Splunk Search

Discussions

Thread Info

Add associated domain to values of dest_ip

I have a query that gets a list of destination ips per source ip. I also want to add a column for the associated doma...

by Explorer in

How to get events that have only a starting 'string' with no ending 'string' ?

What I am trying to write is some SPL code that will identify log events that only have a "Starting" event with no "C...

by Contributor in

Extract date and time

Hello Team, I need help in extracting the following date and time from the log,sample log: -0900, 04.25.01 THU 22FE...

by Path Finder in

Graph the difference between the totals of 2 search calculations

Dear SPLUNKos I need to create a time chart as per the belowRun one “grand total” searchRun second search which is...

by New Member in

Not getting results to lookup command

Hi,Need your assistance belowWe have created new csv lookup and we are using the below query but we are getting all ...

by Path Finder in

New install- why doesn't search work?

I have installed my first splunk enterprise on a linux server and installed forwarders on windows workstations using ...

by Loves-to-Learn Lots in

Need to create a pie chart out of a table

Hi All, I have got logs like below: Log1: </tr> <tr> <td >Apple</td> <td >59</td> <td >7</td> Log2: </tr>...

by Contributor in

how to pass the time range to input text fields for search data, when i select the time range through input=time

if select 24 hours in time filter, is there any automatic way to pass the 24hrs time rage to start date and end date?...

by Loves-to-Learn in

How to get sum of all columns into a new column?

Hi I need to do a sum of all columns into new column EVNT COL1 COL2 COL3 SUM 1 22 22 22 66 2 ...

by Explorer in

Passing lookup value to search

I have users.csv as a lookup file with almost 20K users. I'm writing a query for authentication events for a specifi...

by Engager in

Extract and/or add numbers from a string

I have string field: provTimes: a=10; b=15; c=10; it basically has semicolon separated sub-fields in the value. E...

by New Member in

Converting Splunk Curl API to Windows Powershell

I have a working script that allows me to retrieve the job ID of a search in Splunk. This is working in Windows usin...

by Path Finder in

Log alerts - Alert that tell when a log source stops sending logs to Splunk

I'm trying to build an alert that looks at the number of logs from the past three days and then compares it to the nu...

by Explorer in

regroup similar url without using tons of regex

Hi, Is there a way to regroup similar values without defining tons of regex. Let say I do a search that return url...

by New Member in

Get the 10 recent events for each host.

I am trying to write a search that will pull the 10 (or so) most recent events for each host. The tail and head comma...

by Explorer in

complex stats to trigger on count of events

I have this rule, I need it to trigger when results / count of events is greater than 4 but the "Trigger Condition" d...

by Explorer in

How to search all fields from a lookup CSV file in index event log

Hello Splunk members! I have a CSV Lookup file with 2 columns ClientNameHWDetSystem BD-K-027EY VMware I h...

by Explorer in

How to display specific timezone in table results instead of user preference timezone?

I spent a fair amount of time perusing Google and Splunk Answers but couldn't seem to find a solution that made sense...

by Communicator in

Need to convert only MB values to GB leaving GB values as it is.

Hi All, I have logs like below in splunk: Log1: Tue Feb 25 04:00:20 2024 EST 10G 59M 1% /apps Log2: Tue F...

by Contributor in

Issues with event parsing using prop configuration file

Hello, I have some issues with parsing events and a few sample events are given below: {"eventVer":"2.56", "userI...

by Motivator in

Trimming the value of a savedsearch parameter within the savedsearch

I have a saved "MySearch" that takes a parameter "INPUT_SessionId", something like this: index=foo| ... some stuff|...

by Engager in

How to add space on a text on a single value panel?

Hello,How to add space on a text on a single value? Thank you for your helpAdding spaces did not have any affect....

by Motivator in

How to exclude string keyword in same field while using transaction command?

Thanks in Advance. In my scenario i want to club the the result using correlationID .so i used transaction command ...

by Builder in

Sum of the field based on the other field values

Hi Team,how to Sum of the field based on the other field values.Row1 field values will be 0-9 and a-z.Sample one give...

by Path Finder in

SPL: Longest common substring

Hello everyone, I am looking for a SPL-solution to determine how long the longest common substring of two strings i...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Add associated domain to values of dest_ip

How to get events that have only a starting 'string' with no ending 'string' ?

Extract date and time

Graph the difference between the totals of 2 search calculations

Not getting results to lookup command

New install- why doesn't search work?

Need to create a pie chart out of a table

how to pass the time range to input text fields for search data, when i select the time range through input=time

How to get sum of all columns into a new column?

Passing lookup value to search

Extract and/or add numbers from a string

Converting Splunk Curl API to Windows Powershell

Log alerts - Alert that tell when a log source stops sending logs to Splunk

regroup similar url without using tons of regex

Get the 10 recent events for each host.

complex stats to trigger on count of events

How to search all fields from a lookup CSV file in index event log

How to display specific timezone in table results instead of user preference timezone?

Need to convert only MB values to GB leaving GB values as it is.

Issues with event parsing using prop configuration file

Trimming the value of a savedsearch parameter within the savedsearch

How to add space on a text on a single value panel?

How to exclude string keyword in same field while using transaction command?

Sum of the field based on the other field values

SPL: Longest common substring

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions