Splunk Search

Discussions

Thread Info

Filter specific values from a field in main search by values from same field in subsearch

In my search I have a field (ResourceId) that contains various cloud resource values. One of these values is Instance...

by Path Finder in

Custom Search

query: |tstats count where index=new_index host=new-host source=https://itcsr.welcome.com/logs* by PREFIX(status:) ...

by Communicator in

Splunk query to retrieve logs containing empty query_string

Hello team Below are my splunk logs: {body_bytes_sent: 0bytes_sent: 0host: nice_hosthttp_content_type: -http_refe...

by Path Finder in

Example of connecting snow cmdb ci server to service

We are working to link server information to the services in the ServiceNow CMDB. We are looking for example to relat...

by Loves-to-Learn in

Transaction with start & end with the same time in _raw ?

I am trying to create a Transaction where my starting and ending 'event' have exactly the same time. In _raw the ti...

by Contributor in

Can you use now() in eval-based macros?

Is it possible to use the now() function in an macro? And if so, are there any specific limitations? <p>Example ma...

by Super Champion in

mperva WAF Security Use Cases - SEARCH QUERY

Advanced Bot Detected on Imperva WAF Backdoor Detected on Imperva WAF Bot Access Control Detected on Imperva W...

by New Member in

Need to search IP address in a list of IP/CIDR list and if matched need to return the Name associated with it.

I have a lookup table with 2 fields IP and Name IP Name ['1.2.3.4', '2.3.5.0/24'] -> name1 ['1.2.3.4',.6.7.8.9/...

by Engager in

Multiple joins cause slowness in splunk dashboard?Is any other way to make faster?

Multiple joins cause slowness in splunk dashboard?Is any other way to make faster? how can we club those joins ? ...

by Builder in

Is it possible for the submit button or checkbox required to act like submit button inside of each panel?

Hi all, I have two panels with input text and drop down boxes in each. I would like to run my search by using a s...

by Explorer in

Compare resp code count of two dates for each servername

Hi I have query that return count of different resp codes of servers for 2 days now need to find different betwe...

by Motivator in

time difference between two fields

Hi, I have two fields, where time zone seems to be different.. please could you help me to get difference ? it...

by Path Finder in

Query Result Limit

Hello What's the officall Limit of Query Results in Splunk? Is this also written somewhere on the Splunk Websit...

by Engager in

Measuring inactivity in equipment according to x y z position values

Hello I would like to make a query in which i can see how long my equipment has been inactive and when it was inactiv...

by Explorer in

How can I extract a field using rex that fulfils more than one condition?

So I want to extract the last word as a field on each search result but want to grab those that only fulfils the foll...

by Observer in

How to combine values from stats into single row?

Hi All, I am looking into using some proxy logs to determine download volume for particular streaming sites and was...

by Explorer in

EventCode Subsearch

I have an application that I am trying to monitor. There is a specific event code for when the tool is opened to mod...

by Explorer in

need for each Receiver_ID how much invoice total for 1 months span

i have log like this :2024-02-22 12:49:38:344 EST| INFO |InterfaceName=USCUSTOMERINV INVCanonicalProcess Sender_ID=Th...

by Path Finder in

Running queries not working at all

I created a standalone splunk container on openshift container platform with the help of "splunk operator for kuberne...

by Explorer in

Is there a way to keep row data together when using the stats command?

Hello, Is there a way to keep row data together when using the stats command? ID Loc FirstName LastName ...

by Builder in

How to change font size of texts inside table using dashboard xml source

Hi, I have a splunk dashboard with different panels i.e. pie chart, table etc. I need to increase the font size of te...

by Path Finder in

change the color of a column based on other column

Hi i have stats table with following

by Path Finder in

How to filter search results from query

Hi, I am looking to grab all windows events of successful NTLM logins without using Kerberos. Here is my query so far...

by Engager in

how to get the event time and _time difference in alert triggering time delay

how to show the how long alert took triggered from the time the event occurred. To calculate the "diff" in times, to ...

by Explorer in

How to use timechart span=30m to start with the exact time

Hi, My requirement is to find 30 mins result using timechart span=30m from the start time that I have mentioned. ...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Filter specific values from a field in main search by values from same field in subsearch

Custom Search

Splunk query to retrieve logs containing empty query_string

Example of connecting snow cmdb ci server to service

Transaction with start & end with the same time in _raw ?

Can you use now() in eval-based macros?

mperva WAF Security Use Cases - SEARCH QUERY

Need to search IP address in a list of IP/CIDR list and if matched need to return the Name associated with it.

Multiple joins cause slowness in splunk dashboard?Is any other way to make faster?

Is it possible for the submit button or checkbox required to act like submit button inside of each panel?

Compare resp code count of two dates for each servername

time difference between two fields

Query Result Limit

Measuring inactivity in equipment according to x y z position values

How can I extract a field using rex that fulfils more than one condition?

How to combine values from stats into single row?

EventCode Subsearch

need for each Receiver_ID how much invoice total for 1 months span

Running queries not working at all

Is there a way to keep row data together when using the stats command?

How to change font size of texts inside table using dashboard xml source

change the color of a column based on other column

How to filter search results from query

how to get the event time and _time difference in alert triggering time delay

How to use timechart span=30m to start with the exact time

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions