Splunk Search

Ask a Question

Discussions

Thread Info

Trick : alert even if no result

Hello guys, found out we can set up triggered alert if "greater than or equal to 0", had to use additional stats co...

by Motivator in

I am not able to open a ticket from you submit ticket option its giving 404

support ticket I want to open but I am getting this,

by Observer in

Certain extracted fields not showing in Fields Sidebar on one SH, but is on another SH.

Hello, I have a problem where fields are not showing on the Field Sidebar when i run a search against certain index...

by Path Finder in

Another Join Question - Searches With Matching sourcetype but Different index

I have read through almost every Join label topic on the Splunk Community page and I don't seem to see one that fits ...

by Path Finder in

Execute a Search if the condition is met else not

Hi Splunkers, I am writing on SPL in the report which has lookup. And if the lookup has less number of rows the...

by Explorer in

How to compare two fields from two different index and display results with match or No-match?

I am running 2 different Index and have to compare each value in field 1 from 1st index with the values in field2 fro...

by Loves-to-Learn Lots in

Is there a REGEX character limit on field replacement in transforms.conf?

I have data that is in json format but I only want to keep the value of the MESSAGE field from it. I created a transf...

by Path Finder in

Is there a way to format a string when it's used to fillnull?

I have created a dashboard that is monitoring the number of events received at corporate to the number of events repo...

by Path Finder in

How to match string and apply stats count on a stats count table

I have a requirement to fetch stats count from raw data logs. Sharing you the query and results. Query : index="bw6...

by Communicator in

Extract two different values and set it to _time in props/transforms

this is how my xml events look like: <AttackCoords>-80.33100097073213,25.10742916222947</AttackCoords> <Out...

by Communicator in

EVAL Command Help

Hello Splunkers, I am trying to write is a condition that says if command starts with "CHA" or "INS" add one. The...

by Communicator in

compare row by row values

Hi All, i'm trying to compare row values . my table is like App label env ...

by Communicator in

Verify if users are in an Active Directory group

Hi all, I have been trying to create a search which compares results from an index with results from an ldap search...

by Communicator in

Simple attacks detected by Fortigate

Hi there,I'm pretty new to Splunk, but have got a fortigate set up to send all logs to Splunk.Simply looking to find ...

by Explorer in

ASA searching for current open connections that have been Built but with no teardown

Hello, I'm pretty new to SPLUNK and I'm looking for help trying to find ASA open connections between two endpoints....

by Path Finder in

result of makemv not as expected

With this search index=useradmin sourcetype=role_capabilities| eval capabilities=replace(capabilities,"\s",",")| ma...

by Contributor in

Concatenation of records between two keywords ?

Hello. It is not a question, it is a use case that I don't arrive to resolve. The situation : a log file on rem...

by Explorer in

Display row, even when count over value is zero

I have the following search: index=aa sourcetype="bb" Service="/abc" OR Service="/mno" OR Service="/xyz" | chart co...

by Explorer in

How to replace join from the below query?

index=105261-cli sourcetype=show_system_resources| dedup deviceId| eval nexus_percent_used=round(100*memory_used/memo...

by Engager in

Trying to take a value from one search and place it in another search

I have a search that runs with no issues-ComputerName=CompName* (event_simpleName=*written* OR event_simpleName=Direc...

by Path Finder in

Evaluate multiple events as one

Hi everyone, I have a data set such as:Log1: EventId + EventType1 Log 2: EventId + EventType2 Log 3: EventId +...

by Observer in

How to filter out few data showing up from my search string while setting a alert notification on triggering condition

Hello team, My search string is as below: index=qrp STAGE IN ("*_RAW", T_FEED_MESSAGES) | stats sum(TRADES) as "...

by Explorer in

Join field form inputlookup failed

Hi, I am getting crazy with a simply JOIN statement to use Tenable data in Splunk. The goal is to enrich the KV sto...

by Explorer in

Query to delete multiple row in kvtable or csv table using splunk query

I have kv lookup table named bingo_kv_table. There are multiple rows having same hosts along with other hosts. I wan...

by Explorer in

Number of aggregated events per username in a time window

I am trying to monitor for higher than threshold number of events per user. Alert is run once in an hour and I ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Trick : alert even if no result

I am not able to open a ticket from you submit ticket option its giving 404

Certain extracted fields not showing in Fields Sidebar on one SH, but is on another SH.

Another Join Question - Searches With Matching sourcetype but Different index

Execute a Search if the condition is met else not

How to compare two fields from two different index and display results with match or No-match?

Is there a REGEX character limit on field replacement in transforms.conf?

Is there a way to format a string when it's used to fillnull?

How to match string and apply stats count on a stats count table

Extract two different values and set it to _time in props/transforms

EVAL Command Help

compare row by row values

Verify if users are in an Active Directory group

Simple attacks detected by Fortigate

ASA searching for current open connections that have been Built but with no teardown

result of makemv not as expected

Concatenation of records between two keywords ?

Display row, even when count over value is zero

How to replace join from the below query?

Trying to take a value from one search and place it in another search

Evaluate multiple events as one

How to filter out few data showing up from my search string while setting a alert notification on triggering condition

Join field form inputlookup failed

Query to delete multiple row in kvtable or csv table using splunk query

Number of aggregated events per username in a time window

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Splunk App Dev Community Updates – What’s New and What’s Next

The Latest Cisco Integrations With Splunk Platform!

MLTK - What algorithm should I use?

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions