Splunk Search

Thread Info

Passing multiselect token to the macros

Hi Splunkers, I'm having the multiselect value that results need pass to a macros, Can you please help for that? ...

by Contributor in

How to Map fields to sourcetype

Hi All, I need help building a SPL that would return all available fields mapped to their sourcetypes/source L...

by Communicator in

Blacklisting the hypen processname using REGEX

Hi, As I was wondering can we blacklist the processname like "-" in the inputs.conf of DS ?? to save the splunk lice...

by Builder in

Passing multiselect values to macros

Hi There! I would like to pass multiselect values to macros, earlier it was dropdown. The values in multiselect its...

by Contributor in

How to extract using rex

{ [-] logger: org.mule.runtime.core.internal.processor.LoggerMessageProcessor message: Received update request IL...

by Path Finder in

Loading notification on Dashboard

Hi All In my current dashboard i have several text input that colleagues can use to find varies information. Somet...

by Path Finder in

timeseries using an OR text search

So I have the following search and I want to create a dashboard with separate columns for "Hits" and "Misses". See...

by Explorer in

Autochoose dropdown (dropdown2) Item from another dropdown (dropdown1)

Hello, How can I implement this one. to autochoose category dropdown from ingredient dropdown. FOr example, If I ch...

by Loves-to-Learn Lots in

Extract a specific value and make a visualization with time

I have regular traffic passing through my server. The server has the IP 10.41.6.222 My goal is to extract the Rate ...

by Observer in

To find the day for include/exclude weekends in search

Hi There! I would like to include/exclude weekend in the search, So i had created the dropdown for that, I'm get...

by Contributor in

Update lookup file values dynamically

I have a lookup file. Lookup has "host", "count", "first_event" and "last_event" fields. I want to run a search hou...

by Path Finder in

How to read a field value which field name is in another field?

We have this table: And we want to have a field (for example, named "value") that gets the value of the fi...

by Engager in

Record Numbers

I'm going crazy with this, would appreciate some help. I'm pretty sure the record numbers were not being sho...

by Engager in

Syntax Error while using "distance" command

Hi peeps, I receive below error while running a query. below is my query; eventtype=sfdc-login-history |...

by Path Finder in

I want create table view

I have SPLindex=main state=open | stats count(state) as open by risk_rating | rename risk_rating as state | addtotals...

by Path Finder in

AWS User last login

Hi. I want to create a search that checks for last user login date in AWS.I can see them in AWS IAM and there are b...

by Engager in

Filtering 2 fields with multiple values

Hello , i am new in Splunk and need help  i get every week a vulnerability scan log with 2 main fields: "extra...

by Explorer in

rex from the multivalue fields and get one particular value

I have this multivalue fields where i am tring to rex and get particular field value like "value":"ESC1000", but ins...

by Communicator in

How do I search for Filed Values in a Different Multi-Value Field

I have two fields: DNS and DNS_Matched. The latter is a multi-value field. How can I see if a field value in DNS is i...

by Path Finder in

Find days with no events

hello, i would like to find days in which a particular sourcetype is missing. With this, i'll drive an alert. for ...

by Path Finder in

Splunk Condition Search

Let's say im running a search where I want to look at domains traveled to. index=web_traffic sourcetype=domains dom...

by Path Finder in

non-compliant naming convention for workstations

Hello, I want to detect workstations authenticated to the active directory that are not compliant with our naming c...

by Loves-to-Learn in

ERROR Unable to get apikey from firewall: local variable 'username' referenced before assignment

I am trying to use my windows event data to update users ID on panorama, however, running the below query in my es en...

by Observer in

SPL to find the src to dest traffic

Hi, Need an spl from src_ip to dest_ip would like to know the dest_url, logs and outbound traffic size.

by Builder in

Splunk search - logs retrieval limitation

While doing a splunk search using a splunk query and retrieving logs in an automated matter, the job extraction only ...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

Passing multiselect token to the macros

How to Map fields to sourcetype

Blacklisting the hypen processname using REGEX

Passing multiselect values to macros

How to extract using rex

Loading notification on Dashboard

timeseries using an OR text search

Autochoose dropdown (dropdown2) Item from another dropdown (dropdown1)

Extract a specific value and make a visualization with time

To find the day for include/exclude weekends in search

Update lookup file values dynamically

How to read a field value which field name is in another field?

Record Numbers

Syntax Error while using "distance" command

I want create table view

AWS User last login

Filtering 2 fields with multiple values

rex from the multivalue fields and get one particular value

How do I search for Filed Values in a Different Multi-Value Field

Find days with no events

Splunk Condition Search

non-compliant naming convention for workstations

ERROR Unable to get apikey from firewall: local variable 'username' referenced before assignment

SPL to find the src to dest traffic

Splunk search - logs retrieval limitation

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...