Splunk Search

Ask a Question

Discussions

Thread Info

How to get events around identified event

Hello, I have a dashboard that identifies Windows hard shut downs (event code=41). However, we want to see the win...

by Communicator in

How does dedup treat multivalue fields?

Which events are removed when multivalue comes into play?

by Motivator in

Lookup Tables - Dedup

Hello, I Googled and checked several answer posts, but perhaps I am not wording it correctly in the search engines. ...

by Builder in

Stats 2 results together and filling in the blank fields with dynamically-generated values

I need to create volume-base alerts so we know when volume drops. The services we need to monitor are usually suffixe...

by Contributor in

How to detected a Deviation of 20% vs weekly average?

Hi team! I need to do that: Eventcode = 4624 and 4634 with Logon Type = 10. An event will be generated if an ac...

by Path Finder in

Lookup values not shown on result table

Hello all, I am searching in Splunk for the last login date of a User and export it into a table: ... | eval da...

by Engager in

How to get a table to show more than 100 rows

Is there any way i can increase the number of rows in a Table to 1000 instead of 100?

by New Member in

Compare two sources with multiple value

Hi folks, Hi have a case needing to compare 2 sources with CSV type Source 1 has fields as below: start_time_s...

by New Member in

How to get common values in two different fields in two different searches

Hi all, I'd be grateful if you could help me with this. I have read other similar questions but none of them seem to ...

by Engager in

Please help for ssl for splunkd - Splunk runs but cannot log in and is slow

Hello I want to secure splunkd DS->clients with self-signed ssl cert but for some reason it doesn't work. From spl...

by Path Finder in

How to sort the result set or remove paging on trellis chart?

Hi All, I am trying to create a trellis chart to provide the details of 32 components. Trellis chart is showing ju...

by New Member in

Is there a way to automate diag to support?

All, Silly question - Is there a way to automate the sending of diags to Splunk support? I'd like to know they ha...

by Builder in

What is a Workbook in Splunk Investigate?

by Splunk Employee in

How to search two Indexes based on matching fields and add fields from both indexes to a table

I'm new to splunk And i'm trying to add some logic to reduce false positives. I have two indexes Index=A index=B ...

by Observer in

What's the delay between last event written to disk and now()?

All our cyber alerts are now based on the last five minutes of indexed data. Therefore we wondered about a potential ...

by Motivator in

extract uri

/hk-zh/shop/buy-phone/phone-1/5.8-%E5%90%8B%E9%A1%AF%E7%A4%BA%E5%99%A8-256gb-%E9%8A%80%E8%89%B2 1059 /hk/shop/buy-pho...

by Contributor in

How do I access the Splunk Investigate Slack Channel?

How do I access the Splunk Investigate Slack Channel? Can you please share the link?

by Splunk Employee in

Help extracting alphanumeric string after matching pattern

{"line":"2019-10-05 03:58:11.627 ERROR [xxx-csscsc0sssscs-xxxx] 1 --- [nio-8080-exec-2] c.u.f.b.s.registryImpl : \u0...

by Explorer in

Best way to format out time field for average time

I am using the linux time command to see how long it takes to run a process. My logs show as runtime=0m0.000s S...

by Path Finder in

Problem calculating fields at index time when input csv fields are all quoted

I was wondering if anyone knows about the next, and if there’s any solution: I have tried to calculate two fields ...

by New Member in

CSV empty quoted field extraction problem

Hi there, I have the next CSV file: "CLM_TIMESTAMP","CLM_DATE","CLM_NUMBER" "1569301200","24/09/2019 00:00:00",...

by New Member in

System and Nobody had no roles

I am trying to get the System access attempts with invalid credentials. Folks with unknown user names. I am using the...

by New Member in

Timecharts and Multiple Operating Systems

I'm currently attempting to make a 6 month trend of multiple OS' compliance percentages into one timechart, but am ru...

by Explorer in

How to search csv for values in a lookup table?

I have a large csv with lots of columns and a lookup table below payload *.exe *.zip *.7z How do I search all ...

by Explorer in

How to use two different search time ranges in one splunk rule?

I have the following scenario: I have to find events with certain specifications in the last 15 minutes, and the sear...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to get events around identified event

How does dedup treat multivalue fields?

Lookup Tables - Dedup

Stats 2 results together and filling in the blank fields with dynamically-generated values

How to detected a Deviation of 20% vs weekly average?

Lookup values not shown on result table

How to get a table to show more than 100 rows

Compare two sources with multiple value

How to get common values in two different fields in two different searches

Please help for ssl for splunkd - Splunk runs but cannot log in and is slow

How to sort the result set or remove paging on trellis chart?

Is there a way to automate diag to support?

What is a Workbook in Splunk Investigate?

How to search two Indexes based on matching fields and add fields from both indexes to a table

What's the delay between last event written to disk and now()?

extract uri

How do I access the Splunk Investigate Slack Channel?

Help extracting alphanumeric string after matching pattern

Best way to format out time field for average time

Problem calculating fields at index time when input csv fields are all quoted

CSV empty quoted field extraction problem

System and Nobody had no roles

Timecharts and Multiple Operating Systems

How to search csv for values in a lookup table?

How to use two different search time ranges in one splunk rule?

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions