Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
khyoung7410

Field extract NOT search.

Hi My data format is as follows. A=123456789 Field was extracted for every three digits from field A. My field extra...
by khyoung7410 Communicator in Splunk Search 01-20-2019
0 2
0
2
hok2010

subsearch for failed login

hi guys i wanted to search for a list of failed login attempts by privileged users from existing successful logons (E...
by hok2010 New Member in Splunk Search 01-19-2019
0 1
0
1
tmblue

Trying to get month over month with detail.

My current working and pretty one is this: |eval Owner=ProductName | stats sum(Cost) as Total by TimePeriod, Owne...
by tmblue Engager in Splunk Search 01-19-2019
0 6
0
6
jaj

How to specify a particular aggregate value in query for Single Value Visualization Chart?

how do i specify a particular value to be displayed in single value visualization chart? i only want the totalCount (...
by jaj Path Finder in Splunk Search 01-19-2019
0 6
0
6
coleman07

When do you put a | (pipe) as the first character in a search

I have noticed several search commands which are preceded by a pipe character with no input left of the pipe. For exa...
by coleman07 Path Finder in Splunk Search 01-19-2019
2 5
2
5
sdubey_splunk

Want to confine splunk process running on servers as required by our audit. How to achieve?

Issue: Splunk is running as unconfiged daemon ps -eZ | egrep "initrc" | egrep -vw "tr|ps|egrep|bash|awk" | tr ':' ' ...
by sdubey_splunk Splunk Employee Splunk Employee in Splunk Search 01-19-2019
0 1
0
1
vkrishnachand

i want to iterate values a field from one source type and compare each values with set of values in another field of different sourcetype

Hi I have two sourcetype A and B where sourcetype A has field A1 and sourcetype B has field B1. My base query is ...
by vkrishnachand New Member in Splunk Search 01-18-2019
0 1
0
1
hpendela

Count of values in a multi-value field

Log lines: k1=doesn't matter, k2=doesn't matter, k3=[v3, v4] k1=doesn't matter, k2=doesn't matter, k3=[v5, v4, v6] k...
by hpendela New Member in Splunk Search 01-18-2019
0 2
0
2
jpawloski

Setting several independent AND/OR conditions on single search

I'm running a search against a single index and sourcetype for events that have slightly different data. I want to se...
by jpawloski Path Finder in Splunk Search 01-18-2019
0 4
0
4
nick405060

How can I condense this data into distinct session times? [Easy-ish search question]

Data: user Source_Network_Address session_start session_end bob 10.0.0.1 ...
by nick405060 Motivator in Splunk Search 01-18-2019
0 3
0
3
ryhluc01

How do you return a table of a value by a department and then display it by how many days ago it occurred ?

I need to return a table of a value by a department and then display it by how many days ago it occurred (Very Impor...
by ryhluc01 Communicator in Splunk Search 01-18-2019
0 8
0
8
amylala

How to add an SLA line overlay in a column chart?

I want to show TP99 in a column chart, and add a line to show SLA. Here is the chart I want: But the following is ...
by amylala Explorer in Splunk Search 01-18-2019
0 7
0
7
rey123

How to sum a column's values along multiple categories, then display the summed column along with the category which contributed the largest value in that category, all in the same row?

I have the following data: A B C Pkg Area ...
by rey123 Path Finder in Splunk Search 01-18-2019
0 5
0
5
Kendo213

Search Question

I'm building out a dashboard to identify VPN issues in our environment. The issue with the search below is that thos...
by Kendo213 Communicator in Splunk Search 01-18-2019
1 1
1
1
asp82

How do you use an inputlookup to search through all event fields?

I have a one column lookup. I want to see if any of the values in the lookup appear in ANY field of my events. And I ...
by asp82 New Member in Splunk Search 01-18-2019
0 2
0
2
dhirendra761

How do you make a table based on a match between field and lookup?

Hi All, My base search has a "tags" field, which contains 10 values. Another lookupfile has the the same column tags...
by dhirendra761 Contributor in Splunk Search 01-18-2019
0 2
0
2
jl23

Can you help me find the location of a session?

I’m examining server logs where, for each session, there are several events. I’m trying to discover the country from ...
by jl23 New Member in Splunk Search 01-18-2019
0 1
0
1
nishantkumar007

What is scheduler log event status=Continued ?

We have a log of saved searches working simultaneously in our search head. Around 70% of which are resulting status= ...
by nishantkumar007 New Member in Splunk Search 01-18-2019
0 2
0
2
sclary

How can I set a conditional time range if the token date range doesn't fit my need?

I have a dashboard with 3 elements using the time input at the top to drive the search results. One of the three elem...
by sclary New Member in Splunk Search 01-18-2019
0 2
0
2
sukundur

multivalue in a sub search not working as expected.

I am trying to return multi value from a subsearch and use that value in a field (server_status) as "OUT" in the ma...
by sukundur Engager in Splunk Search 01-18-2019
0 6
0
6
nickcardenas

In a search, how would one count the number of times a value appears in a defined time segment over a longer period of time?

Hi everybody, The search I'm trying to create is to alert possible brute force attacks using WindowEventLogs. I'd...
by nickcardenas Path Finder in Splunk Search 01-18-2019
0 2
0
2
tombar62

Suche alle user mit gleicher From: Adresse

Hallo, kann ich alle user mit From=*@domain.de finden, bei denen folgende Bedingungen zutreffen *@domain.de> -> *@dom...
by tombar62 New Member in Splunk Search 01-18-2019
0 1
0
1
fengl2

can I show less characters in my result table

I have a search using the splunk table commands, but the text in one fields is too long so that I can't see the whole...
by fengl2 Explorer in Splunk Search 01-18-2019
1 2
1
2
mukesh2019

How do you extract a string from field _raw?

Hi , I am trying to extract info from the _raw result of my Splunk query. Currently my _raw result is: _raw="Servic...
by mukesh2019 Explorer in Splunk Search 01-18-2019
0 3
0
3
kcchu01

Field extraction with escaped character or control character

Hello, my user tried to feed in the CSV like log file in the Splunk and I have asked to do the field extraction. With...
by kcchu01 Explorer in Splunk Search 01-18-2019
0 2
0
2
Top Labels
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...