Splunk Search

Discussions

Thread Info

Data masking

HI , i want to masking the cookie value in the the log file i just write the regx but its not displaying the data bef...

by Path Finder in

transaction calculate duration betweeen 2 events

I'm trying to use transactions to generate a timeline of events where the events are grouped by an eventId I'm rec...

by Communicator in

Use Join but also display non matching datasets

I'm currenty trying to combine data from our firewall and sysmon which is running on a testclient. I want to join the...

by Engager in

How to Extract value from Source Field

Hi, I want to Extarct Filed from Source file and Below are some Sorce file. /opt/si/logs/taopwssid1/admin/paas...

by Engager in

how to show 0 when no search result found

after succeed with "Infected files:" | rex field=_raw "Infected files: (?<Infected>\d*)" | convert timeformat="%Y-...

by Explorer in

moving rex to props and transforms not woking

Hi, I am monitoring print events from windows event logs using WinEventLog:Microsoft-Windows-PrintService/Operational...

by Path Finder in

Connect two points on map based on two coordinates

Hello, I have this search: index=ip | lookup list.csv pop as POP_A OUTPUTNEW LAT as LAT_A LON as LON_A | lookup li...

by Path Finder in

Using the like operator for raw text

Hi Can someone help me with a query please. So I have a field called message which displays the following: "mes...

by Engager in

How to edit my search to find the time frame window with the least amount of events?

Hi there, I am trying to return the top 3 results of three hour windows where an event is least likely to happen b...

by New Member in

What is the best way to get the running average and standard deviations for external port connects?

So I am looking at cisco asa logs and wondering what the best way method would be to create an alert when the number ...

by Contributor in

Extract data for last 3 months

Hi All, I am searching from a csv lookup. The CSV contains fields --> 1. Reporting Month & Year -->17-Jan, 17-Feb...

by Engager in

How can I reset the "search timeframe" based on data in results?

Is there any way to "reset" the "search timeframe" so that all the "commands that bin" will honor a new "search timef...

by Contributor in

How to create a line chart with 2 lines

Hi, We have a Database query which runs on every 15 minutes and provide event results with a field by name NumOfO...

by Path Finder in

How to search for all Indexes and sort by amount indexed per day / license ?

I'm trying to write a search where I can list all indexes in our Splunk environment, and ingestion rate per day. i.e....

by Path Finder in

restful call search Data format

|rest /services/authentication/users splunk_server=local |stats count by updated in this search how could we get the ...

by Path Finder in

How to plot a line graph to display state change of machines based on timestamp?

We have a list of machines in our system with their state change as On or Off along with timestamp. 2017-07-11 12:...

by Explorer in

Syntax for 'top x entries per y'

I am trying to find the top 5 UrlDestHosts per IP address for the top 25 ip addresses. I have a search which returns ...

by Path Finder in

Compare unknown number of fields with previous values

Hi all, This is a challenge.... I do have some basic SPL knowledge but I can't get my head around this one. I have...

by Path Finder in

How to make regex not search specific fields?

Basically, I want to perform a regex search for a number that is, for example, 50 digits long, but I know for sure th...

by Explorer in

Multi-line event and props.conf

I've got something that is confusing me. I've got a file, /logs/oud_ds/audit, of raw events that looks like this #...

by Contributor in

Search lookup for non-matching values

I have the following search (MySearch), which is tied to an alert. index=exchange_smtp Context=authenticated OR E...

by Engager in

Substring of URL in own field - remove everything prior to first / and everything after ?

I am trying to pull out a substring from a field and populate that information into another field. Its a typical URL ...

by Explorer in

Comma separated field value, adding a carriage return

Hi folks, I think this should be easy, but it is hard to search for the solution because the terms I'm using are b...

by Communicator in

how to rex field number of infected file for clamav scan report?

Jul 10 06:59:22 icopenstack01 clamav[9040]: Infected files: 0 source = /var/log/remote/icopenstack01.log sourcetype =...

by Explorer in

How do you make output from xyseries generate the same _time-based X-axis labels as timechart?

The following search: sourcetype=my_log_type | timechart count by conn_type generates the chart I want, with o...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Data masking

transaction calculate duration betweeen 2 events

Use Join but also display non matching datasets

How to Extract value from Source Field

how to show 0 when no search result found

moving rex to props and transforms not woking

Connect two points on map based on two coordinates

Using the like operator for raw text

How to edit my search to find the time frame window with the least amount of events?

What is the best way to get the running average and standard deviations for external port connects?

Extract data for last 3 months

How can I reset the "search timeframe" based on data in results?

How to create a line chart with 2 lines

How to search for all Indexes and sort by amount indexed per day / license ?

restful call search Data format

How to plot a line graph to display state change of machines based on timestamp?

Syntax for 'top x entries per y'

Compare unknown number of fields with previous values

How to make regex not search specific fields?

Multi-line event and props.conf

Search lookup for non-matching values

Substring of URL in own field - remove everything prior to first / and everything after ?

Comma separated field value, adding a carriage return

how to rex field number of infected file for clamav scan report?

How do you make output from xyseries generate the same _time-based X-axis labels as timechart?

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

How to Monitor Google Kubernetes Engine (GKE)

Index This | How can you make 45 using only 4?

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6