Building for the Splunk Platform

Discussions

Thread Info

AD monitoring

I want to collect log from user AD. I have used eventcode 4720 and eventcode 4624. i wonder how to combine these two ...

by Loves-to-Learn Lots in

Is there a reference for all the different actions of the field "action" in the Splunk _audit index?

Dear Splunkers, I would like to know if there is a reference for all the different actions of the field "action" (...

by Path Finder in

Splunk role capabilities needed for splunk apply shcluster-bundle

Hi, I have to create a splunk role for an "operator" user who must be able of launching the CLI command "splunk ap...

by New Member in

rex to extract particular field

Hi , I have below string and need to extract field after HCM5250: and before . Also, while doing search need to co...

by Explorer in

Keeping highest 99% of values for each field value

Hello all. I have calculated measures of a given statistic for a variety of values for the field "Link", and I need t...

by Explorer in

Resource usage for multiple hosts, grouped together.

Hi, Would it be possible to group hosts resource usage in a standard dashboard , similar to the DMC 's stats. : ...

by Communicator in

Calculate and display jump in connections

Hi all, I have written a search that will list the "average daily connections" originating from a source ip addres...

by Communicator in

rex invalid argument

Hi, We're using 6.5.3. Got error "Error in 'rex' command: Invalid argument: ' ' " for query like following: ...

by Communicator in

Index hit by searches in last 30 days

Hi, I am doing a clean up process to all of indexes and i need to know who (users) searched the indexes in last 30...

by Path Finder in

Extract values from a multivalue-field

I have a multi-value field that contains IP-Adr and MAC-Adr and want to seprate them into single value fields. Sounds...

by Explorer in

Splunk SDK API Search String Syntax Problem

I Have Two Queries That Both Work In Splunk Web Ui This Query Works In Web UI BUT NOT In Api I Probaly Have A Synt...

by New Member in

How do I prevent Introspection Generator to read information about non splunk process when hidepid activated on /proc ?

Hi, my splunk is running as splunk user on a linux system where the admin has secured the OS by using hidepid=1 on...

by Splunk Employee in

Event Correlation - Display events from two sourcetypes

I'm trying to do event correlation between two different sourcetypes using the following: sourcetype=logweb host=s...

by New Member in

Need to find all fields related to sourcetype

Hi All New to spluk and have a basic question want know how to get all fields (selected and interesting fields...

by Explorer in

Need to convert values into percentage in Bar Graph

I have generated a chart which is having a some values, Now I want to convert those values in percentage.. I have tri...

by Explorer in

How to extract a string and display it as filename

I have a log File as follows 07:30:57.222 02/20/2017 File "SKU_DR2_DBF_FULL_20170220_122856.csv" is received from FT...

by New Member in

what are the languages does splunk support for writing scripts for generating alerts for logs

i want create alerts for logs..so what are the languages does splunk supports for writing scripts

by New Member in

Pull a specific event from Splunk

We have a portal that is used by the SOC for malware investigations. The portal has the ability to login to Splunk & ...

by New Member in

How do you configure the nest thermostat and Splunk to communicate? Is there a tutorial for the initial configuration?

The Setup > Generate Device IDs does not return any results for me. Maybe there is a way to configure Splunk to view ...

by New Member in

how to initially setup a summary index ?

I have a report which is sloooow - seems like a good candidate for summary index. reading the docs it suggests config...

by Path Finder in

Get Updates on the Splunk Community!

Building for the Splunk Platform

Discussions

AD monitoring

Is there a reference for all the different actions of the field "action" in the Splunk _audit index?

Splunk role capabilities needed for splunk apply shcluster-bundle

rex to extract particular field

Keeping highest 99% of values for each field value

Resource usage for multiple hosts, grouped together.

Calculate and display jump in connections

rex invalid argument

Index hit by searches in last 30 days

Extract values from a multivalue-field

Splunk SDK API Search String Syntax Problem

How do I prevent Introspection Generator to read information about non splunk process when hidepid activated on /proc ?

Event Correlation - Display events from two sourcetypes

Need to find all fields related to sourcetype

Need to convert values into percentage in Bar Graph

How to extract a string and display it as filename

what are the languages does splunk support for writing scripts for generating alerts for logs

Pull a specific event from Splunk

How do you configure the nest thermostat and Splunk to communicate? Is there a tutorial for the initial configuration?

how to initially setup a summary index ?

Enterprise Security Content Updates (ESCU) - New Releases

Thought Leaders are Validating Your Hard Work and Training Rigor

.conf23 Registration is Now Open!

UI-Toolkit React-App unable to fetch REST-Endpoint...

Can I make checkbox label clickable?

How can I setup page with select?

How to create a drilldown for a single value panel...

Different custom CSS depending on dark VS light mo...