Splunk Search

Discussions

Thread Info

One-Table Combining Different Search Results in Real-Time

My end goal is to show events in one table coming from multiple searches in real time. They all have the same fields....

by Path Finder in

How to display comparison between previous week with current week in Single Value with trendline

Hi, I have a query which should ideally give me results for the Last week and the current week Request count. i...

by Communicator in

subsearch or lookup from search results

Morning all, In short I need to be able to run a CSV lookup search against all my Splunk logs to find all Session...

by New Member in

Trouble with UTC time

I have some search results that return values in the format %Y-%m-%d %H:%M:%S. For example: ...some search... | ta...

by Path Finder in

In real-time alert, if I use lookup command, too many alerts triggered.

Splunk ver 7.1.1 I'm using real-time alert that trigger when there is event which has src_ip match black_list.csv ...

by Builder in

how to know the search history by user, but only the searches you type

Sorry for the inconvenience, but I'm looking for a query that only shows the searches typed by users, because when I ...

by Path Finder in

Replace a column with diagonal value in a table

host time timediff a 12:00 END a 11:55 1 a 11:50 1 I want to replace the "END" in timediff with the below value: t...

by Explorer in

Adding a date to a string Message

I am trying to create an error message based on a time frame, the last 15 min. and now. So the error message would sa...

by Path Finder in

count(var) by "a list of values within a field"

First of all, sorry, if I am missing something really obvious here but after hours of googling I am still stuck with ...

by New Member in

How to write a regex for string followed by number?

Below are my 3 logs, i want to write a query, to get all the below 3 logs: **EXT_CODE*[0-9]** with 1/2/3 digit fol...

by Explorer in

How to find the RequestPerSec by Country using ClientIP adddress ?

Hi I have a query which would list me avg, max & P95 requestpersec for the selected time range index=test cl...

by Communicator in

How to use a lookup table to identify new open ports based on source IP

I have NMAP data in Splunk that reports on open ports associated with a list of IP addresses. I'd like to create a lo...

by New Member in

Need to create a Dashboard which can select multiple fields based on user selection of checkbox/ radio button.

Hi all, I Need to create a Dashboard which can select multiple extracted fields based on user selection of checkbo...

by Explorer in

How do I combine storage statistics of indexes with the index, sourcetype, and host?

I can use a rest search from the services/data/indexesendpoint to calculate storage statistics, like the index size i...

by Path Finder in

Advanced documentation for field extraction/transformation?

I'm trying to make sense of the default access-extractions transform so that I can modify it a bit. I've been nosing ...

by Engager in

Need help understanding how Transform "access-extractions" works

Hi to all that read this, Hoping one of you might be able to provide some assistance. We have an app that is produ...

by Path Finder in

After upgrading to 7.0.x searches, using NOT host= filters gives no results

After upgrade to 7.0.x searches using NOT host= filters are giving no results with the warning in the job inspector a...

by Influencer in

How can I visualize "table _raw" in the same format as the search result for the raw events in default Splunk search screen ?

When I search for my events by giving index=myindex, I get my data in the proper format. But when i try to print it o...

by Path Finder in

Failed to reap - because of directory not empty

We have a lot of theese errors in splunked.log, I have searched a lot to find an solution but to no success. ERROR...

by New Member in

Is it possible to do a conditional stats values command

A common usecase I run into is I want to join two sources of data together only if fields meet certain criteria. The ...

by Splunk Employee in

check if stringa in stingb

how can i make a case condition to check if StingA is in StringB? for example StingA is "xxx.com." StingB is: "a.x...

by Loves-to-Learn in

Back end query to pull the active searches running in Search Head

I want to check what are the searches which are running currently or which are finalizing or which is done via our ba...

by Path Finder in

Help on complex request in order to improve the performances

Hello I need help on a complex request with different indexes and with a "primary key" (host which is the name of ...

by Motivator in

Hide a column based on search criteria

I want to hide a column based on some search. I have three columns. Host, Value , Unit If(host=abc) then hide ...

by Path Finder in

Can someone help me with regex to remove HTML tags from fields?

Hello, Could someone please help me with removing the HTML tags from fields. The data is a few sentences, such ...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

One-Table Combining Different Search Results in Real-Time

How to display comparison between previous week with current week in Single Value with trendline

subsearch or lookup from search results

Trouble with UTC time

In real-time alert, if I use lookup command, too many alerts triggered.

how to know the search history by user, but only the searches you type

Replace a column with diagonal value in a table

Adding a date to a string Message

count(var) by "a list of values within a field"

How to write a regex for string followed by number?

How to find the RequestPerSec by Country using ClientIP adddress ?

How to use a lookup table to identify new open ports based on source IP

Need to create a Dashboard which can select multiple fields based on user selection of checkbox/ radio button.

How do I combine storage statistics of indexes with the index, sourcetype, and host?

Advanced documentation for field extraction/transformation?

Need help understanding how Transform "access-extractions" works

After upgrading to 7.0.x searches, using NOT host= filters gives no results

How can I visualize "table _raw" in the same format as the search result for the raw events in default Splunk search screen ?

Failed to reap - because of directory not empty

Is it possible to do a conditional stats values command

check if stringa in stingb

Back end query to pull the active searches running in Search Head

Help on complex request in order to improve the performances

Hide a column based on search criteria

Can someone help me with regex to remove HTML tags from fields?

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

Wrapping Up Cybersecurity Awareness Month

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions