Splunk Search

Ask a Question

Discussions

Thread Info

How to keep Distinct fields correlated after merging with Stats command?

Quick explanation of my Data format: Sourcetype "A" Field_ID, Field_Name Sourcetype "B" Field_ID, Interesting_F...

by Explorer in

How to pull the event or logs from Trend micro deep security for splunk

Hi Team, we have installed the Trend micro deep security for splunk and not getting any logs form trend micro. Co...

by Explorer in

How to append a total row for a column chart?

Hi, so I currently have a column chart that has two bars for each day of the week, one bar is reanalysis and one is r...

by Path Finder in

Why is my search not returning any results?

Can anyone tell me why I am not returning any results? index=nessus cve=* | eval CVSS_SCORE = cvss_base_score + cv...

by Path Finder in

Is it possible to use wildcards to search by the last letter of a string?

I am looking for specific usernames in my data set that end in "a". What would the syntax be to search the username f...

by New Member in

How to create a table listing users and unique values for other associated fields as HostName or Access?

I have the following fields: User HostName Access User A machine A SSH User A machine A VPN User A machine B SSH U...

by Influencer in

How can I select the index to search dynamically?

I want to say | eval my_index=(something, probably using if) | append [index=(whatever my_index is)] How can I...

by Path Finder in

How handle case-sensitive results from a subsearch?

I have created a dashboard that allows me to search my sendmail logs for some component of a mail transaction (e.g. m...

by Engager in

two action against source IP

I have top 5 source IP dashboard, I want to perform two action 1- when i select source IP it shoud go to external...

by Communicator in

I need to display all the values in the below search

index="index1" PROJECTNAME="*" ( OBJECT_TYPE="*" OR OBJECT_TYPE="*" ) | dedup PROJECTNAME OBJECT_TYPE NAME |map [sea...

by Explorer in

'rex' command in 6.6.2 Splunk

I am trying to use the 'rex' command in one of our searches but not successful, the same search was working 1 month b...

by Path Finder in

Search Factory: Unknown search command 'vt'.

Hi Team, We have installed Virus Total Checker app as well as Enterprise Security Suite App in our Search Head ser...

by Path Finder in

show data as in the order defined in query

I have a chart shows counts of Policies under different Policy Amount ranges (eg: 10000-50000). Query: index|rena...

by Communicator in

How to merge rows in a table column if the value is repeating?

I need to merge rows in a column if the value is repeating. My search output gives me a table containing Subsystem...

by Path Finder in

How to remove all identical events and keep the latest event for each different timestamp in a transaction search?

We tried this search below: index=test | eval dup=_raw | convert ctime(_time) as T1 | transaction dup mvlist=t ...

by Observer in

query is reaching memory limit and auto-finalizing, is there a way to optimize the query and prevent this from happening?

Query : index=INDEXA earliest=-7d@d latest=@d sourcetype=GHI "service=randomservice" (api_name=API1 OR api_name=API2 ...

by Explorer in

How to use the Rex command with text copied from Field Extractor?

Hello all, I've used the field extractor to pull out the following field, but because the permissions are a little...

by Explorer in

Stats Count not returning expected Results - Difference in count over single date and span covering same date

HI Guys, Just noticed something a little strange, I am running a query to cont the number of a certain transactio...

by Path Finder in

How to edit my search to list jobs in a table per user, per day?

Hello, One of my co-workers is using a search to make a table listing the days the events of interest took place, ...

by Path Finder in

How to get a Line Chart with 3 Split by Clauses?

I have a set of lab samples that have a Percent value measured in 3 different locations across the sample, identified...

by Path Finder in

How to find and stop real time searches running on indexers?

Hi there, I am seeing some real time searches running on indexers. Can I please know how real time searches are ru...

by Path Finder in

How to add the duration of the last event in a transaction to the total duration?

I am trying to use the transaction command to group events within 5 minutes of each other, and have set up fields to ...

by New Member in

How to set a Variable from an Eval match?

I am trying to set a new variable for each event, by using the eval command. Maybe I should a different command? I...

by Path Finder in

Variable in eval for URL

I'm sure this is fairly simple to do, just can't seem to find the right way to do this. Let's say that I have a se...

by New Member in

Timechart - Replace "No Results Found" with "No Activity for Today"

Hello (again), To go along with my previous question regarding using span=10 minutes using the following search: i...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to keep Distinct fields correlated after merging with Stats command?

How to pull the event or logs from Trend micro deep security for splunk

How to append a total row for a column chart?

Why is my search not returning any results?

Is it possible to use wildcards to search by the last letter of a string?

How to create a table listing users and unique values for other associated fields as HostName or Access?

How can I select the index to search dynamically?

How handle case-sensitive results from a subsearch?

two action against source IP

I need to display all the values in the below search

'rex' command in 6.6.2 Splunk

Search Factory: Unknown search command 'vt'.

show data as in the order defined in query

How to merge rows in a table column if the value is repeating?

How to remove all identical events and keep the latest event for each different timestamp in a transaction search?

query is reaching memory limit and auto-finalizing, is there a way to optimize the query and prevent this from happening?

How to use the Rex command with text copied from Field Extractor?

Stats Count not returning expected Results - Difference in count over single date and span covering same date

How to edit my search to list jobs in a table per user, per day?

How to get a Line Chart with 3 Split by Clauses?

How to find and stop real time searches running on indexers?

How to add the duration of the last event in a transaction to the total duration?

How to set a Variable from an Eval match?

Variable in eval for URL

Timechart - Replace "No Results Found" with "No Activity for Today"

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...