Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
sdubey_splunk

Want to confine splunk process running on servers as required by our audit. How to achieve?

Issue: Splunk is running as unconfiged daemon ps -eZ | egrep "initrc" | egrep -vw "tr|ps|egrep|bash|awk" | tr ':' ' ...
by sdubey_splunk Splunk Employee Splunk Employee in Splunk Search 01-19-2019
0 1
0
1
vkrishnachand

i want to iterate values a field from one source type and compare each values with set of values in another field of different sourcetype

Hi I have two sourcetype A and B where sourcetype A has field A1 and sourcetype B has field B1. My base query is ...
by vkrishnachand New Member in Splunk Search 01-18-2019
0 1
0
1
hpendela

Count of values in a multi-value field

Log lines: k1=doesn't matter, k2=doesn't matter, k3=[v3, v4] k1=doesn't matter, k2=doesn't matter, k3=[v5, v4, v6] k...
by hpendela New Member in Splunk Search 01-18-2019
0 2
0
2
jpawloski

Setting several independent AND/OR conditions on single search

I'm running a search against a single index and sourcetype for events that have slightly different data. I want to se...
by jpawloski Path Finder in Splunk Search 01-18-2019
0 4
0
4
nick405060

How can I condense this data into distinct session times? [Easy-ish search question]

Data: user Source_Network_Address session_start session_end bob 10.0.0.1 ...
by nick405060 Motivator in Splunk Search 01-18-2019
0 3
0
3
ryhluc01

How do you return a table of a value by a department and then display it by how many days ago it occurred ?

I need to return a table of a value by a department and then display it by how many days ago it occurred (Very Impor...
by ryhluc01 Communicator in Splunk Search 01-18-2019
0 8
0
8
amylala

How to add an SLA line overlay in a column chart?

I want to show TP99 in a column chart, and add a line to show SLA. Here is the chart I want: But the following is ...
by amylala Explorer in Splunk Search 01-18-2019
0 7
0
7
rey123

How to sum a column's values along multiple categories, then display the summed column along with the category which contributed the largest value in that category, all in the same row?

I have the following data: A B C Pkg Area ...
by rey123 Path Finder in Splunk Search 01-18-2019
0 5
0
5
Kendo213

Search Question

I'm building out a dashboard to identify VPN issues in our environment. The issue with the search below is that thos...
by Kendo213 Communicator in Splunk Search 01-18-2019
1 1
1
1
asp82

How do you use an inputlookup to search through all event fields?

I have a one column lookup. I want to see if any of the values in the lookup appear in ANY field of my events. And I ...
by asp82 New Member in Splunk Search 01-18-2019
0 2
0
2
dhirendra761

How do you make a table based on a match between field and lookup?

Hi All, My base search has a "tags" field, which contains 10 values. Another lookupfile has the the same column tags...
by dhirendra761 Contributor in Splunk Search 01-18-2019
0 2
0
2
jl23

Can you help me find the location of a session?

I’m examining server logs where, for each session, there are several events. I’m trying to discover the country from ...
by jl23 New Member in Splunk Search 01-18-2019
0 1
0
1
nishantkumar007

What is scheduler log event status=Continued ?

We have a log of saved searches working simultaneously in our search head. Around 70% of which are resulting status= ...
by nishantkumar007 New Member in Splunk Search 01-18-2019
0 2
0
2
sclary

How can I set a conditional time range if the token date range doesn't fit my need?

I have a dashboard with 3 elements using the time input at the top to drive the search results. One of the three elem...
by sclary New Member in Splunk Search 01-18-2019
0 2
0
2
sukundur

multivalue in a sub search not working as expected.

I am trying to return multi value from a subsearch and use that value in a field (server_status) as "OUT" in the ma...
by sukundur Engager in Splunk Search 01-18-2019
0 6
0
6
nickcardenas

In a search, how would one count the number of times a value appears in a defined time segment over a longer period of time?

Hi everybody, The search I'm trying to create is to alert possible brute force attacks using WindowEventLogs. I'd...
by nickcardenas Path Finder in Splunk Search 01-18-2019
0 2
0
2
tombar62

Suche alle user mit gleicher From: Adresse

Hallo, kann ich alle user mit From=*@domain.de finden, bei denen folgende Bedingungen zutreffen *@domain.de> -> *@dom...
by tombar62 New Member in Splunk Search 01-18-2019
0 1
0
1
fengl2

can I show less characters in my result table

I have a search using the splunk table commands, but the text in one fields is too long so that I can't see the whole...
by fengl2 Explorer in Splunk Search 01-18-2019
1 2
1
2
mukesh2019

How do you extract a string from field _raw?

Hi , I am trying to extract info from the _raw result of my Splunk query. Currently my _raw result is: _raw="Servic...
by mukesh2019 Explorer in Splunk Search 01-18-2019
0 3
0
3
kcchu01

Field extraction with escaped character or control character

Hello, my user tried to feed in the CSV like log file in the Splunk and I have asked to do the field extraction. With...
by kcchu01 Explorer in Splunk Search 01-18-2019
0 2
0
2
anilyelmar

How Splunk admin can find a search executed by user which causing SearchResults - Corrupt csv header, 2 columns with the same name '__mv_Calling_Station_Identifier' (col #xx and #xxx, #xxx will be ignored)

How Splunk admin can find a search executed by user which causing SearchResults - Corrupt csv header, 2 columns with ...
by anilyelmar Explorer in Splunk Search 01-18-2019
0 2
0
2
sbhale

Link srtemp to dashboard or search

I get some occurrences of directories in srtemp which are a few hundred gigs in size. Is there a way to link those di...
by sbhale Explorer in Splunk Search 01-18-2019
2 2
2
2
johnsmithcy

"how to cancel the data source"

the host monitoring keep fetching the CPU data. I want to cancel the date source
by johnsmithcy Path Finder in Splunk Search 01-18-2019
0 7
0
7
johnsmithcy

how to cancel the monitoring job

i am new to splunk. I have created a job to monitoring localhost performance. How can I delete the monitoring job and...
by johnsmithcy Path Finder in Splunk Search 01-18-2019
0 8
0
8
tmblue

How do you create a summary chart based on usage information with cost from imported data using fields?

I'm a bit over my head, so I'm going to dive in and ask. I've searched the forums, and the tubes, and there are some ...
by tmblue Engager in Splunk Search 01-17-2019
0 2
0
2
Top Labels
Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...