Splunk Search

Discussions

Thread Info

black-out/ simple way to combine events from two sourcetypes on same Id

I must have a blackout because the case does not seem to difficult but i cant get it working. I have two sourcetypes,...

by Path Finder in

If statment is not returning value with evaluate a "tag" value

Hi, i'am trying to evaluate a tag value like this: eval X=if(tag="NY",_time,"1") I have trying everything and stuck i...

by Observer in

Virustotal Checker: How to set the VT API key?

Hello! How to set the VT API key for the Virustotal Checker app?

by Explorer in

How to create a lookup matching non-exact words ?

I have the below type of event and I want to add a category field to it using lookups time Transaction Business...

by Motivator in

Join 2 events with same "source"

I want to join the nmap scanning results. The common field is the source "nmapscan_1.gnmap" while other scans will ha...

by Engager in

Field Extractions in Search Head GUI

Hi Team, I have an event which is getting segregated with pipe (|) symbol and i want to separate those events with...

by Path Finder in

Time Input to Form Not Working

Maybe I've been overthinking this, but for the life of me I cannot get my Time Input to my form working! I'm using th...

by New Member in

Count items satisfying a condition

I have a event created each time a user does an action in my system (e.g. login, open_page, close_page). I need to do...

by Engager in

port sweep 1 source to multiple destination to more than 4 dest_ports

This is the query which is for port sweep------- 1source->dest_ips>800->1dest_port | tstats summariesonly dc(All_Traf...

by New Member in

Multiple/Nested IF statement

My logic for my field "Action" is below, but because there is different else conditions I cannot write an eval do ach...

by Communicator in

Count a field value for one field, but not for another in Stats

Hello All, I am running a report that uses multiple stats commands to achieve the final output, in this report I h...

by Path Finder in

Field extraction showing up for different sourcetype

Hello. I used the Splunk field extractor to get a field from sourcetype=sourcetype_a For some reason, when I search s...

by Explorer in

Why is KV_MODE=xml not working in my distributed environment?

Hi, i'm using a distributed splunk setup (search head with several indexers) with version 6.1.3. I'm having proble...

by Path Finder in

How to restrict User access to search from dashboard?

I have a dashboard which uses internal index and I made it available for role "user". I couldn't get the dashboard ru...

by Explorer in

Security Key in server.conf

what is the diff between the security key in the clustering stanza and the key in the general stanza in server.conf ?...

by Builder in

Regex Help

Hi, Struggling yet again with another regex. The sample string looks like the following: .........,"errorCode":...

by Communicator in

Can we find the events which are not matched by Lookup table?

I have a lookup table with which I am categorizing the Error Messages received from a particulat Sourcetype "error". ...

by Path Finder in

How to make search faster

Hello, below is my search . Since i am using join , search is slow . Can i please know if there is a way to incre...

by Path Finder in

How to count success/fail event and group them by another field

Hello everyone! My data have this form I'm trying to make table in splunk, that will aggregate data to nex...

by Explorer in

Stacked100 with Bar total value

Ciao, i'd like to apply some enhancements to a stacked100 barchart i created. In particular I'd like to modif...

by Path Finder in

How to extract the last string order a table around it ?

40.118.209.1 0x735870x1 GG46989 [21/Dec/2014:00:00:00 -0500] "GET /rest/jphutenxporter/1.0/outputformatconfig/outputf...

by Contributor in

query to grab the metadata of the host entered by the user

Hello, Can someone please help me to build a query that will display hostname , IP address , last reported by the ...

by Path Finder in

How to display respective entries from two different logs based on a common extracted field value?

Hi All, I have two different sources of log and want to display respective entries from each source based on a extra...

by Engager in

what is meaning of communication protocols in spunk

by Explorer in

How to count daily events with specific time?

Hi guys, I need to count number of events daily starting from 9 am to 12 midnight. Currently I have "earliest=@d+9...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

black-out/ simple way to combine events from two sourcetypes on same Id

If statment is not returning value with evaluate a "tag" value

Virustotal Checker: How to set the VT API key?

How to create a lookup matching non-exact words ?

Join 2 events with same "source"

Field Extractions in Search Head GUI

Time Input to Form Not Working

Count items satisfying a condition

port sweep 1 source to multiple destination to more than 4 dest_ports

Multiple/Nested IF statement

Count a field value for one field, but not for another in Stats

Field extraction showing up for different sourcetype

Why is KV_MODE=xml not working in my distributed environment?

How to restrict User access to search from dashboard?

Security Key in server.conf

Regex Help

Can we find the events which are not matched by Lookup table?

How to make search faster

How to count success/fail event and group them by another field

Stacked100 with Bar total value

How to extract the last string order a table around it ?

query to grab the metadata of the host entered by the user

How to display respective entries from two different logs based on a common extracted field value?

what is meaning of communication protocols in spunk

How to count daily events with specific time?

How to Monitor Google Kubernetes Engine (GKE)

Index This | How can you make 45 using only 4?

Splunk Education Goes to Washington | Splunk GovSummit 2024

Need solution on search query

Looking for a query to display a list of jobs stuc...

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について