Splunk Search

Ask a Question

Discussions

Thread Info

Calculated field

Hi Team, How to write a calculated field for below | eval action=case(like("request.path","auth/ldap/login/names"),...

by Builder in

Using wildcards in splunk lookups, can't match second field

Hello, I need help with the following scenario: Let's say I have a log source with browser traffic data, one of the...

by Explorer in

Using Splunk for Asset Discovery in Vulnerability Management

I am in Vulnerability Management and a novice Splunk user. I want to create a query to quickly determine whether we ...

by New Member in

List correlation searches with number of alerts

https://docs.splunk.com/Documentation/ES/7.3.1/Admin/Listcorrelationsearches Hi, I'm using the searches mentioned i...

by New Member in

what is plugin_instance in metrics data - "github_app_for_splunk"

I'm very new to metrics data in Splunk, I have a question regarding the what is plugin_instance and how can i get the...

by Path Finder in

How to make the URL hyperlink which is in the fields value of the table (Dashboard Studio - JSON format)

Hi Team, I have generated dynamic URLs using the lookup and add it in the field value of the table. Now I need to m...

by Explorer in

Searches

what command can i run if am not sure where an index for a data associated with a sourcetype is stored in splunk

by Explorer in

How to Filter over 50K on different indexes/sources?

So, I have a loadjob with all the data I need with a primary field (account number). But, I have a CSV with about 104...

by Path Finder in

Splunk Query

Can i get a Splunk query that shows the last logon date for a group of active directory service account Th...

by Explorer in

How to get ID of splunkd process executing saved search?

Hello! I'm trying to resolve issues with splunkd being killed by OOM Reaper and it would be nice to know which save...

by Explorer in

How to merge cells in Splunk

I want to merge the cells in column S.No and share the output to the requestor. The only ask is Splunk should take ...

by Explorer in

Join with Stats

index=abcd "API : access : * : process : Payload:" |rex "\[INFO \] \[.+\] \[(?<ID>.+)\] \:" |rex " access : (?<Event>...

by Explorer in

Table Column Headings

I am doing a search based on a pulldown values and displaying the results in a table. Here is the sample search stats...

by Communicator in

How to handle properly transactions which starts within the define rangetime but ends after

Hello I'm using the transaction function to compute average duration and identify uncompleted transactions. Assum...

by Explorer in

Combine two separate indexes based on any permutation of the matching ID fields

Hi Splunk Community, I need help to write a Splunk query to join two different indexes using any Splunk comma...

by Observer in

Search for Response Actions for Correlation Searches

Is there a way to run a search for all correlation searches and see their response actions? I want to see what corre...

by Explorer in

How to correlate data from different sources

Hi, I was wondering how to correlate data using different sources. For example: Source A contain...

by Explorer in

Comparing Fields and Applying Conditions From Multiple Sourcetypes

Hi. I've been a very basic user of Splunk for a while, but now have a need to perform more advanced searches. I hav...

by Explorer in

spath

I want to do some analysis on "status" below but having a hard time getting to "status". I start with: | spath...

by Explorer in

Multiple joins based of conditions.

Team, I got 3 logs, I need to fetch Transaction_id,Event and Total_Count from LOG1. After that I need to join the 3...

by Explorer in

join lookup based on the field

Hi, I'm trying to join two lookups based on the name field. Here's what i have, |inputlookup abc.csv |table na...

by Path Finder in

Parsing string with whitespaces as json object

Hi, I am completely new to splunk and have to parse field that looks like this:params="['field1: value1', 'field2: va...

by Engager in

How to compare current month count to a 3 months average?

Hello Splunkers. i need your help in creating a search that would count number of values for a field in a mon...

by Path Finder in

How to convert splunk dashboard panel with dynamic token in reports?

Hi All, I have a Splunk dashboard with dynamic token, Here a simplified example of my setup. In the dashboard $new_...

by Builder in

injecting indexed file within a search

Hello, I'm still new to SPLUNK and still learning so apologies for any incorrect naming  I have a search in ...

by Loves-to-Learn Everything in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Calculated field

Using wildcards in splunk lookups, can't match second field

Using Splunk for Asset Discovery in Vulnerability Management

List correlation searches with number of alerts

what is plugin_instance in metrics data - "github_app_for_splunk"

How to make the URL hyperlink which is in the fields value of the table (Dashboard Studio - JSON format)

Searches

How to Filter over 50K on different indexes/sources?

Splunk Query

How to get ID of splunkd process executing saved search?

How to merge cells in Splunk

Join with Stats

Table Column Headings

How to handle properly transactions which starts within the define rangetime but ends after

Combine two separate indexes based on any permutation of the matching ID fields

Search for Response Actions for Correlation Searches

How to correlate data from different sources

Comparing Fields and Applying Conditions From Multiple Sourcetypes

spath

Multiple joins based of conditions.

join lookup based on the field

Parsing string with whitespaces as json object

How to compare current month count to a 3 months average?

How to convert splunk dashboard panel with dynamic token in reports?

injecting indexed file within a search

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions