Splunk Search

Discussions

Thread Info

Splunk - Join two queries from same index and eventtype

I have the following two events from the same index (VPN). I've been unable to try and join two searches to get a tab...

by New Member in

Splunk license usage per sourcetype

Hello, Is there a way to find out which sourcetype is sending too much of data to an index. i know an index but i ...

by Explorer in

How do I remove rows with null values on single/multivalue fields?

Hello Everyone I have a below search query that results me 4 column table. Process, RunID, StartTime and EndTime. ...

by Path Finder in

extract name from multivalue

Within MSAD, the manager field looks like this: manager=CN=The Boss,OU=HLGIT,OU=CO,OU=mytownUsers,OU=ourFIRE,DC=ou...

by Engager in

How to find the oldest timestamp of an event available for search

I would like to find the oldest timestamp of events available for search (with respect to sourcetype) in an index. Me...

by Explorer in

How to sort using formatted time

Hi, I have a result table with two columns "formattedTime" and "Unsuccessful logins". I am displaying time in the ...

by Explorer in

Why is the background search failed with an error "search was canceled"?

We are running Splunk v 7.0.1. One of our splunk users sent a search to the background and received the following ema...

by Builder in

How to use an index for a lookup

Noob question. I had about a dozen CSVs that had the same information on them but the columns were out of order. I...

by New Member in

Why it changes the sourcetype for all sourcetype

I am trying to change the sourcetype of all events that are not from sourcetype starting with xyz. I am using followi...

by Communicator in

Search all the login events from a location

Need to run a report where the user is supposed to work remotely for 110 days in any given 365 days. The 365 days is ...

by Explorer in

Tracking of particular field

I have two fields from them I want to track particular one field with starting of this & ending of that value. For th...

by Path Finder in

Can Splunk perform multiple searches using a single request and return the results separately?

I am querying Splunk REST API and wish to send multiple queries in a single POST request. Is it possible to get separ...

by New Member in

Search if a field is in the results of a subsearch

I have a search that starts out like this; index=my_index field1=abc field2=def ( field3=aaa OR fie...

by Builder in

Regex to extract email domain name

I have two regexes below which are pulling the domain name of the email sender (from). i.e linkedin.com, amazones.com...

by Communicator in

Colud not use strptime to prase the timestamp pipe

Hi , I am not able to parse the below log format using timeformat -props.conf It is giving me a warning unable to ...

by Explorer in

Can't use eval function on fields extracted from json log using spath

I have extracted fields from a json log using spath, I want to add double quotes to the tabled results using ... | ev...

by New Member in

How to chart field values by another field _time?

Hi, I am running this query: index=servers sourcetype=json Name=* Version=* Id=* | dedup _raw |fillnull bdy.ex....

by Contributor in

Manual Input Form

Hi all, Well a long night and day of reading about every post on forms and manual input to no avail. I'm looking f...

by Path Finder in

Where to place common python libraries

I have multiple alert actions in Python. I am trying to have the modalert helper for each action to load a common lib...

by New Member in

How can I eliminate similar results?

I have a query that is returning similar, but not exact results. In the example results below, I want to get rid of '...

by New Member in

Search Multiple Sourcetypes using different fields - return all rawevent information for all sourcetypes

I need help figuring out the best way to get the information I want in one query. I have indexA with sourcetypeA, ...

by New Member in

Working with boolean operations like an arithmetic operation.

Hello Everyone, I've just done a Splunk query that it required a lot of conditionals and I just wanted to use boolean...

by Communicator in

Conditional count using tstats

Is it possible to do a conditional count using tstats? I want to count specific event_type: (count if(event_type = 'x...

by New Member in

Is it possible to do a conditional count using tstats?

Is it possible to do a conditional count using tstats? I'm trying use the following which is the syntax that I would ...

by Builder in

How to configure the input for ADFS

Based on what I've found I configured the following inputs.conf in a test tier as follows: [WinEventLog://AD FS/Admin...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Splunk - Join two queries from same index and eventtype

Splunk license usage per sourcetype

How do I remove rows with null values on single/multivalue fields?

extract name from multivalue

How to find the oldest timestamp of an event available for search

How to sort using formatted time

Why is the background search failed with an error "search was canceled"?

How to use an index for a lookup

Why it changes the sourcetype for all sourcetype

Search all the login events from a location

Tracking of particular field

Can Splunk perform multiple searches using a single request and return the results separately?

Search if a field is in the results of a subsearch

Regex to extract email domain name

Colud not use strptime to prase the timestamp pipe

Can't use eval function on fields extracted from json log using spath

How to chart field values by another field _time?

Manual Input Form

Where to place common python libraries

How can I eliminate similar results?

Search Multiple Sourcetypes using different fields - return all rawevent information for all sourcetypes

Working with boolean operations like an arithmetic operation.

Conditional count using tstats

Is it possible to do a conditional count using tstats?

How to configure the input for ADFS

Get Schooled with Splunk Education: Explore Our Latest Courses

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Buttercup Games: Further Dashboarding Techniques (Part 5)

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...