Splunk Search

Discussions

Thread Info

Splunk Answers Content Calendar May 2025!

Hello Splunk Community! Welcome to another week of fun curated content as a part of our Splunk Answers Community C...

by Community Manager in

Docker Sources

Having some issues when looking at docker hec logs. The data is showing two sources at the same time, but does not fi...

by Explorer in

Token Not Ready When Search Executes on Page Load

Hi all, I’ve got a dashboard that uses a JS script to dynamically set the $row_count_tok$ token based on screen ori...

by Communicator in

Event following another event to find if login is successful

Hi, I’m looking for query which helps me to find if login is successful or not. Unfortunately, there is no direct l...

by Explorer in

What's the relationship between api_lt/api_et and search_lt/search_et in _audit?

Are these fields mutually exclusive? I'm not sure about the relation between these four fields.

by Motivator in

How to create field values as SPL for generating commands and run these commands with map

Hi,depending on specific field values I would like to perform different actions per event in one search string wi...

by Explorer in

0 counts

Hello, with this query : index=abc| search source = "xyz"| stats count by source I can see the count of sources...

by Engager in

SUM & COUNT from a lookup table

I have a lookup table with daily records which includes: area, alarm description, date, number of bags per area and f...

by Explorer in

Extraction of a field inside Json data

Please extract User-Agent field from the below Json event . httpMessage: { [-] bytes: 2 host: rbwm-api.sony...

by Communicator in

SPL To only Pull Last Event Per Month

Looking for SPL that will give me the ID Cost by month, only grabbing the last event (_time) for that month. Sample ...

by Contributor in

Summary index or any other alternative which aligns with RBAC

Summary index or any alternative Hi, I have created a dashboard with 8 panels and time frame is last 5 minutes. Kep...

by Observer in

expand field values in single event

raw data - "attackData":{"rules":[{"data":"SCANTL=10","action":"alert","selector":"","tag":"REPUTATION","id":"REP_...

by Communicator in

Sort returning different results?

Hi, I'm attempting to write a search where I return a top 10 of a value. However, I am noticing that I return differe...

by Observer in

combining 2 searches - with dynamic urls into 1

Hello Everyone, I have 2 splunk search queries query-1 index="my_index" kubernetes_namespace="my_ns" kubern...

by Path Finder in

Admin role but getting a blank page on Tokens, Users, Roles, and other settings

I am logged in as the admin user, but whenever I try to access Tokens, Users, or other settings pages, I get a blank ...

by Engager in

Help with sending multiple $result

So I have successfully configured some reports and alerts that send the $result to Mattermost. My question is how t...

by Path Finder in

Warning when searching without results

Hello, I have a simple distributed search config on a windows host, 1 SH, 1 IDX and 1 License server. Running a se...

by Path Finder in

separate rows from columns with multivalue

I'm trying to split a pair of rows with a pair of multivalued columns. The value in both columns is related to each p...

by Contributor in

Join searches by hostname when one index has the short name and the other index has long name.

I am looking for away to join results from two indexes based on the hostname. The main index has the hostname as just...

by Path Finder in

Issue with NetFlow v9 Templates Not Received by Splunk Stream – Flows Being Dropped

Hi Splunk Community, I'm currently integrating Flowmon ndr as a NetFlow data exporter to Splunk Stream, but I’m enc...

by Explorer in

How do I import Azure NSG LOGs?

Hello there, I try to import Azure NSG flow Events. To get the data into Splunk I use the Splunk Add-on for Micros...

by Path Finder in

Combining 2 splunks and displaying count

Hello, I have 2 seperate splunks as below . One is "v1 endpoint" and other is "v2 endpoint"v1 endpoint: index="abc"...

by Explorer in

Search for triggered save searches and their actions titles and users: Need help with subsearch

I want to use the 2nd search as a subsearch only bringing back the actions. How can I do this? SEARCH| rest /servic...

by Communicator in

Need help with Basic query over splunk

Please help share query to check > network logs and firewall blocks for specific Host machine> LDAP password login fa...

by New Member in

Efficiently Expanding Multiple Multi-Value Fields Using mvexpand in Splunk

Hello Splunkers !!How can I efficiently use the mvexpand command to expand multiple multi-value fields, considering i...

by Motivator in

how to do a match field between index and summary index

How do you run a match a field ID between two indexes?without using a sub search(due to limit of 10000 results)withou...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Splunk Answers Content Calendar May 2025!

Docker Sources

Token Not Ready When Search Executes on Page Load

Event following another event to find if login is successful

What's the relationship between api_lt/api_et and search_lt/search_et in _audit?

How to create field values as SPL for generating commands and run these commands with map

0 counts

SUM & COUNT from a lookup table

Extraction of a field inside Json data

SPL To only Pull Last Event Per Month

Summary index or any other alternative which aligns with RBAC

expand field values in single event

Sort returning different results?

combining 2 searches - with dynamic urls into 1

Admin role but getting a blank page on Tokens, Users, Roles, and other settings

Help with sending multiple $result

Warning when searching without results

separate rows from columns with multivalue

Join searches by hostname when one index has the short name and the other index has long name.

Issue with NetFlow v9 Templates Not Received by Splunk Stream – Flows Being Dropped

How do I import Azure NSG LOGs?

Combining 2 splunks and displaying count

Search for triggered save searches and their actions titles and users: Need help with subsearch

Need help with Basic query over splunk

Efficiently Expanding Multiple Multi-Value Fields Using mvexpand in Splunk

how to do a match field between index and summary index

Splunk Answers Content Calendar, July Edition I

Secure Your Future: Mastering Upgrade Readiness for Splunk 10

Observability Unlocked: Kubernetes & Cloud Monitoring with Splunk IM

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions