Splunk Search

Discussions

Thread Info

How to achieve distinct count across multiple fields?

How to get a distinct count across two different fields. I have webserver request logs containing browser family and ...

by Engager in

How to translate SID to Username via the Lookup Table?

I have a lookup file which contains various fields, including the username and corresponding SID (pulled from AD). ...

by Communicator in

How to regex up to a specific word?

How can I create a regex query up to a Specific word? For example, the specific word below is "Index". Example data: ...

by Path Finder in

Case Statement Issue

I'm Having issues with my case statement. index=sti_123 source=rss_servers active = "1" status = "Being Commission...

by New Member in

SPL: Searching the Network Traffic for anything that is not (!=) United States

Hello fellow Splunkers ( : Does anyone have some SPL laying around that shows network traffic that is NOT United ...

by Communicator in

Grouping similar results (URL)

I am trying to pull list of different URLs from a splunk query. The data is like below. Sample data: 1. Need to g...

by Engager in

Unable to resolve host

I am trying to send logcat logs to Splunk mint. I added this code Mint.initAndStartSession(this.getApplication(), "5...

by New Member in

Table not sorted by time even after specifying the sort, what am I missing?

I have a search results I want to show in a table. I noticed that the events were not sorted by time so I added the s...

by Path Finder in

How to fetch top 5 rows based on a value in table

index= aab sourcetype=topconnections earliest=-10m latest=-5m | table SESSION_AUTH_ID , CONNECTION_COUNT | addcoltota...

by Explorer in

Splunk Stream Case Insensitive Extraction

Doing an extraction in Splunk Stream and get an error when trying to use (?i) in my regex: (?i)x-forwarded-for([:\...

by Communicator in

Compare data between 2 indexes

Hi i am using below query to get the results for Ip index=shinken sourcetype=shinken_alarms Level=HARD Status!=UP ...

by Communicator in

len(-5d@d)

I am trying to solve a query and I came across a time modifier with len() function. I did not understand the behavior...

by New Member in

Updating eventgen.conf requires a Splunk restart

Hi, I am playing around with SA-Eventgen to generate data in a Dev environment but I find if I make a change to th...

by Loves-to-Learn in

Pass value to subsearch with inputlookup

Hi, perhaps it is the wrong approach, but i try to use an inputlookup within a search and pass a value to this sub...

by Path Finder in

Find Difference between multiple events

TransID AppName timestamp Messagge 1 App1 2019-12-16 18:18:43.731 +0000 Message…… 1 App1 2019-12-16 18:18:43.732 +000...

by New Member in

Lookups and Wildcard Entries

I'm currently setting up an alert using a CSV lookup file with wildcard entries. I followed the instructions provided...

by New Member in

indexのrententionの仕様について。,indexのRetention (days)の仕様について。

DBConectデータを取り込んだところ、 indexのrententionは一日（a day ago）にもかかわらず、 ５日分保持されております。 splunk cloudではrentention以上の期間を保持するものでしょうか。...

by New Member in

Predefined Group

What is the best way to define a "group" of ip subnets called server_subnet then use that in searches. I have abou...

by Contributor in

Is there a way to search and list all attributes from a data model?

Is there a way to search and list all attributes from a data model in a search? For example if my data model consists...

by Contributor in

Specified driver could not be loaded due to system error 126: The specified module could not be found. (Splunk ODBC Driver, C:\Program Files\Splunk ODBC Driver\lib\SplunkDSII.dll).

Hi, I am trying to connect to Splunk from tableau and getting the attached error. All the drivers are present in the ...

by New Member in

Can All-In-One be set as a search peer?

Hello! Can All-In-One be set as a search peer? Although the status is set to UP when set, the search returns 0 ...

by Champion in

How to hide title space of a Table?

I want to hide the blank space acquired by a TABLE TITLE as my table title is empty and occupying extra space on the ...

by Communicator in

How to find time difference between below time formats?

New_Time=2020‎-‎01‎-‎22T03:17:36.385000000Z Previous_Time=2020‎-‎01‎-‎22T03:17:36.388208200Z I tried below query a...

by New Member in

Two dashboards values in single value panel should equal to third dashboard

Hello Experts I have 3 dashboards basically. Board 1 represents total login attempts for an hour (including suc...

by Explorer in

Transaction includes non-relevant events?

Why does transaction group irrelevant events together with relevant ones? What am I doing wrong? Sample Postfix lo...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to achieve distinct count across multiple fields?

How to translate SID to Username via the Lookup Table?

How to regex up to a specific word?

Case Statement Issue

SPL: Searching the Network Traffic for anything that is not (!=) United States

Grouping similar results (URL)

Unable to resolve host

Table not sorted by time even after specifying the sort, what am I missing?

How to fetch top 5 rows based on a value in table

Splunk Stream Case Insensitive Extraction

Compare data between 2 indexes

len(-5d@d)

Updating eventgen.conf requires a Splunk restart

Pass value to subsearch with inputlookup

Find Difference between multiple events

Lookups and Wildcard Entries

indexのrententionの仕様について。,indexのRetention (days)の仕様について。

Predefined Group

Is there a way to search and list all attributes from a data model?

Specified driver could not be loaded due to system error 126: The specified module could not be found. (Splunk ODBC Driver, C:\Program Files\Splunk ODBC Driver\lib\SplunkDSII.dll).

Can All-In-One be set as a search peer?

How to hide title space of a Table?

How to find time difference between below time formats?

Two dashboards values in single value panel should equal to third dashboard

Transaction includes non-relevant events?

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!