Splunk Search

Discussions

Thread Info

How to find empty indexes in Splunk Cloud?

I'm trying to create an alert that looks through a given list of indexes and triggers an alert for each index showing...

by Explorer in

Time comparison different results in search and dashboar

Dear experts Why is the following line | where my_time>=relative_time(now(),"-1d@d") AND my_time<=relativ...

by Path Finder in

How to compare events from two sourcetypes in the same index without using join

I am trying to track file transfers from one location to another. Flow: Files are copied to File copy location -> ...

by Path Finder in

How to generate a regular expression on a URL to capture a resource path and end on a optional parameter?

Hi all, I am looking for some help for the following use case. I have a series of endpoints represented by full U...

by Path Finder in

How to write a search to find if a field contains a valid IPv4 or IPv6 address?

Hi all, as a splunk newbie I'm not sure what direction to go with the following. Basically I have two Interesting fie...

by Path Finder in

How to extract ip address using regex?

index="testd" | rex field=_raw "Remote host:(?.*):" |dedup Remotehost |stats count by Remotehost My events: Rem...

by Builder in

Upgrade to 5.x, some of my existing searches are taking longer to return results. Not as many scheduled searches are running on time. Could fetch_remote_search_log setting be a factor?

After upgrading to 5.x, I noticed that some of my searches are taking a longer time to return results than prior. Sea...

by Splunk Employee in

How to send hard coded message as an email from Splunk

Hi Everyone, I need to send a hard coded message to the users just before every daylight savings of the year saying...

by Explorer in

Concatenating values from one field

How can we concatenate values from one field and put it in a new variable with commas. e.g If I run a search , I ge...

by Engager in

eval in stats with max

Hi at all, I have a data structure like the following: title1 title2 title3 title4 value ...

by SplunkTrust in

timechart count and stats count are not matching

I am using same index for both stats disctinctcount and timechart distinctcount. But the results from timechart is al...

by Communicator in

Account locked

there is a user lets say ABC and I want to check why his AD account is locked .

by Explorer in

Fuzzy Match Between Two LARGE Lookups

Hello, We have a lookup csv file: 1 million records (data1); and a kvstore: 3 million records (data2). We need to c...

by Builder in

How to get time from two different sourcetypes

I am trying to track file transfers from one location to another. Flow: Files are copied to File copy location -> ...

by Path Finder in

get the values in each line

Hi i have a below query where I'm calculating the total prod server count in first dataset and in second dataset I'm ...

by Explorer in

Need help on Regex for a field

Hello, I am just trying to do a regex to split a single field into two new fields. The original field is: alert....

by Path Finder in

Splunk table query

I've piped a Splunk log query extract into a table showing disconnected and connected log entries sorted by time. N...

by Loves-to-Learn Lots in

Combine two table searches into 1 to compare the results, but one has an inputlookup for inventory and the other is sear

I currently have 2 different tables where the first one shows the number of firewalls each location has (WorkDay_Loca...

by New Member in

want to add extra details to the number display

Would anyone be able to help me on one more thing please !!! I have a Number display dashboard which represent the...

by Path Finder in

Regex matching in a Splunk search query that involves a lookup table

I have created a lookup table in Splunk that contains a column with various regex patterns intended to match file pat...

by Loves-to-Learn in

Want to ignore some fields

Hi Team, In below query I don't want to show up the result as "Up" in state_to field, I just want to see data wit...

by Path Finder in

Intermittent log data ingestion with Packetbeat JSON file

Hello, I am experiencing intermittent log ingestion issues on some servers and have observed potential queue satur...

by New Member in

How to replace Join to search large data sets

I've been working on a search that I *finally* managed to get working that would look for events generated by a provi...

by Path Finder in

How to search and monitor Splunk user logins that are using LDAP based authentication?

I have been going through several answers about how to get and track user logons and logoffs. Tried many of the searc...

by Communicator in

data and lookup field problem

Hi All i have a csv look up with below data Event_Code AUB01 AUB36 BUA12 i want to match it with a ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to find empty indexes in Splunk Cloud?

Time comparison different results in search and dashboar

How to compare events from two sourcetypes in the same index without using join

How to generate a regular expression on a URL to capture a resource path and end on a optional parameter?

How to write a search to find if a field contains a valid IPv4 or IPv6 address?

How to extract ip address using regex?

Upgrade to 5.x, some of my existing searches are taking longer to return results. Not as many scheduled searches are running on time. Could fetch_remote_search_log setting be a factor?

How to send hard coded message as an email from Splunk

Concatenating values from one field

eval in stats with max

timechart count and stats count are not matching

Account locked

Fuzzy Match Between Two LARGE Lookups

How to get time from two different sourcetypes

get the values in each line

Need help on Regex for a field

Splunk table query

Combine two table searches into 1 to compare the results, but one has an inputlookup for inventory and the other is sear

want to add extra details to the number display

Regex matching in a Splunk search query that involves a lookup table

Want to ignore some fields

Intermittent log data ingestion with Packetbeat JSON file

How to replace Join to search large data sets

How to search and monitor Splunk user logins that are using LDAP based authentication?

data and lookup field problem

Observability Release Update: AI Assistant, AppD + Observability Cloud Integrations & ...

Stay Connected: Your Guide to February Tech Talks, Office Hours, and Webinars!

Preparing your Splunk Environment for OpenSSL3

How to change span alignment

Replicating the Output of a Field Popup/Bubble?

tstats with | search()

Search for triggered save searches and their actio...

MLTKC error for 'Functional' object has no attribu...