Splunk Search

Discussions

Thread Info

Odd escape handling with regex and rex? How do I cross-check an inputs.conf blacklist?

Hello, I'm attempting to verify a blacklist parameter for a wineventlog stanza by using regex and rex in search an...

by Path Finder in

Is it possible to reuse a field regex in multiple alerts?

We have a large number of alerts which extract data from nginx logs and ping under certain conditions. In each of the...

by New Member in

Select only some fields from csv to index

Hi all, I'm in enviroment so configured: 1 uf, 1 hf, 4 indexers, 1 search head, 1 master cluster. I've to index...

by Path Finder in

View percentage with count

Hi all, I'm pretty new to Splunk and I'm trying out different things to challange myself. I completed the fundemen...

by Path Finder in

How to show Trending compared to last month value

Hello , I want to show trending compared to last score calculated. I have multiple single panels calculating one fiel...

by Explorer in

Audit splunk

It is unclear for me why there isn't any easy and comfortable way to search all the objects that have been changed on...

by Contributor in

eventtype which contains macro is not working

Hi Splunkers, I have distributed environment. when I tried searching for eventtype which contains macro is not wor...

by SplunkTrust in

How to add multiple fields count values

Hello, I have 6 fields that I would like to count and then add all the count values together. For example I ha...

by Engager in

Can we make a search id persistent

Dear Team, We want to make a search id persistent in splunk can we do that? by using the search id we want to run ...

by New Member in

Alternative for join.

index=core a=BuilderService AND "decision.received" "Overrides" NOT "ItemOverrides=()" NOT commitCode=null | rename ...

by Contributor in

How to calculate time difference between two identical events

I have the following events **2019-09-20 01:39:25 INFO Listener processing event with message metal:AUD:ADJ 2019-0...

by Engager in

Extract fields from array of data and find best performing currency.

SSP Request: { "disableAMLFlag" = "false"; "orderAttributes" = { "OrderAttributes" = { "requestPostalIndicator" = "X"...

by Contributor in

How to find values that are not in a summary index

Good day, I have sysmon information collected in an index called sysmon. I also have created a summary index "HASh256...

by Path Finder in

How to calculate state based on values from many searches

I'm using a dashboard to display the state of some services. For this purpose, I must takes single values from many s...

by Explorer in

How do we invoke a sub search with parameters from the parent search?

We have a parent search that looks like - index=os_linux * | eval length = len(process) | where length = 7 | s...

by Motivator in

Force python3 on custom commands

Hi all, I´ve a custom command but it requieres python3 for launch properly. Errors on job inspector: 09-17-2019...

by Path Finder in

How to compare output of a search to a lookup file?

Hello, I have a lookup filled with hostnames. I want to compare the hostnames with the host field in the index. ...

by New Member in

How can I set timechart span=2h count for a day to start plotting from midnight?

Hi, Could anyone know how to start plotting from midnight when time range is something like earliest=-1d@d latest=...

by Motivator in

Help creating a search that involves an IF statement and JOIN

There are three different events. Each event has the same fields. The fields I am focusing are "NumberOfRecords" and ...

by Engager in

Help putting a condition match for a search with three possible results to show/hide either both or one of two panels

I'm trying to either hide or show two panels depending on a search result from a different panel which will have 3 op...

by Explorer in

Search not giving correct results (Join,Append,Union)

Hello All, I am working the below search - When I am running these two main which joined using join command are givin...

by Path Finder in

How to speed up my search?

I am trying to show the count of events where any external IP is attempting to connect to port 136-139, 445 from diff...

by Path Finder in

Timechart not displaying for some selections despite having results. It's invisible for some reason, but shows when it edit mode

I have a timechart dependent on a dropdown at the top of the dashboard that selects the customer to show the results ...

by Explorer in

How to get sum of field based on it's value?

Hi, I would be grateful for any help. In my fields we are having two fields which are: data.user_id and data.co...

by Path Finder in

Time difference by grouping identical events

Suppose I have the following events. 2019-09-20 01:40:09 INFO Listener processing event with message key A1:B1...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Odd escape handling with regex and rex? How do I cross-check an inputs.conf blacklist?

Is it possible to reuse a field regex in multiple alerts?

Select only some fields from csv to index

View percentage with count

How to show Trending compared to last month value

Audit splunk

eventtype which contains macro is not working

How to add multiple fields count values

Can we make a search id persistent

Alternative for join.

How to calculate time difference between two identical events

Extract fields from array of data and find best performing currency.

How to find values that are not in a summary index

How to calculate state based on values from many searches

How do we invoke a sub search with parameters from the parent search?

Force python3 on custom commands

How to compare output of a search to a lookup file?

How can I set timechart span=2h count for a day to start plotting from midnight?

Help creating a search that involves an IF statement and JOIN

Help putting a condition match for a search with three possible results to show/hide either both or one of two panels

Search not giving correct results (Join,Append,Union)

How to speed up my search?

Timechart not displaying for some selections despite having results. It's invisible for some reason, but shows when it edit mode

How to get sum of field based on it's value?

Time difference by grouping identical events

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions