Splunk Search

Ask a Question

Discussions

Thread Info

How do I import Azure NSG LOGs?

Hello there, I try to import Azure NSG flow Events. To get the data into Splunk I use the Splunk Add-on for Micros...

by Path Finder in

Combining 2 splunks and displaying count

Hello, I have 2 seperate splunks as below . One is "v1 endpoint" and other is "v2 endpoint"v1 endpoint: index="abc"...

by Explorer in

Search for triggered save searches and their actions titles and users: Need help with subsearch

I want to use the 2nd search as a subsearch only bringing back the actions. How can I do this? SEARCH| rest /servic...

by Communicator in

Need help with Basic query over splunk

Please help share query to check > network logs and firewall blocks for specific Host machine> LDAP password login fa...

by New Member in

Efficiently Expanding Multiple Multi-Value Fields Using mvexpand in Splunk

Hello Splunkers !!How can I efficiently use the mvexpand command to expand multiple multi-value fields, considering i...

by Motivator in

how to do a match field between index and summary index

How do you run a match a field ID between two indexes?without using a sub search(due to limit of 10000 results)withou...

by Communicator in

create report if price values are different

this is my log i need a report like below: where I can see price difference in a single report. I don't...

by Path Finder in

How can I remove latitude and longitude values while hovering over map and instead display the address of location on the map?

I am using Splunk Cloud 6.5.0 version. How can i remove latitude and longitude values while hovering over map and dis...

by New Member in

Autoformat and search results similar to "48a4.93b9.xxxx OR 48:a4:93:b9:xx:xx OR 48-a4-93-b9-xx-xx"

Hello. This search returns zero results, but a manual "OR" search shows results. I cannot find the reason (neither ...

by Explorer in

what is wrong with these evals....

Hi, I have this search query where i aggregate using the stats and sum by few fields... When I run the query in spl...

by Path Finder in

Can I set up a PS4 Game Session Timer and Notification?

Hi I want to know how long and when either of two games are being played on the PS4 or a laptop and be notified vi...

by Observer in

make a table for a csv

Hi my data is comma delimited , there are 2 rows with a header. I'fd like the columns to be split by the comma int...

by Loves-to-Learn in

Data not showing on map

Hello, I have lookup file uploaded and now I want to see the data, I am not able to see it on map , I can see the det...

by Explorer in

How to modify a dashboard

Hi, i'm searching for a way to modify my app/dashboard to be able to modify the entries of a table (such as delete/du...

by Explorer in

Fields from lookup with Join missing

I have a query that detects missing systems. the lookup table has fields System, Location, responsible.I am trying t...

by Explorer in

Is there a way to be more efficient in writing this query - Regex/Wildcard/Substitution question

I have the below query I've written - I am used to SQL, SPL is still new to me. I feel like there has to be some way ...

by New Member in

Issue with Dropping Events via props.conf and transforms.conf

Hi Splunk Community, We’re currently trying to drop specific logs using props.conf and transforms.conf, but our con...

by Engager in

support for fill-forward or "last observation carried forward"

Does splunk support fill-forward or "last observation carried forward".I want to create a daily based monitoring.One ...

by Explorer in

There is a way to send some fileds of an alert to a kvs lookup?

Hi, this is my first interaction with Splunk Community so be patient please  I'm trying to output some fields fr...

by Explorer in

Need a query to find count of substring within string

I need a query that will tell me the count of a substring within a string like this ... "This is my [string]" and I...

by New Member in

Events with duplicate field extractions

Good afternoon, I have a monitoring architecture with three nodes with the Splunk Enterprise product. One node acts...

by Explorer in

URL aggregation in splunk query

Hello Everyone, Below is my splunk query: index="my_index" uri="*/experience/*" | stats count as hits by uri ...

by Path Finder in

Find searches that reference indexes that no longer exist

Hi, I'm trying to clean up an old splunk cloud instance. one thought that occurred to me is find scheduled searches...

by Engager in

Skipped search error on CMC | The maximum number of concurrent running jobs.....on this cluster has been reached

Hi Team, I have been observing 1 skipped search error indicating on my CMC. Error is -"The maximum number of concur...

by Explorer in

need demo of PKI Spotlight Add-on for Splunk

by New Member in

Get Updates on the Splunk Community!

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Your Next Big Security Credential: No Prerequisites Needed We know you’ve got the skills, and now, earning the ...

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...

Splunk Search

Discussions

How do I import Azure NSG LOGs?

Combining 2 splunks and displaying count

Search for triggered save searches and their actions titles and users: Need help with subsearch

Need help with Basic query over splunk

Efficiently Expanding Multiple Multi-Value Fields Using mvexpand in Splunk

how to do a match field between index and summary index

create report if price values are different

How can I remove latitude and longitude values while hovering over map and instead display the address of location on the map?

Autoformat and search results similar to "48a4.93b9.xxxx OR 48:a4:93:b9:xx:xx OR 48-a4-93-b9-xx-xx"

what is wrong with these evals....

Can I set up a PS4 Game Session Timer and Notification?

make a table for a csv

Data not showing on map

How to modify a dashboard

Fields from lookup with Join missing

Is there a way to be more efficient in writing this query - Regex/Wildcard/Substitution question

Issue with Dropping Events via props.conf and transforms.conf

support for fill-forward or "last observation carried forward"

There is a way to send some fileds of an alert to a kvs lookup?

Need a query to find count of substring within string

Events with duplicate field extractions

URL aggregation in splunk query

Find searches that reference indexes that no longer exist

Skipped search error on CMC | The maximum number of concurrent running jobs.....on this cluster has been reached

need demo of PKI Spotlight Add-on for Splunk

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Splunk Answers Content Calendar, July Edition I

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions