Splunk Search

Thread Info

Matching String in line of texts in splunk

Hi, I am quite new to splunk platform. Can you please help me out here with my requirement: I have to write a l...

by Explorer in

Match values under 2 different fields

Need help. Appreciate in advance. I have 2 lookup csv. I need to match each value under "numberX" field against th...

by New Member in

SPL to find users NOT in ldapsearch subsearch results

Looking for how to query for users that are logging in via Remote Desktop which are not in a certain OU in Active Dir...

by Contributor in

How to display multiple field ips using geostats

Hi, I have three fields which outputs Ip addresses. is there a way to display all these three field IP addresses o...

by Explorer in

how to make raw data in visual format?

i have raw data with time stamp..ID..target page. i want this to be visualized. how can i do?

by Motivator in

Timechart last month to prior month comparison with trend

Hi, I am trying to compare the number of events from last month to the prior month. So January and February and displ...

by Path Finder in

How to inputlookup a csv file which contains only the hostnames and get the field values of A,b and C?

I have a lookup file which contains a list of hostnames under the field Host like below Host abd addf fdfs Now...

by Builder in

Map/Join Search query with lookup, when field in null

Hello, I am trying to Join/map Search query result with lookup table. I am close to perfect query, Just not be abl...

by Builder in

what is use of diff command

Hi , I tried understanding diff command from spunk.doc unable to understand,could you please let me know use of diff ...

by Explorer in

Why am I getting "Error in '| metadata' " when trying to get the earliest event in a particular index?

I am attempting to determine the earliest event in a particular index by executing the following search over All Time...

by Builder in

Issue combining 2 sourcetypes into 1 table

I am using the following search: index=nessus sourcetype="nessus:plugin" OR sourcetype="nessus:scan" each time ...

by Explorer in

Match events in search by fields

Hello I have a serach that gives me back two types of events. event A with field r_code and some other fields while e...

by Explorer in

How to analysis the occurrence of an ERROR on a give field with some other field?

I have a log, and in theis log I have a field that I have called Informative. This Informative can assume the followi...

by New Member in

Specific Alert

Hi, I would like to Know if it is possible ! I want to send an email on the adress mail content on my log . For...

by Engager in

Sorting Multi value Field

Hi , I have to sort 2 multivalue fields and need to compare. Please provide me some example. Thanks Sathish R

by Contributor in

sort on second field of mvzipped field

Hi, I have a multivalue field with the name of user and the monthly expenses and another column of time. e.g: colu...

by Explorer in

How to Black out my splunk alert for particular period ?

How to Black out my splunk alert for particular period? There are two different scenarios firest alert: 1)16:30...

by Builder in

Average of the total count

Hello all, How can I get the average of the output as below? Calculation is 40 + 20 + 50 / 3 = 36.6 REQUEST...

by Path Finder in

How to remove "Other" option from Time Range Picker

I have "Other" as a drop-down option in my Time Range Picker. I have separate times.conf file for my application in ...

by Path Finder in

How to match two lookups in Splunk?

I have fields ComponentName, CNC in lookup A and fields ComponentName, ENDPOINT in lookup B. The output should have f...

by New Member in

Group my data per week

Hi All, I am currently having trouble in grouping my data per week. My search is currently configured to be in a r...

by Engager in

Read data between in log file based on date

Hi, I have a log file and want to read everyday data only. File Format is like sometextsometext Friday, March 9...

by New Member in

Query doesn't work under CURL call (but is fine under user interface)

Hi; I have a query that ends as follows | stats count(eval(HttpStatus LIKE "2__")) AS success count(eval(HttpStat...

by New Member in

Removing the "not found" results from a pie chart in csv format

Hello All, I have csv data like this ip address, Ports Open 192.168.1.1, 80 192.168.1.2, 81 192.168.1.3, none...

by Engager in

combine 2 queries and subtract the results

I have the below queries, would like to run together and subtract the count results. Any help appreciated. |host=...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

Matching String in line of texts in splunk

Match values under 2 different fields

SPL to find users NOT in ldapsearch subsearch results

How to display multiple field ips using geostats

how to make raw data in visual format?

Timechart last month to prior month comparison with trend

How to inputlookup a csv file which contains only the hostnames and get the field values of A,b and C?

Map/Join Search query with lookup, when field in null

what is use of diff command

Why am I getting "Error in '| metadata' " when trying to get the earliest event in a particular index?

Issue combining 2 sourcetypes into 1 table

Match events in search by fields

How to analysis the occurrence of an ERROR on a give field with some other field?

Specific Alert

Sorting Multi value Field

sort on second field of mvzipped field

How to Black out my splunk alert for particular period ?

Average of the total count

How to remove "Other" option from Time Range Picker

How to match two lookups in Splunk?

Group my data per week

Read data between in log file based on date

Query doesn't work under CURL call (but is fine under user interface)

Removing the "not found" results from a pie chart in csv format

combine 2 queries and subtract the results

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...