Splunk Search

Ask a Question

Discussions

Thread Info

Custom Command in Splunk

I have created a python script and it is taking an argument . I have declared it ,like this` hash = Option( ...

by Communicator in

search with same field diferent dates into a table side by side

i want to verify if there is a difference in 2 counts made that relate to diferent timelines. This is what i've ca...

by Path Finder in

Timechart issue

Hi all, I have extracted a field (exit_status) in log file. I want to know if a process exit properly. I have ...

by Path Finder in

Is it possible to display events of multiple _time-values at once?

I am trying to build a decent drilldown option and my current state is the following. I have a timechart with the ...

by New Member in

refresh for sub set of admin role

@MuS I would like to give access to some user to do refresh, i know they need admin role. However admin has 99 ca...

by Influencer in

index syntax question

Within Splunk cloud 7.2.6 - If I run a search without specifying index or sourcetype it will search the main index by...

by Path Finder in

legacy notation: populating search for populating a tickbox input.

I have the following bit of code that does a search. The results of that search populates a tickbox input. I wrote it...

by Motivator in

duplicate values causing conflict

Hi, Im getting this error although I do not have any duplicate values. Below is the screenshot and my xml: <for...

by Contributor in

Drop-down error "Duplicate values causing conflict" - Dedup not working?

Hi everyone, I'm trying to dynamically populate a dropdown menu with error codes. Obviously, I don't want duplica...

by Path Finder in

Searching for percentage of total count grouped into buckets

I have a list of article IDs and their corresponding article view counts for a given day. I want to see what perc...

by Explorer in

question about vulnerability?

Greetings!! I would like to ask about this vulnerability : https://www.bleepingcomputer.com/news/security/splunk-f...

by Communicator in

Is it possible to launch a connector in Splunkbase?

Hi All, We have a prediction platform and we have developed a connector that can explore Splunk SDK for search and...

by New Member in

help to filter data after a loadjob command

hi I use the scheduled search below `winevent` (sourcetype="XmlWinEventLog:Microsoft-Windows-Sysmon/Operational" A...

by Motivator in

[indexer1] The lookup table 'XXX' does not exist. It is referenced by configuration 'YYY'.

I've been investigating this error which is appearing 6 times per search (1 for each indexer in the cluster) for a wh...

by Path Finder in

How can I show a list of devices that have been offline for more than a week?

New to Splunk and trying to learn it: sorry for the dumb question. So I am trying to filter out a list of POS devi...

by New Member in

Require splunk query to get list of processes running in web server

I used sourcetype-perfmon:process and i could get fields - counter/instance/object which refers process name

by New Member in

Event breaking help with props.conf

I have a sourcetype that I'm working with and trying to break up the events by any line that says "Job start time: yy...

by Communicator in

Any way to break this row into two columns?

I am setting up a dashboard that monitors count of events on a daily basis and a previous 30 day average by customer....

by Path Finder in

iam receiving a message unbalanced quotes , i tried using back slash

| eval e="$time_token.earliest$", l=$time_token.latest$"| eval e=case(match(e,"^\d+$"),e,e="" OR e="now" , "0" , true...

by Explorer in

Creating a custom SourceType with multiple delimiters (35 fields)

Hi all, I've searched around a bit and I can't seem to find the answer after failing to figure it out myself. T...

by Explorer in

query running using KV store is taking logn time

Hi , I have a scenario where i am using KV store to get the events generated. But my query is taking 5hr to run w...

by Path Finder in

Why is my search using "mcollect" command causing the following error: "Error in 'mcollect' command: Must specify a valid metric index"?

In my query before, I was using the outputcsv search command, and then I had a monitoring input stanza to upload it t...

by Builder in

Is it Possible to create the Scatter_Line Chart in Splunk?

We have the Actual Generation Data from the Machine and also having the Set Points of the Particular Parameter. we...

by Path Finder in

Splunk platform release notes

I was going through the Release note which was updated into Splunk Docs recently. https://docs.splunk.com/Documentati...

by Communicator in

how to extract all values separately suing rex command

hi, i have a string like: AAA TEST BBB 1000 CCC DDD EEE FFF GG 11111 i need to extract all the values separately a...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Custom Command in Splunk

search with same field diferent dates into a table side by side

Timechart issue

Is it possible to display events of multiple _time-values at once?

refresh for sub set of admin role

index syntax question

legacy notation: populating search for populating a tickbox input.

duplicate values causing conflict

Drop-down error "Duplicate values causing conflict" - Dedup not working?

Searching for percentage of total count grouped into buckets

question about vulnerability?

Is it possible to launch a connector in Splunkbase?

help to filter data after a loadjob command

[indexer1] The lookup table 'XXX' does not exist. It is referenced by configuration 'YYY'.

How can I show a list of devices that have been offline for more than a week?

Require splunk query to get list of processes running in web server

Event breaking help with props.conf

Any way to break this row into two columns?

iam receiving a message unbalanced quotes , i tried using back slash

Creating a custom SourceType with multiple delimiters (35 fields)

query running using KV store is taking logn time

Why is my search using "mcollect" command causing the following error: "Error in 'mcollect' command: Must specify a valid metric index"?

Is it Possible to create the Scatter_Line Chart in Splunk?

Splunk platform release notes

how to extract all values separately suing rex command

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions