate() without listing all dimensions in BY clause?

I have a monotonic counter metric named http_req and my metric data points are tagged with path and host dimensions, ...

by Explorer in

issues with escaped quotes and index extrations with regex

ok, so I am trying to pull some fields from the following log file entry: "127.0.0.1",11/21/2019 8:19:49 PM,11/21/...

by New Member in

Need to find query from mobile(Android, IOS) device

Hello, I am new in Splunk, Looking for result which is coming from Android and IOS devices, seeing android and IOS...

by Explorer in

Why are some of the fields showing ascii hex values for string after I get CEF stream data into splunk using cefutils?

Using cefutils I am able to get CEF stream data into Splunk. The issue is some of the fields are showing ascii hex va...

by New Member in

python3.7, splunk 8.0, OS-RHEL8, when running scripted input getting error import BS4

Change the python varaible to phython3 and ran the following commnad dnf install python3-pip dnf install python3-b...

by Path Finder in

How to search the peak CPU usage and duration of that peak usage for each machine from Windows performance logs?

I am getting performance logs from several Windows servers. The value field shows the % of usage for each machine. I ...

by Explorer in

Need to combine nearest _time values for each field

Hi Splunker, In my application when there is action, 3 events will be created for it. Eg : _time ...

by Path Finder in

need help with rex to extract responseMessage as ==> Declined - Do not Honor so that I can stats count by rspCode and respMesage with detail

2019-12-03 17:31:27.633 INFO ,aabbe872bbf3f848,aabbe872bbf3f848,false] 15 --- [nio-8080-exec-5] c.u.f.p.api.impl.: In...

by Explorer in

How to regex over nested jsons with foreach and rex?

Hi everyone, Currently I have a log record in the form of nested jsons, not arrays of jsons: {"root_key": {"sub...

by Engager in

Static field value

I have created a dashboard to show windows server uptime. Now I would like to add application name of all servers....

by Path Finder in

How do I make my lookup file public?

I'm a Splunk n00b, apologies. How do I make my csv lookup file public so other people can use it??? Editing my Job...

by Path Finder in

Event timestamp behavior is inconsistent when DATETIME_CONFIG = NONE

I want to use a file's modification timestamp as the Splunk timestamp for the events it contains. Accordingly, I've s...

by Splunk Employee in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to access Splunk web without port

lookup/inputlookup from csv

How to check since how long the field is having null value?

How to use two queries in one?

srchIndexesDefault parameter is not respected when srchFilter is defined

Change base search based on dropdown

Regex for CIDR exclusion

The bug of fields extraction in Splunk Web

transaction: inconsistent results

Why is my search slow when performed in a dashboard and fast when entered directly into the search box?

I need to know which index and app has been access how many time in last one month

How to create dynamic inputs using lookup

how to compare avg server response time with the one from the current day?

How to correctly use mstats rate() without listing all dimensions in BY clause?

issues with escaped quotes and index extrations with regex

Need to find query from mobile(Android, IOS) device

Why are some of the fields showing ascii hex values for string after I get CEF stream data into splunk using cefutils?

python3.7, splunk 8.0, OS-RHEL8, when running scripted input getting error import BS4

How to search the peak CPU usage and duration of that peak usage for each machine from Windows performance logs?

Need to combine nearest _time values for each field

need help with rex to extract responseMessage as ==> Declined - Do not Honor so that I can stats count by rspCode and respMesage with detail

How to regex over nested jsons with foreach and rex?

Static field value

How do I make my lookup file public?

Event timestamp behavior is inconsistent when DATETIME_CONFIG = NONE

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...