Splunk Search

Ask a Question

Discussions

Thread Info

Chart, order, and bins: How to separate a chart according to an imposed order

I have some non-time-based data that I'd like to summarize using chart with a small number of bins. For example, ...

by Explorer in

lookup csv but need to the lookup file contains several fields that need to be concatenated to match event field

Hi. I have a lookup file with phone numbers broken down into their parts, so:cc,npa,nxx,list1,210,5551234,good1,512...

by Path Finder in

Problem in parsing Powershell commands

Hello Community!I am trying to set up a search to monitor Powershell commands from Windows hosts; specifically, I am ...

by Loves-to-Learn Lots in

SAML users unable to load reports or alerts

SAML authenticated users are unable to access either REPORTS or ALERTS from the search app @ ./app/search/reports or ...

by Contributor in

Use each row of a csv as an individual search and return the results in a table

Hi all,I've a csv file with 3 columns ip, earliest, latest and over 400 rows. I'm trying to return all evens associa...

by Engager in

Count the number of field

Hello,So I have to count the number of resulted fields, it doesn't go far than this. for my search I have index=examp...

by Path Finder in

How to add multiple fields to chart count over

This was my original query to get the list of apis that failed for a client. I have more details of the client in the...

by Explorer in

Method to force the implied search in first line to give only the latest events without using stats latest()?

This is just a fun optimization question. The benefit may be very little in fact! My Splunk searches are already op...

by Path Finder in

Displaying matching command strings from lookup table

All - I am new to Splunk and trying to figure out a way to return a matched command from a CSV table with inputloo...

by Loves-to-Learn Lots in

Splunk Index Retention Cost

If I have an index with a retention of 90 days. Can I make a rough estimate about the cost of increasing the retentio...

by Explorer in

Employee report

Hey guys, I am working a report that needs to show any new employees coming into the company for the last 30 days. Ri...

by Explorer in

REST endpoint for SAVED SEARCHES - FILTERING

Hi all, I'm trying to get all the saved searches in Splunk that are in all apps. Could someone explain to me what the...

by Path Finder in

Trouble Blacklisting Windows Event

Hi I was wondering if there was a way I could blacklist the following event based on the event code and the account n...

by New Member in

[idx-1,idx-2,sh-2] Could not load lookup=LOOKUP-threatprotect-severity

I am seeing the following alert on the Searching and Reporting App and also within the InfoSec App for Splunk. [idx...

by Path Finder in

How to show the results of a query month wise in splunk?

Hi All, I have a query which returns results for a particular month like how many tickets breached SLA. The month a...

by Explorer in

how to get Stats sum of field with latest correlationId?

Hi All, Below query to get stats sum of field values of latest correlationId. need to show in pie chart. But i am g...

by Builder in

How to merge two rows into one ?

How to convert table like this (2 rows per topic): topic mbean_property_name bytes ...

by Engager in

How to write a search to display a Notable Event Timeline Review showing various phases of a ticket?

Hello everyone Can anyone suggest me a search where I can get the notable Event time review between various phases...

by New Member in

Converting Multivalue Fields to Single Value Fields for Line Chart Visualization

Hello Splunk Community, I'm encountering challenges while converting multivalue fields to single value fields for e...

by Path Finder in

Plot time series chart based on values selected where in value can single or multiple

I am using query as below index="test" sourcetype="reports" | bin _time span=1m | stats values(a) as a values...

by Loves-to-Learn in

to check the attribute exist and assign the value

If attr.error exist then Error will be attr.error. If attr.error not exist and attr.error.errmsg exist then Error wou...

by Path Finder in

ddl bind with rex

In the below query if c= I, the reg expression is | rex field=attr.namespace "(?<DB>[^\.]*)"if c= other than "I" the...

by Path Finder in

Need Help with a Splunk query

So, I have data like this after I ran a query. For each aggregator, if the aggregator_status is Error and b...

by Communicator in

How to get the list of all APIs with the response time more than 30sec in splunk

Hi All, I have a soap request and response being ingested in the splunk under an index. There are multiple API call...

by Path Finder in

How to extract fields from nested json

Hello, Can someone please help me in extracting nested json fields without regex? I have tried below: 1. Updati...

by Loves-to-Learn Lots in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Chart, order, and bins: How to separate a chart according to an imposed order

lookup csv but need to the lookup file contains several fields that need to be concatenated to match event field

Problem in parsing Powershell commands

SAML users unable to load reports or alerts

Use each row of a csv as an individual search and return the results in a table

Count the number of field

How to add multiple fields to chart count over

Method to force the implied search in first line to give only the latest events without using stats latest()?

Displaying matching command strings from lookup table

Splunk Index Retention Cost

Employee report

REST endpoint for SAVED SEARCHES - FILTERING

Trouble Blacklisting Windows Event

[idx-1,idx-2,sh-2] Could not load lookup=LOOKUP-threatprotect-severity

How to show the results of a query month wise in splunk?

how to get Stats sum of field with latest correlationId?

How to merge two rows into one ?

How to write a search to display a Notable Event Timeline Review showing various phases of a ticket?

Converting Multivalue Fields to Single Value Fields for Line Chart Visualization

Plot time series chart based on values selected where in value can single or multiple

to check the attribute exist and assign the value

ddl bind with rex

Need Help with a Splunk query

How to get the list of all APIs with the response time more than 30sec in splunk

How to extract fields from nested json

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions