Splunk Search

Ask a Question

Discussions

Thread Info

Group table results by lookup table value

We have a few servers clustered together and have created a lookup table that combines them. What I would like to do...

by Contributor in

How to search count by only business days?

Hello Splunk Ninjas, I have created an 'aging' field that counts the number of days since a certain date & time. I...

by Explorer in

How to get the time duration for the search string availability in day ?

Hi All, I was in need of a requirement to find the error codes and its occurences windows for a given day to be pr...

by Motivator in

How to make inputlookup return function check all records (rows) in a CSV?

Currently the inputlookup return function requires you to input a hardcoded total of records to check when used in a ...

by Communicator in

Regex for variable extraction

50.99.220.89 - 50.99.248.89 - - [12/Jun/2019:08:27:13 -0400] "POST /ccc67/JJ/U7UY/BCFUVGYUYGI11HTTP/1.1" 500 6629 ab...

by Contributor in

How to compare values on the same columns and on the same date

I have this table, and i just want to remove the rows that has the same cost on that date if the B1 of that row is on...

by Path Finder in

| input lookup return ALL rather than specify number

I'm trying to add this to my search but the number of lookup users may change!! (|inputlookup lotsofusers.csv | re...

by Path Finder in

What capabilities are required for the "sendemail" search command?

The ability for many things in Splunk is controlled by capabilities applied to roles/users. In order for a user to ut...

by Explorer in

How to select and join fields from 2 sources?

Hai everyone, I'm still a newbie to using Splunk. I want to ask about selecting and joining fields in 2 sources. ...

by Engager in

Where does HEC push come in from?

A customer is asking: "How can we tell where an HEC push is actually coming in from? or is that just not logged an...

by Ultra Champion in

Searching for merged events in Splunk

Hi, I have found that there are some events in Splunk that are merged and it is on a random basis and in a huge da...

by Builder in

Using a lookup for search

I have a small CSV file with common attack signatures in them that I have uploaded as a lookup called web_attack_sign...

by Engager in

How is the Size value on the job page calculated and logged in Splunk?

I am trying to figure out how the Size value in the Job page is calculated and where that is logged in splunk. I c...

by Explorer in

How to get the percentage of each HTTP status code

I would like to get the percentage of each HTTP status code. I have the count of each status code that appears and I ...

by Path Finder in

How to create a regex to extract the first IP address from multiple IP addresses in an event line?

There are multiple ip addresses in a raw event line and I only need the first one How can I achieve that? 192.168...

by Contributor in

Set token on submit button click?

Hi guys. Can someone please post working js code for a button that toggles a token from "true" to "false" and back...

by Motivator in

How to use where to compare field values

Let's say I'm doing a stats count by x,y How would I formulate a WHERE that compares the string value of x and y a...

by Communicator in

How to find out falied login attempts(EventCode=4625) which are more than 6 times within the 1hr timestamp?

Hi Team, I would like to find out user failed login attempts which are greater than 6 times and those 6 failed login ...

by Engager in

How to create a Regex question for field extraction for our shibboleth:audit sourcetype events?

I created the following regex to extract the fields for our shibboleth:audit sourcetype events: ^(?:[^\|\n]*\|){2}...

by Influencer in

"Oops! Your instance is no longer here."

I have been working on the Fundamentals 1 Certification using the free Cloud Trail instance of Splunk. My instance ha...

by New Member in

How to extract the HTTP Status Code?

I need help with extracting and graphing the HTTP status code which is always the end of every log formatted as; `...

by Path Finder in

How to use extracted field as input parameter to another search?

Hi, I needed help with using field extracted in the search(ORG) to be used as input for another search where a sim...

by New Member in

How to use calculated field with url?

Hello, I'm trying to use calculated field on data with url field. Simple doesn't work. Even a very simple 'upper(u...

by Path Finder in

How to create a regex to match URLs ending with a known file extension downloads?

I am trying to filter out all URLs which are for file downloads and those URLs will end with the file extension. Eg -...

by New Member in

Does the`search` command has implicit AND between expressions?

I always understood the search command's expressions be connected by a logical AND by default: search customer=123 it...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Group table results by lookup table value

How to search count by only business days?

How to get the time duration for the search string availability in day ?

How to make inputlookup return function check all records (rows) in a CSV?

Regex for variable extraction

How to compare values on the same columns and on the same date

| input lookup return ALL rather than specify number

What capabilities are required for the "sendemail" search command?

How to select and join fields from 2 sources?

Where does HEC push come in from?

Searching for merged events in Splunk

Using a lookup for search

How is the Size value on the job page calculated and logged in Splunk?

How to get the percentage of each HTTP status code

How to create a regex to extract the first IP address from multiple IP addresses in an event line?

Set token on submit button click?

How to use where to compare field values

How to find out falied login attempts(EventCode=4625) which are more than 6 times within the 1hr timestamp?

How to create a Regex question for field extraction for our shibboleth:audit sourcetype events?

"Oops! Your instance is no longer here."

How to extract the HTTP Status Code?

How to use extracted field as input parameter to another search?

How to use calculated field with url?

How to create a regex to match URLs ending with a known file extension downloads?

Does the`search` command has implicit AND between expressions?

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

How do I add the total count of all events in each...

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

Splunk Search

Are you a member of the Splunk Community?

Discussions