Splunk Search

Discussions

Thread Info

Splunk alert base on current count vs last week count

Hi Team,I need help to create a alert which can raise if latest hour count is 10% less than last week same day same h...

by Path Finder in

How to lookup the same field from another search and different fields

my search as below, the two <my search command for list user rating list> search command is the same, how to reduce t...

by Explorer in

Join similar fields

Hey guys, I'm having trouble joining two datasets with similar values I'm trying to join two datasets, both have a ...

by Explorer in

I would like to change to 10% deviation from standard for below query

index="xyz" sourcetype = abc" | search Country="ggg" statusCode=200 | stats count as Registration | where Registratio...

by Loves-to-Learn Lots in

How can I stack the rows vertically while preserving the original columns

I have a search that returns the following table (after transpose): columnrow 1row 2search_nameUC-315UC-231ID7zAt/7...

by Loves-to-Learn Lots in

drilldown of timechart changing to epoch time in user's time zone

I have a dbxquery command that queries an Oracle server that has a DATE format value stored in GMT. My SQL converts...

by Path Finder in

Error on search when using table

Since upgrading to 9.1.2, I am no longer able to see table output on the Splunk Search. Even with the most simplisti...

by Observer in

Splunk query

Hi All, hope you are having a great day, I have a quick question. I have the data given as below, how do i extract ju...

by Explorer in

Combining static single-word from lookup table with sentence

hello I need to determine the app name based on a lookup table for the SPL search below.the SPL search results has a ...

by Explorer in

Search

Pls can i get a query that shows statistics on search activity in splunk

by Explorer in

dedup on Field over time span

we have data in Splunk for user sessions in an app and I am trying to produce a line graph to show usage every hour. ...

by Explorer in

moving CSV to Database and replace lookup with dbxlookup

Hello,I am currently correlating an index with CSV file using lookup.I am planning to move CSV file to database and w...

by Motivator in

How to redefine a field definition to one minute character processed or modified

Please tell me how to make the output replace some characters in the field definitions. Specifically, the problem i...

by Explorer in

How to find dashboards not in use by the amount of days?

Hi guys I need to find all dashboards not used in x days. I saw this has already been asked in this forum but I ca...

by New Member in

Splunk search with wildcard in field name

I need to see all events with fields that have "PROD*" in name, e.g. "PROD deploy", "PROD update", etc.`index=myIndex...

by Explorer in

sysmon and Defender search

Hi, I am quite new to Splunk, so sorry in advance if I ask silly questions. I have below task to do: "The logs sh...

by New Member in

Show source failing for 100/1000 events

Event Actions > Show sources failing at 100/1000 events with the below 2 errors - [e430ac81-66f7-40b8-8c76-baa24d2...

by Loves-to-Learn Lots in

Renaming or ordering values used in a stats by query

Here's a part of my query, ignoring where the data is coming from: | eval bucket=case(dur < 30, "Less than ...

by Path Finder in

Timechart based off of a search and an appended inputlookup

I have the following query that gives me a list of pods that are missing based off the comparison of what should be d...

by Explorer in

How to combine two searches with streaming commands?

I want to combine two search results, whereby I'm only interested in the last x/y events from each subquery. Somethin...

by Explorer in

Remove every occurrence of pattern from _raw event

Hi, I would like to remove every occurrence of a specific pattern from my _raw events. Specifically in this c...

by Path Finder in

Why is loadjob not getting all results?

Hi everyone.I am trying to create historical capacity data over some servers. I have 1 search that will return all th...

by Communicator in

How to search for only select users based on a regex extract

So I have the following setup and everything is good but I want to kind of do a subsearch In the Event - Sample ...

by Path Finder in

how to add calculation result of timechart

Hello, I'm trying to new chart as calculate through packet count. I search with query for interface for several d...

by Engager in

Searches

Can i get a query that will find searches that users are running in splunk

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Splunk alert base on current count vs last week count

How to lookup the same field from another search and different fields

Join similar fields

I would like to change to 10% deviation from standard for below query

How can I stack the rows vertically while preserving the original columns

drilldown of timechart changing to epoch time in user's time zone

Error on search when using table

Splunk query

Combining static single-word from lookup table with sentence

Search

dedup on Field over time span

moving CSV to Database and replace lookup with dbxlookup

How to redefine a field definition to one minute character processed or modified

How to find dashboards not in use by the amount of days?

Splunk search with wildcard in field name

sysmon and Defender search

Show source failing for 100/1000 events

Renaming or ordering values used in a stats by query

Timechart based off of a search and an appended inputlookup

How to combine two searches with streaming commands?

Remove every occurrence of pattern from _raw event

Why is loadjob not getting all results?

How to search for only select users based on a regex extract

how to add calculation result of timechart

Searches

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

New Release | Splunk Cloud Platform 10.1.2507

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions