Splunk Search

Discussions

Thread Info

transform field in sha256 before indexation

is there a way to transform a field in sha256 before indexation? in the sourcetype ? I can do that after using ...

by Path Finder in

How to create a search to make a table of count of failed logins by user with fields in other columns?

A table with the count of failed login by a user for a day over the period of 7 days with the columns date, sourceip,...

by New Member in

How to get a single value subtraction from two Timecharts?

Hi, I have two searches Total Memory and Available memory and I want to subtract this two queries result, so that ...

by New Member in

How to use tstats and get raw last event?

Hello, I would like to get raw last event for each source listed by tstats, how to do? I've tried tstats ... | joi...

by Motivator in

How to exclude values from evaluation ?

I have a list of values for trans_time field ranging from 0 to 45000 (not continious values). I am performing some c...

by Contributor in

Why are the values showing wrong stats?

earliest=-32d@d | search Mode="GoNoGo" | stats dc(source) by Number | eval A=if(source= "faulty.csv", "Fail", "Pass"...

by Explorer in

Why IQR shows me only 10,000 results ?

I'm trying to find outlier using IQR method suggested by Splunk. I wonder why the statistics only shows 10,000 result...

by Contributor in

Applying a search filter (srchFilter) conditionally

Hello, I'm working on a Splunk system where we want to restrict users to certain data behind the scenes based on t...

by Explorer in

How to get an average value in timechart with time format?

I want an average answering duration of each HR persons in hh:mm format rep_duration is the time taken to answer and ...

by Explorer in

How to extract values from all fields?

Hi Team, I want to extract the values like left side(LABEL on of the fileds) all fields and values should take from a...

by Engager in

How to find the totals of status codes per uri per day?

I am using the following search: ( sourcetype=iis ) sc_status=500 |stats count by uri_path sc_status date but...

by Explorer in

Auto extracted field with kv_mode is overriding my default source and sourcetype

Hi Not sure this question has been asked before, I didn't seem to find that particular one, so here goes: I'm u...

by Path Finder in

Search Schedule Window option not there

Hi all, I have a 6.3.0 enterprise clustered installation with several alerts running with 5min intervals. Most of ...

by Path Finder in

Anybody have an idea for base64 decoding of fields in Splunk 6.5

Hi. I have upgraded to Splunk 6.5, and have a new source, with some base64 encoded values. I have tried looking at...

by Contributor in

Compare data from Yesterday and today without Weekend

host=somehost sourcetype=somesource earliest=@d+9h latest=now| timechart span=15m dc(UserId) | appendcols [search hos...

by New Member in

is the stats count is count of event or count of word?

For example I have a query like below index=ABC | stats count by host Does stats is the word count of all the...

by Builder in

In a time limited table, I'd like to indicate which field values are unique across the whole data set?

Hi there, I have this dashboard that displays a table of field values from a data set. At the top are some filters...

by New Member in

Match value from lookup table to values of specific fields

Hi, How to match lookup table of ip addresses with the existing field value of host_ip I want to display IP ad...

by Explorer in

How to extract field from data like this?

Hi All, I am working on some weather RSS indexing, some of the data look like this. King's Park| 17 degrees ; W...

by Splunk Employee in

How to search what values are missing in my lookup table?

How to write a search to get a list of items which are not matching. Example : I have a list of devices : A ...

by Explorer in

Search to display the first instance of a particular field

I have a search which extracts some values into a table including the date. For one of the fields, e.g. src_ip, I wan...

by New Member in

Head scratcher regex

Hi I have the below data and need to extract three things, 2 of which are pretty easy (method (GET or POST) and re...

by Motivator in

How to create a transaction that startswith=(something!="(null)") endswith=(something="(null)")

My goal is to create a transaction that ends with customerId being "(null)" and starts with customerId being somethin...

by New Member in

How to filter out IPs from being indexed?

I am not good at regex, so I need help filtering some IPs from being indexed. raw event looks like this: 192.16...

by Contributor in

How to extract events from multi-level json?

Please believe me  that I have searched for an answer until my index finger bled (pun intended, but seriously...I ha...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

transform field in sha256 before indexation

How to create a search to make a table of count of failed logins by user with fields in other columns?

How to get a single value subtraction from two Timecharts?

How to use tstats and get raw last event?

How to exclude values from evaluation ?

Why are the values showing wrong stats?

Why IQR shows me only 10,000 results ?

Applying a search filter (srchFilter) conditionally

How to get an average value in timechart with time format?

How to extract values from all fields?

How to find the totals of status codes per uri per day?

Auto extracted field with kv_mode is overriding my default source and sourcetype

Search Schedule Window option not there

Anybody have an idea for base64 decoding of fields in Splunk 6.5

Compare data from Yesterday and today without Weekend

is the stats count is count of event or count of word?

In a time limited table, I'd like to indicate which field values are unique across the whole data set?

Match value from lookup table to values of specific fields

How to extract field from data like this?

How to search what values are missing in my lookup table?

Search to display the first instance of a particular field

Head scratcher regex

How to create a transaction that startswith=(something!="(null)") endswith=(something="(null)")

How to filter out IPs from being indexed?

How to extract events from multi-level json?

Stay Connected: Your Guide to February Tech Talks, Office Hours, and Webinars!

Preparing your Splunk Environment for OpenSSL3

Incident Response: Reduce Incident Recurrence with Automated Ticket Creation

StateSpaceForecast holdback and forecast_k for eva...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...

Write Splunk log with Laminas