Splunk Search

Thread Info

How to see if field values from index 1 shows up in index 2?

Do I need to do some fancy joined search here? I have values that will show in index 2, and I want to check index...

by Communicator in

Search Alias

Hi I'm new on Splunk It's possible to give an alias to a search? I'm trying to do something like this: index=Obs1...

by New Member in

how to calculate endtransactiontime - starttransactiontime when starttransactiontime is in one event and endtransactiontime is in another event

Hi !! I want to calculate TransactionEndTime-TransactionStartTime, where TransactionStartTime is in CaptureLocation=R...

by New Member in

What is the best way to determine if a UFW is running without CLI access?

Hi, I'm looking for options to validate that a UFW is running on servers, without actually logging into the server...

by Champion in

Inconsequent field extraction behavior: works when eval'ed but not when used directly?

I have defined a field extraction that seems to properly extract fields: EXTRACT-KVSAxis = KV(?:Blade)*(?<KVSAxis>...

by Path Finder in

Is there a function that concatenates result lines of strings?

Hi everyone! I would like to format a result into a string and I don't even know where to start and if there even ...

by New Member in

inputlookup error "line endings"

I’m trying to troubleshoot my use of “inputlookup”. First I verify the following search works: index=ca ce...

by Communicator in

How to update a chart drilldown with a token that updates dynamically?

Hi I am updating a chart drilldown with a token, from "undefined" to "all" to "undefined". <option name="chart...

by Influencer in

Why are my access_logs inconsistent?

My access_logs files are not being pulled constantly. There are large gaps between the pulling of logs. The logs ...

by Explorer in

Is it possible to search for certain events within raw data?

Would it be possible to search for certain events within the raw data? For example, I need to find events with C:\Win...

by Explorer in

How to sort source based on its earliest event indexing?

I am in the log sources provisioning phase. I examine the "data summary" frequently to see the change in number o...

by Explorer in

How does the Splunk internal search functionality work?

Hello, Splunkers. I have been looking for information about how work internally the splunk searchs. Are they be tr...

by Path Finder in

How to write a search to find users that are actually connected with VPN from Cisco logs?

Hi, I am creating a search to find the users that are actually connected with VPN. In the Cisco logs, I can only s...

by New Member in

How to adjust the time zone for an logs coming into splunk ?

Hi All, Currently we are facing an issue time stamp for a firewall logs. We could see the logs are coming into splunk...

by Motivator in

Re-indexing multiple files using btprobe

So we have lots of files -- one is created every day. We want to re-index this data. We have removed the data from th...

by New Member in

Help me with search for my use case

I need to setup a alert if my count is zero on that day. my query is index= abc | timechart span=1d count and I a...

by Communicator in

Regex question

Hi! if I can make groups from <VULN number ... to ... </VULN> with regex? <VULN number="MP-412750" severity="5...

by Explorer in

The percentage of Read / Write utilization to get to 800 IOPS?

I am trying to figure out the drive configuration to meet the recommended 800 IOPS noted in the Splunk documentation ...

by Splunk Employee in

Only show logs where field value has a decimal place

Hi all, I'm trying to run a search that only finds specific events in a log which have field X equal to a number w...

by Path Finder in

Using lookup tables to create separate alerts for prod and nonprod hosts

Hello Splunk community, My team is tasked with creating alerts for standard server monitoring metrics (CPU, memory...

by Explorer in

How do you find the avg time of transactions where the duration is longer than normal?

Hi! I'm trying to get the avg time of transactions where the duration is longer than normal. I can successfully do wh...

by Engager in

inputlookup |append [search] vs search | append [|inputlookup]

I am getting different results for the following two queries and I cannot understand why (index=windows) EventCode...

by Builder in

Sort hosts by number of services hit per host

For the query : host=aeperf01api02 Level="INFO" | stats count by AppDomain I have following output Web ...

by Path Finder in

Comparing counts of previous hour with the counts from the same day and hour of the previous 3 weeks

Looking for a little help comparing a count of the past hour with the count from the same hour from the 3 previous we...

by New Member in

what range of udp/tcp ports can be used for various log sources ?

I have 3 different log sources sending logs to Splunk from a number of hosts on on udp 514. Breakdown : WLC (5-6 ...

by Motivator in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

How to see if field values from index 1 shows up in index 2?

Search Alias

how to calculate endtransactiontime - starttransactiontime when starttransactiontime is in one event and endtransactiontime is in another event

What is the best way to determine if a UFW is running without CLI access?

Inconsequent field extraction behavior: works when eval'ed but not when used directly?

Is there a function that concatenates result lines of strings?

inputlookup error "line endings"

How to update a chart drilldown with a token that updates dynamically?

Why are my access_logs inconsistent?

Is it possible to search for certain events within raw data?

How to sort source based on its earliest event indexing?

How does the Splunk internal search functionality work?

How to write a search to find users that are actually connected with VPN from Cisco logs?

How to adjust the time zone for an logs coming into splunk ?

Re-indexing multiple files using btprobe

Help me with search for my use case

Regex question

The percentage of Read / Write utilization to get to 800 IOPS?

Only show logs where field value has a decimal place

Using lookup tables to create separate alerts for prod and nonprod hosts

How do you find the avg time of transactions where the duration is longer than normal?

inputlookup |append [search] vs search | append [|inputlookup]

Sort hosts by number of services hit per host

Comparing counts of previous hour with the counts from the same day and hour of the previous 3 weeks

what range of udp/tcp ports can be used for various log sources ?

Detecting Brute Force Account Takeover Fraud with Splunk

Buttercup Games: Further Dashboarding Techniques (Part 9)

Buttercup Games: Further Dashboarding Techniques (Part 8)

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...

Splunk Search

Are you a member of the Splunk Community?

Discussions