Splunk Search

Ask a Question

Discussions

Thread Info

help to remove an empty line

hI I use the request below sometimes I have only value for Free_Space and sometimes only value for TotalSpace inst...

by Motivator in

Can you help me a make regular expression for input.conf on a Splunk forwarder ?

Hi, I am collecting all log file to a syslog server where I have a Splunk forwarder installed. To override source ...

by Engager in

Can I tag with search?

I would like to tag you at search time. I'd like to tag the result of the calculation when searching. ex ) LogID ...

by Explorer in

Timechart limit 1000 results per series, can I increase this?

Example: I want a second-by-second stat for the past 24 hours. The following message shows: "These results may be tru...

by Path Finder in

Can you help me plot some data on a chart's X and Y axes?

I have two values a) The time when a breach occurs. b) The amount of memory consumed during the memory breach. ...

by Contributor in

Not getting data for all day

I am running timechart command for sum of free space and used space with span of 1 day. I am missing data for few day...

by Communicator in

How do you extract a new field from a source field?

I have a log with below as a source field from which I need to extract the field Gateway name (My_Gateway_NONPROD). ...

by Explorer in

Removing a subset of data from average calculation

Hi everyone, I need some help figuring out how can I exclude certain users' data from my calculation of average of...

by Explorer in

Trying to find Inactive distribution Lists

Hi, I am new to using Splunk and have been tasked with trying to find all inactive distribution lists within our ...

by New Member in

Joining two searches on different indexes based on lookup values and return calculated values from both searches

Hi folks, This is a complex question, so bear with me. We have 2 heavy searches that return calculated and lookup val...

by Explorer in

How to set a token with eval?

I'm trying to set a token with eval. However, my logic doesn't seem to be working. I haven't been able to find a work...

by Path Finder in

How do you Join two searches based on lookup values?

Hi folks, I have 2 searches that return equivalent values based on the result of a lookup, as such: Search 1 ...

by Explorer in

Can you help me create a search for failed logons?

How would I write a search to look for failed logons coming from the same account happening across different systems?...

by Explorer in

How to display SLA status based on SLA times defined in lookup file?

Lookup file sla_jobs.csv: Business AppName RunDays BatchStartJob AvgBatchStartTime BatchEndJob SLA_time Sa...

by New Member in

joining results from 2 different indexes where field in one of the search is extracted using rex

I would like to join the result from 2 different indexes on a field named OrderId (see details below) and show field ...

by Explorer in

HI NOT "/healthCheck"

NOT "/healthCheck" , what the point of using this n search ? I want to know is it searching for string health chec...

by Explorer in

Splunk Search: Lateral Movement

Hello! I am wanting to build a search that can help detect lateral movement. I want to see when the same user is logg...

by Explorer in

Should I use Lookup or mvexpand in the following search?

I have a search that returns a list of namespace values. I want to take each one of those namespace values and ru...

by Communicator in

Can you help me with my search query?

I am running the below search index=main sourcetype="aws:description" state=* image.attributes.name!=emr* id=i-069...

by Builder in

How do you get a description field with the output result fields?

I have the below query index=main AND sourcetype="abc" AND id=* AND ((state="terminated" AND image.attributes.nam...

by Builder in

=SUM(COUNTIFS(F38:F800,"<"&[@Week],$D38:$D800,"<>Status1",D38:D800,"<>Status2",D38:D800,"<>Status3",D38:D800,"<>Status4"))

Could you please help me to convert above excel formula into query ?? Thanks in advance. Need to filter one date and ...

by New Member in

Can I extract a field from a subsearch by comparing two fields in both the search and subsearch?

Hello, I'm trying to extract a customer number by having two searches pull web service calls and compare one fiel...

by New Member in

How do you Insert Hour, Mins & Seconds in an extracted time?

I have a table that populates something to the effect of: Name Start Time End Time ...

by Communicator in

Change background color in Single Value Visual?

Hello, I'm trying to change the background color of a label I have created. I created the label by just running t...

by Explorer in

How to use value of a one field as field name?

Hi, I'm a Splunk beginner here. I'm not even sure if I'm using the right terms. Kindly bear with me. My input is a J...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

help to remove an empty line

Can you help me a make regular expression for input.conf on a Splunk forwarder ?

Can I tag with search?

Timechart limit 1000 results per series, can I increase this?

Can you help me plot some data on a chart's X and Y axes?

Not getting data for all day

How do you extract a new field from a source field?

Removing a subset of data from average calculation

Trying to find Inactive distribution Lists

Joining two searches on different indexes based on lookup values and return calculated values from both searches

How to set a token with eval?

How do you Join two searches based on lookup values?

Can you help me create a search for failed logons?

How to display SLA status based on SLA times defined in lookup file?

joining results from 2 different indexes where field in one of the search is extracted using rex

HI NOT "/healthCheck"

Splunk Search: Lateral Movement

Should I use Lookup or mvexpand in the following search?

Can you help me with my search query?

How do you get a description field with the output result fields?

=SUM(COUNTIFS(F38:F800,"<"&[@Week],$D38:$D800,"<>Status1",D38:D800,"<>Status2",D38:D800,"<>Status3",D38:D800,"<>Status4"))

Can I extract a field from a subsearch by comparing two fields in both the search and subsearch?

How do you Insert Hour, Mins & Seconds in an extracted time?

Change background color in Single Value Visual?

How to use value of a one field as field name?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

How to get all logs with appropriate filter?

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!