Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Why are we getting excessive number of alerts?

We have an All time (real time) alert which produced 315 alerts in the first eight hours of the day. When running ...

by Motivator in

Why is sub-search getting auto-finalized after 60 seconds and triggering false alerts

Hi, I have the below search query to monitor the process/instances running on our servers and the sub-search withi...

by Engager in

Splunk Query - How to create a table from event

I'm quite new to Splunk and currently am trying to do a simple with Splunk using syslog. I have a firepower syslog wh...

by New Member in

Multiple Events - Looking for Matching Data

I would like to show a count for every time I get a "burst" of similar events. This would be defined as more than on...

by New Member in

How to use subsearch results as values in a different field of parent search?

Hello, I am working with Windows event logs in Splunk. Specifically, process execution (EventCode 4688) logs. I...

by Path Finder in

Field Extractions Not working in Splunk Cloud

Hi Team, We have few aplication logs which are getting captured from Microsoft Storage Blobs using Microsoft Splun...

by Path Finder in

Regex for looking at executables in a specific folder

Hi All, I am trying to create a search that will parse our endpoint logs for any executable that have been run fro...

by Engager in

Splunk has not returned event in the result two weeks ago but now returns it. How is that possible?

Hello I have a saved search that is running every month at 1st day. The search is not new and has been working a long...

by Path Finder in

Handle different search results as one by analysing the percentage match

Hi Community, i have a search which shows me all PHP-Errors in the configured timespan. Now i want so sort this re...

by Engager in

Automatic key-value field extraction does not handle special characters ?

Hello, Here is the raw text of my event. {"country_code":"FR","currency":"EUR","reseller":"Franc\u00e9 Loisirs"...

by Engager in

How to assign value for any field as "0" when no events are there for the field?

I have a below query. But the below is not giving results after the July 11 date because there are no events for the ...

by Path Finder in

help with eval if needed

by Builder in

Help with custom search command (wait) needed

Hello, I need to apply 60 sec delay between two SPL commands, which start and collect the DB trace per dbxquery. ...

by Builder in

How to identify data communications to iCloud - first ever post - new splunk user

Hi everyone, I am fairly new to splunk. I am trying to work out the syntax in order to identify if a staff member ...

by Engager in

How to format a table

I have a search that will produce a pretty basic table like this: index=myindex | chart count by host, partition h...

by Path Finder in

how to get extract field in a numeric format?

I'm trying to extract value from a field in the raw text using a regular expression. I want the field values to be ex...

by Engager in

Joining two searches based on a common field

Hello Everyone, I have two search queries which are working as expected but when I trying to join both these queri...

by Explorer in

How can I have the query when the field have the % (same pictures)

I have the field count number and %, How can I set the query to run?

by New Member in

How to count pass of fail rate from all if conditions

I have the following , I want to know how to calculate rate on rule1, rule 2, rule3.... pass and fail rates(only for ...

by Explorer in

Where function not calculating fields as expected

I have a basic search to identify systems that have not checked into a service for X amount of time. There is nothing...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why are we getting excessive number of alerts?

Why is sub-search getting auto-finalized after 60 seconds and triggering false alerts

Splunk Query - How to create a table from event

Multiple Events - Looking for Matching Data

How to use subsearch results as values in a different field of parent search?

Field Extractions Not working in Splunk Cloud

Regex for looking at executables in a specific folder

Splunk has not returned event in the result two weeks ago but now returns it. How is that possible?

Handle different search results as one by analysing the percentage match

Automatic key-value field extraction does not handle special characters ?

How to assign value for any field as "0" when no events are there for the field?

help with eval if needed

Help with custom search command (wait) needed

How to identify data communications to iCloud - first ever post - new splunk user

How to format a table

how to get extract field in a numeric format?

Joining two searches based on a common field

How can I have the query when the field have the % (same pictures)

How to count pass of fail rate from all if conditions

Where function not calculating fields as expected

Streamline Data Ingestion With Deployment Server Essentials

Remediate Threats Faster and Simplify Investigations With Splunk Enterprise Security ...

Introduction to Splunk AI

AD servers with indexing delays when evt_resolve_a...

Using comparison function within mstats

splunk search statement using keyword from input b...

Ex Cisco - run a report for all DFS users who logg...

Splunk query to list all the queries that time out