Splunk Search

Discussions

Thread Info

How to create a base search that retains multiple regex fields?

I have a dashboard that is built from 3 different searches. They all come from the same data so I would like to turn ...

by Motivator in

multiple Case conditions?

Hi, I am using multiple case conditions but the condition is not matching. In the third line of the code used AND c...

by Builder in

How to use stats in multiple Condition and fields ?

Hi Guys, I am trying fetch details using stats.In this query I am trying get status from the below conditions and w...

by Builder in

Dividing combined value into separate values

Currently, I have a table that looks like this: Table1 Hostname Vendor Product Version----...

by Path Finder in

Lateral movement search needed

Hi, I need an help with my windows security logs how we can create the lateral movement use case

by Builder in

Log searching Splunk

I am searching some logs in an application for the last 24 hours (or any time range the user has selected). Is it pos...

by Path Finder in

Issue using rex to replace string

Hello world, I'm trying to use rex to rename the part of the strings below where it says "g0" to "GRN". So the outp...

by Explorer in

Setting a date range as a field for the chargeback app

I have a question regarding how to properly extract the time ranges between the Events to use as a field value for a ...

by Communicator in

Collect command with federated searches

I have a use case where I'm trying to collect events from a federated search. I can run and search results using the ...

by Engager in

How to filter a field from the log where the values change

How to filter a field from the log where the values change for example please see below, logfile =(result1=0 result...

by Explorer in

How to Extract multiple values in field in json

Thanks I am trying to extract three fields in below given message "message" : "BatchId : 7, RequestId : 100532188...

by Builder in

How to exclude field values in the query?

Hi Guys, I am try to exclude field value . need to exclude message=""API:START: /v1/Journals_outbound" i...

by Builder in

mutiple search

Hello everyone, i need solution for this. my data : userID=text123 , login_time="2024-03-21 08:04:42.201000", ...

by Explorer in

Facing issue with my Serach

Hello All, Below is my alert script, and I dont want to have any alerts during night 11:50 to 00:25 midnight, howe...

by Loves-to-Learn Everything in

Where field count is less than, but not stats count by

I run a Splunk query to see events from my web application firewall. I filter out certain violations by name, using a...

by Explorer in

Filtering a weekly timewrap timechart by a specific time window each day.

I have the following query that gives me week-over-week comparisons for the past month: index="myIndex" ear...

by Path Finder in

Streamed Search Execute Failed Because: Error in 'lookup' command

Good morning, I am having issues with admon and running into this error: Streamed Search Execute Failed Because...

by Path Finder in

Date difference in months

on my search index=raw_fe5_autsust Aplicacao=HUB Endpoint="*/" | eval RefUser=if(Mes!="", Mes, substr("...

by New Member in

Prevent users from table sorting (when clicking on its headers)

The question is really simple, not that sure about the answer though. I'm using Splunk 5.0.6 + Advanced XML panels to...

by Path Finder in

Display only weekdays in Time chart

Hi,Is it possible to display only weekdays in Time chart ? PS: I am not looking to discard the data for weekend. Just...

by Path Finder in

Syntax/use of subsearches

I have a query … index=blah "BAD_REQUEST" | rex "(?i) requestId (?P<requestId>[^:]+)" | table requestId | dedup req...

by Path Finder in

How to search based on variable? | search no = variable

Hello,How to search based on variable? If select contains "many", then search no IN (1 to 30), else search NO 7| e...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to create a base search that retains multiple regex fields?

multiple Case conditions?

How to use stats in multiple Condition and fields ?

Dividing combined value into separate values

Lateral movement search needed

Log searching Splunk

Issue using rex to replace string

Setting a date range as a field for the chargeback app

Collect command with federated searches

How to filter a field from the log where the values change

How to Extract multiple values in field in json

How to exclude field values in the query?

mutiple search

Facing issue with my Serach

Where field count is less than, but not stats count by

Filtering a weekly timewrap timechart by a specific time window each day.

Streamed Search Execute Failed Because: Error in 'lookup' command

Date difference in months

Prevent users from table sorting (when clicking on its headers)

Display only weekdays in Time chart

Syntax/use of subsearches

How to search based on variable? | search no = variable

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions