Splunk Search

Thread Info

Error with Rex exceeding match_limit, asking raising the value in limits.conf

I am fairly new to regex. I wrote a regex that works fine in regex101, but because I am doing lots of back tracking I...

by Communicator in

Very large number math

I have a log file with a very large number in it, it's a sequence number, and doesn't seem to have anything to do wit...

by Communicator in

Splunk Query For Admin Who Unlocked Account

Hello All, I created a query that looks for event 4767 (A user account was unlocked) and it returns the date/time ...

by New Member in

user with no activity

We are monitoring the user activities for a day. The query is as follows. remote_user=a OR remote_user=b OR remote...

by Observer in

where command for innotnull

Hi, I'm new to splunk and I'm trying to exclude null values for one of the columns in my datasheet. That column as ...

by New Member in

mstats produces 2 buckets when span and time picker are both equal

hi i ran a search to calculate 95th percentile in a 7 day span and output in a single bucket the result: | mstats ...

by New Member in

How to find unique values between two queries?

I know I am for sure over-complicating this. I need to find values that are in field x, that are not in field y. T...

by Contributor in

Set given preset value in time range picker

Hi, I'm using Splunk Enterprise 7.2.3. I have a time range picker on my dashboard to set the date/time range to se...

by Engager in

How to do use "lookup" when the table needs transformation using regex

hi We have a centralised lookup file (which is CSV file), but not in our control to change it. The lookup file (en...

by Super Champion in

Comparing lists from two searches

I've been trying to research this for a couple of days and haven't been able to find anything just right. I am attemp...

by Explorer in

how Meta Woot! stores keys in the KV store to eliminate issues with duplicate keys

Looking how Meta woot application will help with KV store.

by New Member in

Why are the blocked data counts not showing up?

Good day, I've the following query where I want to show the amount of times a category was notified "Blocked" out ...

by Communicator in

What is the best way to search for blank (null) fields in a search?

Is there a best way to search for blank fields in a search? isnull() or ="" doesn't seem to work. Is there way to do ...

by New Member in

Does anyone have an explanation for the differences in count with and without eval expression

Hello, on searching for discrepancies in my dashboard I was able to cut down the problem to the following to searc...

by Path Finder in

How to add the sum of previous row data to next next row

Hello, I have 3 questions here. 1) Code WeeK RFS1 RFS2 RFS3 decision 1234 W1 5 5 5 1234 W2 5 5 6 1234 W3 1 2 2 ...

by Path Finder in

group results to be emailed to appropriate support team based on server

I'm looking to search for multiple errors and exceptions across application logs for across multiple servers. usin...

by New Member in

How to get the count of the number of duplicates that have been eliminated using dedup

There are many failures in my logs and many of them are failing for the same reason. I am using this query to see the...

by Engager in

Extract multiple values from a single existing field, using regex

Hey, I have this event. as you can see there is field named cs1. I need to create new field lets say cs_1 and extract...

by Path Finder in

match values in same fields

Hi, i would match two field, exactly: field1 - field2 1 - Empty 1 - Empty 1 - Empty Empty - 2 Empty - 2 Empty - 2 ...

by Engager in

How to extract pipe delimited field value?

HI All, I have scenario where my field value is pipe delimited e.g. Session=PP|OO|GG if in search I do table of...

by New Member in

how to break fields into separate lines which were concatenated

Hello, My Situation is different. I have few columns like: code, Week, rfs, decision, new_deecision. In my s...

by Path Finder in

Unique IP count

It seems like something that has been answered before but i have been unable to find the answer. Is it possible to ru...

by New Member in

Can you help me make a query that would Fill in values in braces from data inside the JSON?

Here is the source data: { "contextValues": [ "10.1.1.1", "10", "testhost" ], "contextTypes": [ ...

by New Member in

Can anyone help resolve the issue with my search for events relating to USB violations

by Engager in

How to populate fields from two indexes that share one field

Hello, I asked this question yesterday but didn't get the right solution. I have two indexes with different fields a...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

Error with Rex exceeding match_limit, asking raising the value in limits.conf

Very large number math

Splunk Query For Admin Who Unlocked Account

user with no activity

where command for innotnull

mstats produces 2 buckets when span and time picker are both equal

How to find unique values between two queries?

Set given preset value in time range picker

How to do use "lookup" when the table needs transformation using regex

Comparing lists from two searches

how Meta Woot! stores keys in the KV store to eliminate issues with duplicate keys

Why are the blocked data counts not showing up?

What is the best way to search for blank (null) fields in a search?

Does anyone have an explanation for the differences in count with and without eval expression

How to add the sum of previous row data to next next row

group results to be emailed to appropriate support team based on server

How to get the count of the number of duplicates that have been eliminated using dedup

Extract multiple values from a single existing field, using regex

match values in same fields

How to extract pipe delimited field value?

how to break fields into separate lines which were concatenated

Unique IP count

Can you help me make a query that would Fill in values in braces from data inside the JSON?

Can anyone help resolve the issue with my search for events relating to USB violations

How to populate fields from two indexes that share one field

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...