Splunk Search

Discussions

Thread Info

how to append query ?

Hi Guys i have 3 queries query 1 : identity/phones/retrieve AND "[HTTP-STATUS-CODE]" | stats count as Total quer...

by Path Finder in

Lookup table permission cannot be changed to global because of this error : : Cannot move asset lacking a pre-existing asset ID

we are getting this error only for during lookup permissionchange in splunk search head cluster : Splunk could not up...

by Explorer in

Firewall Log: How to send API calls to abuseIPDB and deal with results in splunk to get threat score?

Hi there, I have been dealing with Splunk for two weeks now. My intention was to make firewall drops from an Unifi Se...

by Engager in

How to compare two fields from two different searches and display results with matches and mis-matches?

I am running 2 different searches and have to compare the each value in one field with the values in the other field....

by Loves-to-Learn Lots in

Why are special characters replaced with UTF-8 after exporting table to CSV?

Hi all, When uploading a .csv file to Splunk, utf-8 is selected as the encoding type. Special characters look fine wh...

by Path Finder in

How to count the distinct list values

My results look like these: V1 V2 A X Y Z Z X Y Y B X X X Y Z Z X Y Y V2 IS A LIST. I want to ad...

by Contributor in

Help writing a condition for taking out average

Hi all, I need help in taking out “avg(“Participant”)” that is using calldevice1.   I need to write a condition here....

by Path Finder in

How do I write the regex to extract a DNS domain field from my sample data?

Hi : I need help extracting the domain IP address for the DNS logs. The automatic field extractor does not work in...

by Path Finder in

What's ops.json in etc/system/replication?

Hi, we removed some roles and checked on file level where these roles still have a reference. We found the file sp...

by Path Finder in

Cannot perform action "POST" without a target name Python

Hello all, I am running python 3.4.9 on CentOS 7. The issue I am having is with the following python script: fr...

by Communicator in

Monitoring Critical Device Logging

We are looking to take an enterprise level approach on the monitoring of critical device logging. We have a list of s...

by Path Finder in

How to remove this signal "-" and "OTHER" in results of a timechart?

Hi Splunkers, I have this search bellow: index=br_activedirectory_microsoft EventCode=4624 Account_Domain=AGBANESP...

by New Member in

tstats command help required for CIDR

Hello Everyone, I am writing a query using tstats command need to use the CIDR values . Below is the example. |...

by Explorer in

Geom command receiving error: Error in 'SearchOperator:Geom': could not resolve

I can't seem to get Splunk to run the search necessary to create a choropleth map. Here is my search: index="main"...

by Explorer in

Search not producing event types

Hello. I am trying to get interactive logon logs for all workstations in an organization. The event code for this log...

by Explorer in

How to include "-" in between a field value?

I have a field lastrundate which has values 20190623 , 20190624 , 20190626. I want to include an "-" in between them...

by Builder in

eventstats into multi-value list limit of max values

Is there a limit of max values in a multi-value field listSummary for | eventstats list(variable) as listSummary ...

by Path Finder in

How to recreate a bar chart using values over a time period showing duration, start times, and stop times using the chart command?

I am attempting to recreate a bar chart based on a start and stop time by workloads. Can anyone help me with the | c...

by New Member in

Test props and transforms from Splunk UI

In Splunk when we add data via uploading file it gives UI to add and verify props.conf properties there, like timesta...

by SplunkTrust in

How to use multiple saved searches for a single table

Hi, We are using a table in our dashboard and its output is based on multiple saved search. How can I run multiple s...

by Builder in

Sample command limitations

I noticed sample command in Splunk is limited in how many parameters can be used at the same time: https://docs.splun...

by Explorer in

How to group two field values into separate fields?

I am working with data that is shared/backed up by two separate hosts. Each userID is linked to two hosts. When there...

by Explorer in

Two searches using three indexes with different fields

I have this search below: index=BI_1 sourcetype=jobs_info fieldJ IN (Flamengo) | search index=BI_2 sourcetype=tel...

by Explorer in

Testing mmdb file in Splunk is there a command recommendation for risk scoring?

I am currently attempting to test the GeoIP2-Anonymous-IP.mmdb file out in Splunk. I know we can either place it in ...

by Engager in

Using field option in join command

If I get a search like below: index="main" ~~~~~ | table _time value code | join type=outer [search index="main" ~...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

how to append query ?

Lookup table permission cannot be changed to global because of this error : : Cannot move asset lacking a pre-existing asset ID

Firewall Log: How to send API calls to abuseIPDB and deal with results in splunk to get threat score?

How to compare two fields from two different searches and display results with matches and mis-matches?

Why are special characters replaced with UTF-8 after exporting table to CSV?

How to count the distinct list values

Help writing a condition for taking out average

How do I write the regex to extract a DNS domain field from my sample data?

What's ops.json in etc/system/replication?

Cannot perform action "POST" without a target name Python

Monitoring Critical Device Logging

How to remove this signal "-" and "OTHER" in results of a timechart?

tstats command help required for CIDR

Geom command receiving error: Error in 'SearchOperator:Geom': could not resolve

Search not producing event types

How to include "-" in between a field value?

eventstats into multi-value list limit of max values

How to recreate a bar chart using values over a time period showing duration, start times, and stop times using the chart command?

Test props and transforms from Splunk UI

How to use multiple saved searches for a single table

Sample command limitations

How to group two field values into separate fields?

Two searches using three indexes with different fields

Testing mmdb file in Splunk is there a command recommendation for risk scoring?

Using field option in join command

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions