Splunk Search

Discussions

Thread Info

Creating new fields using already set data

I am working with data from an application but the data has been forwarded to Splunk as raw data and appear randomly ...

by New Member in

How to create a real-time map of attacks

I want to create a real-time map similar to https://cybermap.kaspersky.com/ that tracks and displays the exact locati...

by New Member in

Can any one help to understand & use of below command in eval

Can any one help to understand & use of below command in eval index=_internal | eval Mahesh=max(1, 3, 6, 7, "foo", fi...

by Explorer in

Trying to change date

index=_internal | eval Mahesh=replace(date, "^(\d{1,2})/(\d{1,2})/", "\2/\1/") My date 03-16-2018 I need 16-03-201...

by Explorer in

CPU Usage by Process

Is there a way to pull a list of running processes and the CPU % usage per process via Splunk natively? Using Powersh...

by Communicator in

Calculate difference between 2 time fields using strptime

As an example, I am getting weather data where in each json even I have the sunrise and sunset time for that day. The...

by Communicator in

How to create a real-time map of attacks by Source IP?

I would like to create a live map similar to the one at Norse: http://map.norsecorp.com. Below is the search that ...

by Explorer in

Find percentage between two fields whose name will fall into a naming convention

I have a set of fixed fields that define a maximum threshold with the naming convention of "resources_available_[[con...

by Contributor in

How to use rex to get matching number?

I tried to use | rex "^Version\s(?P(\\d{2}))$ to extract version number - it should only be 2 digit number. But 12.1....

by Path Finder in

How to add link per rows?

I first encountered the plank system. Need any help. Have a table with multiple rows. Is it possible to assign a l...

by New Member in

data comparison

Hi all Someone can help me? We have a stream of messages that are sent from one side and received on the other. Is...

by New Member in

Why is the stats count showing higher count for date_ then other fields?

I have a report that provides a summary of key activity by IP. I wanted to cross check that information against th...

by Path Finder in

problem with join

i am trying to join 2 indexes and ClientName. i find some rows are not joining on ClientName. but if i explicitly me...

by Builder in

Regex Help

Hi, I need a regex to extract at search time the values after ACTION[*] and up to the next character, regardless o...

by Path Finder in

How do I combine two unrelated inputlookups in the same search?

Say I have one lookup which has various fields like host, source and other stuff. And another lookup which has fields...

by Explorer in

Need to benchmark IOPS reliably

Hi, Can someone recommend a linux utility to reliably benchmark IOPS on local, NFS and iSCSI volumes? I need so...

by Engager in

How to use transaction command with message and as argument?

How to use message name as argument for transaction command? I have logs relate to a particular message ID for one so...

by Communicator in

high cpu over xtime alert

I want to create an alert when the cpu is at 50% or higher for greater than 5 mins. I thought this would work, but...

by Engager in

Return values of field that dc is ran on instead of just the count

Hello all, I have the following search: index="vpn_gateway" eventtype="vpn-authall" | stats dc(vpnuid) by vpnc...

by Engager in

Why are several JSON fields getting extracted more than once at search-time?

At search-time, several fields get extracted more than once, even if they only exist once in the event. I know I can ...

by Communicator in

combining stats question, can I do this as one search instead of appending 2?

BASE_SEARCH | rex field=dest_host "^(?<hostname>([a-z0-9\.\-]*\.)?(?<Domain>[a-z0-9\-]{2,}(?=\.[a-z\.]{3,})\.(?<tld>...

by Path Finder in

Timechart with no data gives "No results found"

I want to show the number of bad errors each minute over an hour time period to show as an embedded report. I am u...

by SplunkTrust in

Matching String in line of texts in splunk

Hi, I am quite new to splunk platform. Can you please help me out here with my requirement: I have to write a l...

by Explorer in

Match values under 2 different fields

Need help. Appreciate in advance. I have 2 lookup csv. I need to match each value under "numberX" field against th...

by New Member in

SPL to find users NOT in ldapsearch subsearch results

Looking for how to query for users that are logging in via Remote Desktop which are not in a certain OU in Active Dir...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Creating new fields using already set data

How to create a real-time map of attacks

Can any one help to understand & use of below command in eval

Trying to change date

CPU Usage by Process

Calculate difference between 2 time fields using strptime

How to create a real-time map of attacks by Source IP?

Find percentage between two fields whose name will fall into a naming convention

How to use rex to get matching number?

How to add link per rows?

data comparison

Why is the stats count showing higher count for date_ then other fields?

problem with join

Regex Help

How do I combine two unrelated inputlookups in the same search?

Need to benchmark IOPS reliably

How to use transaction command with message and as argument?

high cpu over xtime alert

Return values of field that dc is ran on instead of just the count

Why are several JSON fields getting extracted more than once at search-time?

combining stats question, can I do this as one search instead of appending 2?

Timechart with no data gives "No results found"

Matching String in line of texts in splunk

Match values under 2 different fields

SPL to find users NOT in ldapsearch subsearch results

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

Alert Triggered Action: Dashboard Studio Snapshot

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions