Splunk Search

Discussions

Thread Info

How to use mvcount to get the accurate count of a keyword by source

I have logs that have a keyword "*CLP" repeated multiple times in each event. I am trying the get the total counts of...

by New Member in

How to compare last value and the second last value if they are non-numeric

I want to get notified every time when an account expiry date is removed from Active directory and set to Never "A...

by New Member in

Historical searches for multisearch command

Does anyone know of a way to search all search histories containing |multisearch? Based on the previous answer, this ...

by Contributor in

Last Chance Index setup issues

hello, we are trying to configure a lastchanceindex to capture events being sent to a non-existing index, however it ...

by Path Finder in

Auto Lookup CIDR

For this my ultimate goal is to set up a automatic lookup for a source type. Set this to Global also I set up the ...

by Explorer in

BREAK_ONLY_BEFORE_DATE=true is not working

Here is my log sent from an UF to and Indexer: 2019-09-16 09:37:00 Fetching ISS data 'issfiles/sampleFile.tmp' -> ...

by New Member in

Auto Lookup CIDR

I have created a csv lookup file that looks like this computerip Sitename 10.89.64.0/24 Test Site Then I went thr...

by Explorer in

Integrating AWS CUR using AWS Redshift with Splunk Db connect

Hi, I am working on onboarding CUR data of AWS to Splunk in order to design dashboards with specific to few items...

by New Member in

How to use timechart with Eval command

index=storage source="/******.csv" | stats sum(00_) //It represents sum of various fields | eval sum1=0 | foreach s...

by Path Finder in

I want to exclude events before a certain date ( not timestamp).

Lets say i have a column called as birthdate in my events and i do not want to see the events or birth records which ...

by New Member in

Subtract different time format

Hello, i have only two values logout_time and online_time and i would like to get the login_time. How could i subt...

by Explorer in

How to extract from multiline events using regular expressions with variables?

Hi, I have a rather large multiline event which I am trying to extract data from. The problem is that the format i...

by Engager in

Warning in email notification in splunk

Dear Team, We have configured the email notification in splunk but we are getting the below warning message. How c...

by New Member in

custom time range to sub search

Hi, I want to run a search for a selected time range, and also want to do a sub search for the same duration in the p...

by Loves-to-Learn in

Unable to search for logs from console

Somehow i have not got logs from universal forwarder servers since Sep 11, How to find out the reason ?

by New Member in

一定数値の範囲の数をカウントしたい

ご教授ください。今日の日付とデータの日付を比較し、差分（何日間）をdurationという名前で抽出ししました。このdurationを一定の範囲の数をカウントしてビジュアライズしたいと考えたのですが、この範囲カウントが出来ませ...

by Engager in

tonumber() not working on scientific notation

Hi All, I am indexing a file with JSON and epoch values on the JSON are written in scientific notation An examp...

by New Member in

How to search with "IN" to produce same results as "OR"?

I have a search with a bunch of OR's and I wanted to replace it with "IN" however I do not get the same results. M...

by Contributor in

Convert a dashboard into an APP

Is it possible to convert a dashboard into an APP? I am trying to make it easier for managment to access it. If...

by Loves-to-Learn Lots in

How to 'join' two data sets but neither left join or inner join are suitable?

Hi everyone, I've tried to answer this myself but no luck. I fear it might be so simple i'm overlooking it. I'm co...

by Explorer in

Display Dates that Expire in 90 days

Hello, We have a field called "Certificate Expiration Date" and trying to only show items that expire 90 days or ...

by Path Finder in

How to group by a field and display multiple fields

I have trace, level, and message fields in my events. I want to group by trace, and I also want to display all other ...

by New Member in

Odd escape handling with regex and rex? How do I cross-check an inputs.conf blacklist?

Hello, I'm attempting to verify a blacklist parameter for a wineventlog stanza by using regex and rex in search an...

by Path Finder in

Is it possible to reuse a field regex in multiple alerts?

We have a large number of alerts which extract data from nginx logs and ping under certain conditions. In each of the...

by New Member in

Select only some fields from csv to index

Hi all, I'm in enviroment so configured: 1 uf, 1 hf, 4 indexers, 1 search head, 1 master cluster. I've to index...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to use mvcount to get the accurate count of a keyword by source

How to compare last value and the second last value if they are non-numeric

Historical searches for multisearch command

Last Chance Index setup issues

Auto Lookup CIDR

BREAK_ONLY_BEFORE_DATE=true is not working

Auto Lookup CIDR

Integrating AWS CUR using AWS Redshift with Splunk Db connect

How to use timechart with Eval command

I want to exclude events before a certain date ( not timestamp).

Subtract different time format

How to extract from multiline events using regular expressions with variables?

Warning in email notification in splunk

custom time range to sub search

Unable to search for logs from console

一定数値の範囲の数をカウントしたい

tonumber() not working on scientific notation

How to search with "IN" to produce same results as "OR"?

Convert a dashboard into an APP

How to 'join' two data sets but neither left join or inner join are suitable?

Display Dates that Expire in 90 days

How to group by a field and display multiple fields

Odd escape handling with regex and rex? How do I cross-check an inputs.conf blacklist?

Is it possible to reuse a field regex in multiple alerts?

Select only some fields from csv to index

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!