Splunk Search

Ask a Question

Discussions

Thread Info

How to write query for creating alert using lookup

Hi Splunkers, I have the events getting ingested as below: timestamp patch_version hostname Now,I want to cr...

by Explorer in

How to separate the fields AppDomainName and ApplicationSource in timechart?

Hi I have this query that counts the number of errors for two applications but I get the application names from diff...

by Engager in

how to extract only numeric values from field into table ? it fetching the non field values too from.

for example: dport=86 pattern: 0 tcp && dst port 86 && dst 345 here dport is field and pattern is non field value. ...

by New Member in

help on subsearch in order to match a common field between 2 lookup files

hi In a first lookup (host.csv), I have a field "host" In a second lookup (toto.csv), I have also a field "host" I...

by Motivator in

search using the Splunk API to get back a single result(not streaming) without using a saved search or SID?

can we run a search using the Splunk API to get back a single result(not streaming) without using a saved search or S...

by Explorer in

How to display the max value per day

My search calculate the number of events of a field per hour per day. In my chart result I only want to see the max o...

by Path Finder in

how to transform a search into a csv file in order to query the csv instead the index

hello I have done a saved search scheduled one time per day from the query below index=toto sourcetype="tut...

by Motivator in

Search to export structured CSV from Splunk

Hi, Using Splunk on a raw log file I get the total templates (clusters) of logs using something like: host="my_...

by New Member in

Splunk query OR condition

Trying to parse the following line: newCount 20 OldCount 10 The following is my splunk query: index="server"...

by Path Finder in

300 events are seen with the same Source IP and different Destination IP in 1 hour

Translating Qradar rules to SPL and stocked with setting thresholds 300 events are seen with the same Source IP an...

by New Member in

Pass the hash detection

Hello. Has anyone built a detection for pass the hash? I have windows local event logs and AD logs at my disposal...

by Explorer in

How to get sum stats from pair of values

Hi! I am looking for help for, I think, a simple statistic but I can't figure out how to do this simply. Here's an ...

by New Member in

Search for anomalous file names based on entropy?

Can anyone recommend a way to search for file names based on entropy? I'd like to run a search that looks for funky/a...

by Influencer in

Lookup query not working

All, I am running Splunk 7.2.6 under Debian 9.9. I am searching using index = main and picking the top 5 http ...

by New Member in

Index count on a single Indexer

Hi , We are running apps in docker world and looking at docker log growth - app / engineering team wants to adapt...

by Path Finder in

How can I find out whether the time is within working hours?

We would like to know whether the event time is within working hours and a developer came up with the following. Does...

by Motivator in

Regex field values to look for a specific character Splunk Search

Hi guys I'm looking to extract a value from a field using regex, the field contain different types of data such as Id...

by New Member in

Help with putting a conditional in my search

Hi, Someone was kind enough to help me with this yesterday: link text And it worked fine, until I realized that...

by Champion in

Prevent query autoformat from deleting empty lines

It can enhance query readability to separate large queries into their logical components using empty lines: index ...

by New Member in

How to create a drilldown

Hello everyone, I am trying to create a simple hiding drill down panel. With below search: index=_internal |stats...

by Path Finder in

What is the best way to find all current best practices about a particular topic?

Is there a good way to find validated best practices, ones that are expected to be current, tied to a specific featur...

by Splunk Employee in

can we use addtotals command in geostats map?

after using addtotals with geostats command, map is not showing correct location. Please help me to resolve this issu...

by New Member in

Need to sort macOS versions

I imported data from jamf cloud into splunk and one of the fields being returned is the operating system version. It ...

by Engager in

KV_MODE=json sometimes skips a particular JSON field?

We have a log file with multiple lines of JSON similar to this: { "foo": "bar","foo1":"foo2","userEmail":"foo@bar....

by Engager in

How to pass input variable to dbxquery

Hi Experts, I am struggling to pass inputs to my dbxquery. My intention is to display all EMPID and Employer name ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to write query for creating alert using lookup

How to separate the fields AppDomainName and ApplicationSource in timechart?

how to extract only numeric values from field into table ? it fetching the non field values too from.

help on subsearch in order to match a common field between 2 lookup files

search using the Splunk API to get back a single result(not streaming) without using a saved search or SID?

How to display the max value per day

how to transform a search into a csv file in order to query the csv instead the index

Search to export structured CSV from Splunk

Splunk query OR condition

300 events are seen with the same Source IP and different Destination IP in 1 hour

Pass the hash detection

How to get sum stats from pair of values

Search for anomalous file names based on entropy?

Lookup query not working

Index count on a single Indexer

How can I find out whether the time is within working hours?

Regex field values to look for a specific character Splunk Search

Help with putting a conditional in my search

Prevent query autoformat from deleting empty lines

How to create a drilldown

What is the best way to find all current best practices about a particular topic?

can we use addtotals command in geostats map?

Need to sort macOS versions

KV_MODE=json sometimes skips a particular JSON field?

How to pass input variable to dbxquery

Fastest way to demo Observability

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions