Splunk Search

Ask a Question

Discussions

Thread Info

regular expression to transformation

Hello, In my linux data, two versions of the same hostname have turned up. and .local. Now I have been able to cha...

by Explorer in

Eval results compared to Total counts

I would like to display all Bot and Crawler activity compared to the total amount of events. index="Web" | eval W...

by New Member in

Extract a substring and filter the results based on the extracted substring from incoming logs

I am pretty new to Splunk and finding a way to figure out below: My incoming logs have a field message which contains...

by Communicator in

how can I get a deviation from a specific IP?

Good afternoon, I have this query to get global deviations in the number of connections. index=cisco_asa source...

by Path Finder in

Can someone suggest few ways of correlation of two or more fields

I have a ticket dump with following fields. Transaction ID Transaction Type Description Priority urgency Created On ...

by Explorer in

is a multi-line value possible for dedicated key-value pairs of an event?

dear splunk communitiy, we create events of an own format and everything principally works well: for example, ...

by Explorer in

Output Lookup command sending less results

I have a output lookup command which returns 4 rows via saved search when ran independently. However,on running th...

by Path Finder in

Splunk Maps

what is the difference between cluster and cheograph maps in splunk? and can i use cluster maps with coordinates not...

by Explorer in

compare results in different days

Good day! I have two requests for different dates. I need to compare the results of the queries. The following com...

by Explorer in

Null results on timechart using base search

Hello, im making a dashboard with a timechart and some filters, I can't make it to work, my filter gives no results a...

by Communicator in

nomv similar values with count

I have data like below, TaskName - Status Task 1 - New Task 1 - Running Task 1 - Running Task 1 - Pause Task 1 - R...

by Path Finder in

How to edit regex for existing fields

Hi! need to edit existing fields using regex as its not giving proper values. e.g. there is field called "IP" (auto e...

by New Member in

Splunk Query Help

I have a table like below Test_ID Test_Name Status 123 Test1 Passed 123 Test2 Passed 123 Test3 Failed 123 Test4 Pa...

by Path Finder in

Unusually high volume detection with respect to the same day of the previous week per server

It would be possible to detect an increase in volume per server. This is my current search that looks global but w...

by Path Finder in

how to whitelist using lookup table

we have threat logs from firewall. That log contains a signature, which is captured under signature field. my require...

by Explorer in

Splunk 7.2.1 Automatic language translation

Hi. The following problems occurred after upgrading to splunk 7.2.1. English automatically changes to Korean. How can...

by Explorer in

How to generate alerts programmatically?

Hi, I want to achieve this, Whenever we search something in Splunk, I want to return the search url along with the...

by New Member in

Could you advise me please, how to exclude IP subnet?

Hello, Could you advise me please, how to exclude IP subnet not using each of them NOT 141.8.142.220 etc. As example,...

by New Member in

split the filed with a hyphen "-" separator

Hi Team, I have a index below and i want to split the index values and create a new field with it. Example index...

by Path Finder in

how to find the total time taken by a search to finish the run for both adhoc and saved searches

Hi, i want to find out the total run time of both ad-hoc and saved searches. I checked in _audit index to find out th...

by Explorer in

Average of value during last running state

I am having data as shown in the below image, Is there a way i can get the avg of output considering the d...

by Explorer in

How to get the earliest _time of each column hit 100%

Hi , i have produced output below using predict command . _time Prediction(hostA) Prediction(HostB) Prediction(H...

by New Member in

How to run searches based on lookup table details

Hi I'm trying to match a table list of tasks for a client with a task run result. The table task shows if the task is...

by New Member in

Splunk help

by New Member in

rex pattern to create a field

Hi, I have this string in the log. 439 XObk5g6CUI62-gr3UIKfXAAAAAs 1@43465473@A and I want to create a field ou...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

regular expression to transformation

Eval results compared to Total counts

Extract a substring and filter the results based on the extracted substring from incoming logs

how can I get a deviation from a specific IP?

Can someone suggest few ways of correlation of two or more fields

is a multi-line value possible for dedicated key-value pairs of an event?

Output Lookup command sending less results

Splunk Maps

compare results in different days

Null results on timechart using base search

nomv similar values with count

How to edit regex for existing fields

Splunk Query Help

Unusually high volume detection with respect to the same day of the previous week per server

how to whitelist using lookup table

Splunk 7.2.1 Automatic language translation

How to generate alerts programmatically?

Could you advise me please, how to exclude IP subnet?

split the filed with a hyphen "-" separator

how to find the total time taken by a search to finish the run for both adhoc and saved searches

Average of value during last running state

How to get the earliest _time of each column hit 100%

How to run searches based on lookup table details

Splunk help

rex pattern to create a field

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions