Splunk Search

Ask a Question

Discussions

Thread Info

How to update Search Command by JS

Hello , I am using splunk WebFramework to develop, and i got an problem with update splunk search Command by JS C...

by Engager in

help to display a timechart after a loadjob command

hello I call a timechart from a loadjob command like below and it works | loadjob savedsearch="admin:toto_sh:wi...

by Motivator in

Search for result with double quotes

Hello, I'm new to Splunk and am search for an event that would include this: toState: "stateB",", fromState: "s...

by New Member in

Question on how to use the lookup file for Exception monitoring

I have a lookup file which has below coloumns. Exception_Name Exception_Keyword Comments REXC RemoteException Aler...

by Explorer in

need to extract multiple values for a field in a custom event

The whole event is coming in as below. Need eventtype to extract "event_type={type}" and size to extract all the valu...

by New Member in

ITSI Grouping

Hi, I am using ITSI grouping feature where we need to match the eventid from the two indexes of ITSI, index=itsi_n...

by New Member in

how to extract a field from the results of a search query.

Some events generated from the below search query. index=webmethods_nonprd CESAP.pub.Shipment.handler:processShipm...

by Explorer in

splunk search matching term

When searching and the auto suggestion is bringing up a matching term, is there a keystroke command to select that? C...

by Engager in

Help combining multiple searches into one search WITH good performance

I am in need of combining these three searches into one search: 1. NameOfJob = BLT* | spath message | sear...

by Engager in

Trendline period integer syntax queston (sma | ema | wma)

I am looking through the documentation on Splunk about trendlines and sma | ema | wma. In the documentation, it says ...

by Communicator in

How to split multiple vlaues in single cell to new line in join search

There few columns in the table that has multiple values in single line. I need them to be in separate/ newlines. ...

by Explorer in

How do we change the default search period to one hour?

We would like to change the default search period to an hour. How can we do it in 7.3?

by Motivator in

splunk not recording spanningtree logs

My core switch had several spanning errors this morning, but Splunk did not record them. They are in the switch logs ...

by New Member in

Timechart question:- combining two values for plotting timechart

My query is something like below index = "A" | table x | stats dc(x) as total | appendcols [search index = "B" ear...

by Path Finder in

Attempting to build a baseline computer asset list as a datasource from existing indexes

Hi Everyone, I hope the smarter folks over here can assist me with a query that has kept me up for days. Hopefully...

by New Member in

１レコード内の複数の連続したデータを取り出して結合する方法

ご教授ください。 １つのレコードのパラメータで連続したデータA[],B[],C[]があります。これらのデータの中身の個数は同数であり、順番も連携しています。それぞれを取り出して意味のあるデータData(A[1],B[1],C...

by Engager in

How to rename field with * inside like: Service*

Hi I need to rename a field name (from lookup csv) with special character inside, like: Service* Status+ the pr...

by Explorer in

Compare values from log and lookup

I have a lookup table that contains the data similar to the: Service_name, IP, Port HTTPS, 10.10.10.10, 443 DNS, 10.1...

by Path Finder in

Search Count is different in direct search vs in table

I am seeing an odd behavior where my search event count is different when the exact query is run separately vs when u...

by Explorer in

What is the moving window for in finding outliers?

Hi Splunkers, I referenced Splunk documentation on finding outliers below. Why is there a need for moving a w...

by Path Finder in

Stats Max issue

I have a query that I am running using dbxquery for specific reasons. Anyway I have run into an interesting issue tha...

by Contributor in

How to search more than 1 year data

Hello, I want to search more than one year data for particular machine. How to check is possible to get more t...

by Explorer in

How to ignore case and remove characters?

I occasionally use Splunk as part of my job to research issues, but am very much a novice. The query below charts the...

by Explorer in

Word Count in a Url

Newbie Here ! How can I get a word count in a url? I am trying to count the number of occurrence of a word "organizat...

by New Member in

Your entry was not saved. The following error was reported: SyntaxError: JSON Parse error: Unrecognized token '<‘.

Hi, So I'm inheriting some splunk code that I'm going through and cleaning up. It contains: rex field=source "/...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to update Search Command by JS

help to display a timechart after a loadjob command

Search for result with double quotes

Question on how to use the lookup file for Exception monitoring

need to extract multiple values for a field in a custom event

ITSI Grouping

how to extract a field from the results of a search query.

splunk search matching term

Help combining multiple searches into one search WITH good performance

Trendline period integer syntax queston (sma | ema | wma)

How to split multiple vlaues in single cell to new line in join search

How do we change the default search period to one hour?

splunk not recording spanningtree logs

Timechart question:- combining two values for plotting timechart

Attempting to build a baseline computer asset list as a datasource from existing indexes

１レコード内の複数の連続したデータを取り出して結合する方法

How to rename field with * inside like: Service*

Compare values from log and lookup

Search Count is different in direct search vs in table

What is the moving window for in finding outliers?

Stats Max issue

How to search more than 1 year data

How to ignore case and remove characters?

Word Count in a Url

Your entry was not saved. The following error was reported: SyntaxError: JSON Parse error: Unrecognized token '<‘.

Can’t make it to .conf25? Join us online!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Detection: Kerberos User Enumeration

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!