Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Help on calculating statistics

Hi, I have a CSV with something like the one shown. first field is order id and second field is product code. ordr...

by Champion in

How can I build regex for specific field extraction?

Hello everyone, I am sure this is a relatively easy regex to build but I was hoping for some assistance, my regex ...

by Path Finder in

Is the "Predict command" causing the search results return, taking too much time?

I have to forecast data for next 15 days, based on the last 30 days data. I have used the following query: sourcet...

by Path Finder in

Why does the Join query only work if I write a query in the most inefficient way?

I am trying to join the results of two searches so it looks like this: CWID, authorization_pk,weillCornellEduPrima...

by Engager in

How to compare two source files with combination of 4 fields as a unique key?

I have two sources Send Log and Received Log Send Log has four fields namely A B C D. (Combination of 4 fields as uni...

by New Member in

How to use accelerated search models for custom index-time fields, so that I can use tstat command with the extracted fields?

tstats is working on the fields like source, sourcetype, _time etc, however, I want to use tstats on other fields of ...

by Explorer in

combine csv lookup table (list of users) to ldapsearch

Trying to search with ldapsearch a list of specific users. | ldapsearch domain="default" search="(&(samAccountTyp...

by Explorer in

How to compare same date field after status changes?

I'm trying to compare the same date field between two different events. An event has the following fields that are...

by Path Finder in

generate daily report on date field in data

Hi there, I have some data like this activity_id: 1131c134-d771-41e7-918d-d42772fc1316 date_time:...

by Engager in

IF value then string

I am trying to set the Name to Unknown if the ID is XYZ else populate it with the name value. I have Eval name...

by Explorer in

How to trim away the port and use only URL after ":"?

Hi, I have a field with values URL and port, how to trim away the port and only use URL? For example, abc.net:9...

by Builder in

How to configure a time-based lookup - Temporal lookup?

I'm trying to configure a time-based lookup (temporal lookup) but it doesn't seem to be working as expected. Any advi...

by Contributor in

How to extract fields from openSCAP using regex?

Hey all, I'm trying to extract fields from openSCAP logs and I'm having difficulties pulling the CCE/DISA fields,...

by Explorer in

SAML Assertion signature verification failed. Unable to get local issuer certificate

We are trying to configure SAML integration for our Splunk On-Premise instance with our identity provider. Per the do...

by Engager in

How do I compare a missing value of one lookup from the other?

I have two lookups A,B with fields APIKEY, ENDPOINT. How do I compare the missing value for the column ENDPOINT in lo...

by New Member in

How can I use Rex or Regex to shorten up a timechart search by removing xmlkv function?

I'm trying to shorten up a timechart search by removing the xmlkv function. I've tried numerous times using rex and r...

by New Member in

How can I combine multiple rows into 1 row?

I have a search that returns the following table: | Key | Value | |---------|---------| | user | bob ...

by Engager in

Why isn't the time being recognized?

A little bit strange as this time stamp is not being recognized -

by Ultra Champion in

Percentage of Total of an event within a sub-array

Our data is structured into a JSON format, with data structured as follows: { IdentifyingDetailsofUserAndCal...

by Communicator in

How to use the lookup table to find if I can retrieve the filename from my lookup in my log, using the source fields?

Hi, I need your help as I think I didn't use Lookup correctly. I've a field in my logs called source and which ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Help on calculating statistics

How can I build regex for specific field extraction?

Is the "Predict command" causing the search results return, taking too much time?

Why does the Join query only work if I write a query in the most inefficient way?

How to compare two source files with combination of 4 fields as a unique key?

How to use accelerated search models for custom index-time fields, so that I can use tstat command with the extracted fields?

combine csv lookup table (list of users) to ldapsearch

How to compare same date field after status changes?

generate daily report on date field in data

IF value then string

How to trim away the port and use only URL after ":"?

How to configure a time-based lookup - Temporal lookup?

How to extract fields from openSCAP using regex?

SAML Assertion signature verification failed. Unable to get local issuer certificate

How do I compare a missing value of one lookup from the other?

How can I use Rex or Regex to shorten up a timechart search by removing xmlkv function?

How can I combine multiple rows into 1 row?

Why isn't the time being recognized?

Percentage of Total of an event within a sub-array

How to use the lookup table to find if I can retrieve the filename from my lookup in my log, using the source fields?

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

How to extract all the multi-values in excel?

How to convert a large number to string with expre...

Need help on Dashboard related issue?

Why does Walklex return spaces before some of the ...

Why won't Walklex timespan follow time specificati...