Splunk Search

Ask a Question

Discussions

Thread Info

How to use dynamically calculated threshold in alert search?

Hi all, I need to calculate the standard deviation value using previous 5mins of data and have to recalculate ever...

by New Member in

Field Comparison Not Working in Basic Search

I have two queries: index=main | eval var1="avalue" | eval var2="avalue" | search var1=var2 and ...

by Engager in

mstats and mcatalog simply does not work

I try to use mstats and mcatalog command it just simply does not work, I think its Splunk settings side Im missing, ...

by Path Finder in

Can you help me with the following SPL: Index=fw_cisco

Question on the following SPL: > index=fw_cisco src_ip="1.2.3.4" | stats count(dest_port) by dest_ip dest_port ...

by Engager in

Tool for measuring search performance based different types of searches

Is there a tool available that will bombard Splunk with different types of search queries such as dense, sparse, rare...

by Explorer in

Why am I unable to export results from a long-running search query?

I ran a search recently that took a couple hours to run. The number of results was pretty low - only a few thousand, ...

by Builder in

Using field eval values in if condition.

I have a search as below: |rex field=Field "^(?.+?)." | eval Srvr = if(sourcetype="Type_1", Field_1 , if(sourcety...

by Loves-to-Learn in

Combine multiple searches with no relation in one table

I have different count searches that I want to show in one report so I can send it to me as a csv file. index=prox...

by Explorer in

How to use a field in lookup table as search count

I have a lookup table with 3 fields/columns: Service, Priority, Threshold. If the search on service count is > (value...

by New Member in

Dashboard: How can I convert a token from a "Time Picker" into a unit of time like minutes?

Hi everyone, Here's the process I'm trying to do. Initial Conversion 1. Use a "Time Picker" input --> 2. Take ...

by Explorer in

How to get the values for the selected fields

Hi Guys, I have this query with me. index=qvmr_soc_r job_type=batch |stats dc() as * | fields *vip snps | tran...

by New Member in

How can I find users logged on some PCs if PCs list is a result of a different search?

Hello, I'm trying to create a list of users who use a particular software, lest say Notepad 7.6.3. I can easily fi...

by Communicator in

timechart when span set to a week gives a different values , in comparison to span set to a day for a duration of a week.

I am running a query with a timechart span of '1w' duration of earliest being set to '-4w' and latest set to 'now', t...

by Path Finder in

How to enhance the search results of events that match a lookup.csv?

Hi, I have a query that produces the results I want but now I need to add some extra fields to the events. I ha...

by Builder in

How to check which value is larger than the other and calculate the gap between them?

Hi I have two values that i need to check which one of them is bigger and calculate the gap between them how can i d...

by Communicator in

Why I can't use case insensitive match in lookup with WILDCARD?

My environment : Splunk Stand-Alone ver 7.2.3 I'd like to extract username that match with lookup case-insensitive...

by Builder in

Help with Splunk Query to detect unusual logons to different computers

Good morning, I am wondering what commands that I can use in order to detect a user account logging into a machine...

by New Member in

max concurrent rt searches

Hello, I have an issue with extending the number of the concurrent rt searches. I can see constant amount of 36 RT...

by Builder in

How do I modify my geostats search so my map shows the field values for each country based on latitude and longitude from a lookup?

Hello all, I have an issue trying to visualize data on a map. Now, I'm trying to get the lat and long from a looku...

by Explorer in

customizing limits.conf for number of searches

hi! I am currently creating a dashboard where I run a total of 14 concurrent real time searches. whenever I run the d...

by Communicator in

How to group multiple field values into one field

I have logs where I want to count multiple values for a single field as "start" and other various values as "end". Ho...

by Builder in

Exclude from search values from lookup table

Hello, I have a lookup table which i test it like this : |inputlookup approved_s3_buckets.csv and display the ...

by New Member in

How to use a drop-down token to pick different searches to run and populate a chart panel?

I have a dashboard that is populated only by a drop-down input and a chart panel. What I want to do is have severa...

by New Member in

Can you help me compare how much data was ingested in GB from an index today and yesterday?

by Path Finder in

Gathering Six Months of Trend Data

I'm still relatively new to Splunk and am having trouble understanding Timechart and the proper syntax for it. I'm lo...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to use dynamically calculated threshold in alert search?

Field Comparison Not Working in Basic Search

mstats and mcatalog simply does not work

Can you help me with the following SPL: Index=fw_cisco

Tool for measuring search performance based different types of searches

Why am I unable to export results from a long-running search query?

Using field eval values in if condition.

Combine multiple searches with no relation in one table

How to use a field in lookup table as search count

Dashboard: How can I convert a token from a "Time Picker" into a unit of time like minutes?

How to get the values for the selected fields

How can I find users logged on some PCs if PCs list is a result of a different search?

timechart when span set to a week gives a different values , in comparison to span set to a day for a duration of a week.

How to enhance the search results of events that match a lookup.csv?

How to check which value is larger than the other and calculate the gap between them?

Why I can't use case insensitive match in lookup with WILDCARD?

Help with Splunk Query to detect unusual logons to different computers

max concurrent rt searches

How do I modify my geostats search so my map shows the field values for each country based on latitude and longitude from a lookup?

customizing limits.conf for number of searches

How to group multiple field values into one field

Exclude from search values from lookup table

How to use a drop-down token to pick different searches to run and populate a chart panel?

Can you help me compare how much data was ingested in GB from an index today and yesterday?

Gathering Six Months of Trend Data

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions