Splunk Search

Thread Info

Filter events in a time frame by a condition

I have the query to find the response code and count vs time (in 1 minute time interval) as below. index=sa...

by Explorer in

Classify into a group

Example logs 2022-08-19 08:10:53.0593|**Starting** 2022-08-19 08:10:53.5905|fff 2022-08-19 08:10:53.6061|dd 2...

by Path Finder in

How to create multiple events with different values using makeresults

Hi there: I have the following makeresults query: | makeresults count=3| eval source="abc"| eval msg="consumed"| ...

by Path Finder in

Calculate any Server network throughput from Cisco ASA logs.

I can see logs from Cisco ASA firewall to Splunk and we are getting logs when a connection close. It have the total d...

by New Member in

Lookup against an Array

I'm trying to run a lookup against a list of values in an array. I have a CSV which look as follows: idxy123DataDa...

by Explorer in

Calculating duration of several events in a row with the same field value

I'm having some trouble coming up with the SPL for the following situation: I have some series of events with a tim...

by Engager in

How do I extract multiple values for a field in the same event using field extractions?

Hello, I have the following event (all lines belong to the same event): A Tue Oct 30 13:54:12:863 2018 A ** RA...

by Builder in

Extract and count IDs from a table

Hi!  I have a fallowing table: SESSION_IDSUBMITTED_FROMSTAGE1 submit1startPagesomeStage12 submit2page1someStag...

by Explorer in

Search peers / Replication status / Initial

I'm trying to setup a distributed search. I have successfully added my search peers to the search head already. Th...

by Explorer in

Compare two timestamps

Hello, We are implenting splunk in our environment and right now i import every 7 days our vulnerability scan to ...

by Explorer in

extracting texts from a field

Hello there: I have the following two events: Event #1 source=foo1 eventid=abc message="some message dfsdf...

by Path Finder in

converting this search to hours instead of days

Hi im trying to convert this search to show totals in hours instead of days/dates can anyone help me please? index=...

by Explorer in

How can I find an event count of event that are less than a p95 duration?

I need to identify the count of events that have a duration that is less than the p95 value. Sample search index=...

by Path Finder in

Working with OpenTelemetry Cumulative Histogram Bucket with Calculations

Hi, I am new to Splunk and couldn't figure out how to work with OpenTelemetry's histogram bucket in Splunk. I have...

by Loves-to-Learn in

MLTK import error- Does anyone have suggestions?

initially MLTK was working fine but now I started getting this error "Error in 'fit' command: (ImportError) DLL load ...

by Path Finder in

how to join 2 lookup files to combine all the rows.

how to join 2 lookup files to combine all the rows. I used this query but not giving proper values and used join/appe...

by Path Finder in

Splunk Search results limit 4999

Hello, Currently, I am using the append command to combine two queries and tabulate the results, but I see only 49...

by Communicator in

search query

Hi there: I have two events shown below: Event #1 source=foo1 eventid=abcd Event #2 source=foo2 event_i...

by Path Finder in

Better PDF report visualization

Hello, i am reaching out to ask if there is any way to make the chart that was generated with the scheduled PDF repor...

by Communicator in

grouping count by multiple field substrings

Hi, We currently have events where identifying the app that makes the event depends multiple fields, as well as sub...

by Explorer in

Automated lookup using KVstore lookup

I have a KV store collection that is populated. I have a lookup definition pointing to the KV store. If you use the...

by Communicator in

Encrypt the Source data

Hi All, My requirement is source data records data need to be encrypted. What does process need to follow? Is t...

by Loves-to-Learn Everything in

How to apply eval to fields with complex names?

I am basically faced with this problem: | makeresults count=3 | streamstats count | eval a.1 = case(cou...

by Path Finder in

Trying to create a custom Field Extraction

I am trying to write a regex to extract a field called "registrar" from some data like i have below. Can you please h...

by Path Finder in

way to detect half-duplex connections

Does anyone know a pattern for detecting half-duplex connections from server/laptop sources to server destinations? n...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

Filter events in a time frame by a condition

Classify into a group

How to create multiple events with different values using makeresults

Calculate any Server network throughput from Cisco ASA logs.

Lookup against an Array

Calculating duration of several events in a row with the same field value

How do I extract multiple values for a field in the same event using field extractions?

Extract and count IDs from a table

Search peers / Replication status / Initial

Compare two timestamps

extracting texts from a field

converting this search to hours instead of days

How can I find an event count of event that are less than a p95 duration?

Working with OpenTelemetry Cumulative Histogram Bucket with Calculations

MLTK import error- Does anyone have suggestions?

how to join 2 lookup files to combine all the rows.

Splunk Search results limit 4999

search query

Better PDF report visualization

grouping count by multiple field substrings

Automated lookup using KVstore lookup

Encrypt the Source data

How to apply eval to fields with complex names?

Trying to create a custom Field Extraction

way to detect half-duplex connections

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...