Splunk Search

Discussions

Thread Info

What is the best way to find all current best practices about a particular topic?

Is there a good way to find validated best practices, ones that are expected to be current, tied to a specific featur...

by Splunk Employee in

can we use addtotals command in geostats map?

after using addtotals with geostats command, map is not showing correct location. Please help me to resolve this issu...

by New Member in

Need to sort macOS versions

I imported data from jamf cloud into splunk and one of the fields being returned is the operating system version. It ...

by Engager in

KV_MODE=json sometimes skips a particular JSON field?

We have a log file with multiple lines of JSON similar to this: { "foo": "bar","foo1":"foo2","userEmail":"foo@bar....

by Engager in

How to pass input variable to dbxquery

Hi Experts, I am struggling to pass inputs to my dbxquery. My intention is to display all EMPID and Employer name ...

by Path Finder in

How to get the on time and off time over a category with place

Hi Splukers, @niketnilay I have table with 4 fields. I created the status with eval command with index=XXX...

by Path Finder in

Join if one of two fields match a lookup

Hi there, many thanks for reading this far and for any insights you can give. I have a base search which returns a...

by Communicator in

Calculate the average of count per day

I am fetching production data like the number of completed for the last 7 days for different procustion customer and ...

by Path Finder in

Issue with database table name with spaces in map dbxquery search

Hi Splunk experts, Please help on the below issue. When i am running a query directly with dbxquery, the table nam...

by Path Finder in

How to find the oldest log indexed in the indexer instances ?

Hi All, Currently we are running out of space in our indexer instance and we wanted to remove the oldest data that is...

by Motivator in

I have a inputlookup which have fields like index and count need to create an alert which should trigger when count of indexes given will be exceed given count in lookup, use of sub search will also fine

I have a inputlookup which have fields like index and count need to create an alert which should trigger when count o...

by Communicator in

Can I do a timewrap and use partial=false (part of timechartt command) when setting latest time to now =+Xdays@d

my search looks like this ... | fields _time fieldname | eval wday = strftime(_time, "%a") | where wday = "Thu" | fi...

by Motivator in

How to count the events from domain controller server hosts per hour using tstats?

I want to count the events from dc server hosts by hour using tstats: | tstats count where host="srv*dc*" by host ...

by Motivator in

Hunting for duplicate event data to find suspicious activities

I am trying to determine the right SPL to dig through a financial data set and look for duplicate entries. The data g...

by Explorer in

How to Split multi valued row in to different rows

I have a below query which shows the recent windows patches installed in the servers, So most of the servers got inst...

by Explorer in

how to filter the logs when a username field ends with "-TEST"

The following are my transforms.conf and props.conf in my cluster master which are sending all the logs for the below...

by Builder in

Tally field by value and source and divide by total source count

Hello, all. I'm looking for the best method to tally a particular field by value and source and then run division ...

by Engager in

Pulling 1-day old records

Hi, Let say I have field lastTime (sample value lastTime = 09/01/2019 11:52:31). There are records with lastTime r...

by Contributor in

Trying to match a field with multiple values against a lookuptable

I trying to search a lookup table for matching field=user the field contains multiple values for example user=ID, nam...

by New Member in

Search two lookup tables for matching field values

Hi trying to search two lookup tables for matching fields values, both tables have the same fields. Just looking to c...

by New Member in

Wildcard lookup returns more than one value

So I have a regex: rex field=requestUrl "^\w+:\/\/[^\/]+\/(?<uri>.+)$" And then I use the value of that in a l...

by New Member in

Regex not working as expected

For one of the Security usecase, we need to extract Group Memberships from the Domain. The trickier part is some of t...

by Path Finder in

Item count not including quality.

Here is the sample log I want a timechart. {"dtm":"2019-09-04 07:17:39.129 PDT", "logger":".WEB_ORDER_RELEASE", "a...

by Contributor in

Admin Passwords Across Clusters

Just to be sure, does the admin password need to be the same for each component in the Search Head or Index Cluster?

by Builder in

use inputlookup with field index and count as sub search

I have an inputlookup which have 2 fields index and count, I need to create an alert so that alert will trigger when ...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

What is the best way to find all current best practices about a particular topic?

can we use addtotals command in geostats map?

Need to sort macOS versions

KV_MODE=json sometimes skips a particular JSON field?

How to pass input variable to dbxquery

How to get the on time and off time over a category with place

Join if one of two fields match a lookup

Calculate the average of count per day

Issue with database table name with spaces in map dbxquery search

How to find the oldest log indexed in the indexer instances ?

I have a inputlookup which have fields like index and count need to create an alert which should trigger when count of indexes given will be exceed given count in lookup, use of sub search will also fine

Can I do a timewrap and use partial=false (part of timechartt command) when setting latest time to now =+Xdays@d

How to count the events from domain controller server hosts per hour using tstats?

Hunting for duplicate event data to find suspicious activities

How to Split multi valued row in to different rows

how to filter the logs when a username field ends with "-TEST"

Tally field by value and source and divide by total source count

Pulling 1-day old records

Trying to match a field with multiple values against a lookuptable

Search two lookup tables for matching field values

Wildcard lookup returns more than one value

Regex not working as expected

Item count not including quality.

Admin Passwords Across Clusters

use inputlookup with field index and count as sub search

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions