Splunk Search

Discussions

Thread Info

Conversion to UNIX time

I want to convert my default _time field to UNIX/Epoch time and have it in a different field. This is how the Time fi...

by Contributor in

Get just 7 characters of field to search

I have a userID with 9 characters and want to search a lookup with just 7 characters. I have tried to use RegEx but i...

by Explorer in

Can I concatenate a complete search query to the already filtered stats results which only executes if an input checkbox is checked

I want to add a checkbox input which just concatenates my search with something like " | search Error" if I check tha...

by Path Finder in

How can I compare 2 latest events and search for the second latest event by host?

Hi, I'd like to create a search that detects a failover, i.e. it would compare the two latest events by host and w...

by Path Finder in

How to create Splunk query to validate missing Domain Controller security log events?

As we are using the AD Domain Controller security logs for audit purposes, we want a query to validate there are no m...

by New Member in

How to extract and find the difference in time between two fields using regex?

Hi , I have 2 events like below and I need to find the difference in time between 2 events. There may be a lot of...

by New Member in

How can I sort field values depending on the another field values ?

PFB the search query that I am using for my panel. PFA the view of th dashboard as well. index=scampservices OSIT4...

by Path Finder in

How can I build regex to extract data from unstructured Domain Time Logs?

Hi, Log files contain header and summary information in the beginning of the file. The number of header + summary ...

by Path Finder in

How to create two searches combined into one chart, or timechart with calculated percent of total (rate) by fields?

I have transactions logged across different sales "channels" (catering, mobileApp, faceToFace, etc.). I am trying to ...

by New Member in

Why is coalesce working only for one of the two fields I am combining, depending on the sequence the fields are being combined?

I have two existing fields - "narrative" and "alarm_type" that I am trying to combine into a new single field "alert_...

by Communicator in

How can I create a lookup where if the user is not found, the result should be NULL?

When searching a lookup and the user is not found then I need the result to be NULL. Any ideas?

by Explorer in

Why is the conversion of epoch time to human readable time (hetime and hltime) returning all zeros?

Hi, I have this XML code where I'm attempting to convert the clicked time in epoch format into a human readable ti...

by Motivator in

how can I create a top 5 list of multiple values from one source

I have an index from a forwarder that looks something like this: "index=indexname DEBUG Rule="Rule One" OR "Rule Two"...

by Path Finder in

Is there a limit on "Show all lines" in transaction startswith and endswith?

Hi All, I am using transaction with startswith endswith and some files are not showing. So I used keepevicted=t an...

by Contributor in

How do I format a number with commas in a column/field that has numbers and strings(using appendpipe)

How do I format a number with commas in a column/field that has numbers and strings(using appendpipe) I have the f...

by Motivator in

How to group selected blade Id's to Multiselect option?

I have a desired list of blades and I had filtered out only those blade id's and now while creating a multiselect lis...

by New Member in

How do I calculate the Average time usage per day when using Transaction and Bin?

Hello Everyone I have 2 source types ProcessStart and ProcessEnd. The common field with which I need to find out t...

by Path Finder in

Why are older events not shown anymore?

Dear Community! Following situation: I have a couple of indexes which are gathering log events from several heavy ...

by Explorer in

Using values of a field, compare them in another field and pulling relevant data into one

Hi All, I have a field named Issues Reported, whose values go something like this. Question 1. Can I us...

by Communicator in

Split IP Address in network and host part

Hi everyone, I've got a little problem. I want to split up IP addresses in network and host part (to create a char...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Conversion to UNIX time

Get just 7 characters of field to search

Can I concatenate a complete search query to the already filtered stats results which only executes if an input checkbox is checked

How can I compare 2 latest events and search for the second latest event by host?

How to create Splunk query to validate missing Domain Controller security log events?

How to extract and find the difference in time between two fields using regex?

How can I sort field values depending on the another field values ?

How can I build regex to extract data from unstructured Domain Time Logs?

How to create two searches combined into one chart, or timechart with calculated percent of total (rate) by fields?

Why is coalesce working only for one of the two fields I am combining, depending on the sequence the fields are being combined?

How can I create a lookup where if the user is not found, the result should be NULL?

Why is the conversion of epoch time to human readable time (hetime and hltime) returning all zeros?

how can I create a top 5 list of multiple values from one source

Is there a limit on "Show all lines" in transaction startswith and endswith?

How do I format a number with commas in a column/field that has numbers and strings(using appendpipe)

How to group selected blade Id's to Multiselect option?

How do I calculate the Average time usage per day when using Transaction and Bin?

Why are older events not shown anymore?

Using values of a field, compare them in another field and pulling relevant data into one

Split IP Address in network and host part

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

Observability Highlights | January 2023 Newsletter

[Crowdsec Json logs fields extraction]

Regex for Ingest Actions to match a list of EventC...

Need help on Dashboard related issue

Why does Walklex return spaces before some of the ...

Why won't Walklex timespan follow time specificati...