Splunk Search

Discussions

Thread Info

where like command in splunk

i have all the below messages in the "response" field.{"errors": ["Message: Payment failed. Reason: Hi, we attempted ...

by Loves-to-Learn Lots in

Collecting iPad Logs

Hello Splunkers! Is there a way to collect iPad logs? I saw the Mint iOS SDK documentation, but I don't find it cle...

by Engager in

Using a lookup table to store regex patterns to be used in a search

Is it possible to store regex patterns in a lookup table so that it can be used in a search? For example lets say I...

by Path Finder in

Extraction of value from nested multivalue field

Hi All,I have a multivalue field that contains nested key value pair with key named as "Key" and Value named as "Valu...

by Path Finder in

Splunk Message : Search has been terminated. This is most likely due to an out of memory condition

Hello Everyone,I'm attempting to search for queries in Splunk Free Edition. However, it worked well for some time, an...

by New Member in

Fetch the details

We are trying to create a dashboard to understand the usage of our application version something like shown below A...

by Explorer in

how to route the data based on event filed

Hi, I'm running a test setup with some live kubernetes data and I want to do the following indexer: 1) Route all ...

by Loves-to-Learn Lots in

Monitor log file inside zip file

Hi All, There are 50 zip files in a folder in those zip folders there are many other files- log/txt/png, out of...

by Path Finder in

Combine results from multiple queries

I am new to splunk queries and was trying to combine results from multiple queries without using subsearches due to i...

by Engager in

How to find a difference of a column field by date

Namepercdatexxx9028-Dec-23yyy9128-Dec-23zzz9228-Dec-23xxx9629-Dec-23yyy9729-Dec-23zzz9829-Dec-23 i want to calc...

by New Member in

Regex: regular expression is too large

Hi Team/Community, I'm having an issue with a lookup file. I have a csv with two columns, 1st is named ioc and seco...

by Explorer in

Search for Upload Activity to Unique Domains

Hi all, I am trying to put together a search and stats table for users in our environment who have uploaded data to...

by Engager in

Expression for custom lookup table values

Hi All, This may be a bit of a peculiar question, but I'm trying to figure out if there's a way to use a certain ex...

by Engager in

Update output count as percent

I am trying to generate a list of the percentages of response codes by resultCode by app. A simplified version of ev...

by Explorer in

Index time

hi, how can I change the scheduled index time of a data source?

by Explorer in

LINE_BREAKER in json files

Hello, Line breaker in my props configuration for the json formatted file is not working, it's not breaking the js...

by Motivator in

How to compare 2 different Fields between 2 lookups and output must be missing items

Lookup 1 : Contains fields such as AssetName FQDN and IP AddressLookup 2 : Contains fields such as Host Index and...

by Explorer in

Track Changes to a field

Hello guysI need some help with making a table/dashboard that shows me changes to incidents in our Defender platform....

by Engager in

What am I doing wrong with this case function???

I have tried to use the following eval to pretty up the return of a field but the result is always test. I have trie...

by Path Finder in

Unable to get botsv1 in search result

Hi, I have a botsv1 dataset uploaded in Splunk simulated environment. But when I search "index=botsv1" , it returns...

by Explorer in

Convert Epoch Time to a different timezone using SPL

I have the follow time: EPOCH HUMAN READABLE 170363091912/26/2023 19:48:39 I would like to convert the EPOCH to...

by Communicator in

Unable to get the lookup values on the search queries

Hi Team, Need your assistant for below We have created new csv lookup and we are using the below query but w...

by Path Finder in

Compare fields without wildcards

Hello everyone, I'm a beginner in using Splunk. I'm facing an issue in finding a search solution for the following id...

by Explorer in

Escape literal $ at FORMAT of transforms.conf

Hi, I have the following transforms.conf: [REPLACEMENT_COST] CLEAN_KEYS = 0 FORMAT = $1"REPLACEMENT_COST2":...

by Loves-to-Learn in

Search queries

Hi, I need help generating search queries using SPL, especially in my new role as a SOC Analyst. I would like to kn...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

where like command in splunk

Collecting iPad Logs

Using a lookup table to store regex patterns to be used in a search

Extraction of value from nested multivalue field

Splunk Message : Search has been terminated. This is most likely due to an out of memory condition

Fetch the details

how to route the data based on event filed

Monitor log file inside zip file

Combine results from multiple queries

How to find a difference of a column field by date

Regex: regular expression is too large

Search for Upload Activity to Unique Domains

Expression for custom lookup table values

Update output count as percent

Index time

LINE_BREAKER in json files

How to compare 2 different Fields between 2 lookups and output must be missing items

Track Changes to a field

What am I doing wrong with this case function???

Unable to get botsv1 in search result

Convert Epoch Time to a different timezone using SPL

Unable to get the lookup values on the search queries

Compare fields without wildcards

Escape literal $ at FORMAT of transforms.conf

Search queries

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

Splunk Community Badges!

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

Search for triggered save searches and their actio...

Splunk Search

Are you a member of the Splunk Community?

Discussions