Splunk Search

Discussions

Thread Info

How do I create a time chart that predicts based on the values inside the search field?

I am trying to create a search that looks through some logs and creates a time chart based on the search field which ...

by Explorer in

How to get the 6 month ago column from field in lookup?

Hi, I have a column named Month in lookup file For example, Month 2017/02 2017/01 2017/01 2017/01 2016/12 2016...

by Explorer in

rex over 2 lines with 2 combined search phrases

I'm facing a problem with rex and working through many many threads which didn't help me to solve this issue. I ha...

by New Member in

How to color columns based on a variable?

I am charting a Product ID v/s count in a column chart I want to color the columns in red and green. Red if the PID i...

by New Member in

How to create a multivaluefield from fieldnames with a specific pattern?

Hi, let's say we have events with fields like: Event A: payload.productName1: payload.productName2: Event ...

by Motivator in

How to edit my search to show the count of a field per country?

I have a search below that shows the number of events by Country. I want to show the count of each dest_port per coun...

by Path Finder in

How do I iterate and match values within a column of my search result?

So, to start with, I have a table like this. Person role Time abc DBA 15-5-2017 abc SE 15-5-2017 xyz blahblah 14-2...

by Path Finder in

Help me with search query command

help me with JOIN query for my usecase i have index=abc sourcetype=abc index=abc sourcetype=pqr In sourcetype=abc...

by Communicator in

Metadata fields of custom search command

Hi guys, could you give me a documentation of the metadata fields of the custom search command? Im searching for s...

by New Member in

Writing a search that will catch sourcetypes that have logged in x amount of time

We are wokring on coming up with a methd to detect data that stops coming in based on sourcetype. I believe I will wa...

by Builder in

Re-apply extraction during search time for access_combined_wcookie data source

Is there anyway to apply access_combined_wcookie extraction to some historical data during search time? Some of the d...

by New Member in

How to determine how long a search will run for?

I've been waiting for over an hour and my search is still running with over 50 million events so far. I'm tempted to ...

by Path Finder in

where and eval clause does not work with "AND" condition?

Firstly, with below search, there are events returned: |from datamodel foo.fooo |search Counterparty=abc Transacti...

by Path Finder in

stats on transaction

Hello, I wonder about how can I do stats operation like counting of something inside of a transaction? I have a...

by Path Finder in

How to search for a user and then be able to see the computer he/she is logging into?

How would i search for a user and then be able to see the computer he/she is logging into?

by New Member in

what does the coalesce and eval in my query do?

Could anyone explain what does the below search string means ? | eval fieldA=coalesce(abc, "def")

by Builder in

Sparkline and Trend Indicator splunk

Hi, I did Sparkline and Trend Indicator splunk as compared to lastweek. In the result it showing as 92 means in...

by Path Finder in

How can i concatenate fields in my data then compare?

I am trying to find problems created by imaged systems running Alertus software. Scenario: Client checks into Aler...

by Explorer in

My extracted field contains special characters in extracted value. How can I replace it with actual string value?

Hi, My extracted field contains some special characters instead of actual string. For ex: Email_Address is ...

by Explorer in

How to combine multiple fields?

I have multiple fields with the name name_zz_(more after this) How would I be able to merge all of the like tests ...

by New Member in

eval searchmatch command OR if command

Hi, I need some help. I have two fields that mark the status alert, PROBLEM and OK, I'm trying to compare them with t...

by New Member in

Do you have a better way to monitor brute force attacks on Linux Servers?

This is the Linux system's secure log（/var/log/secure）。I tried to crack the user and password to login SSH . now,I...

by Communicator in

limiting error per event

Hi, I am new to splunk and would like guidance about how to only count 1 occurrence of the word ERROR per event. ...

by New Member in

How to generate a search for new events based on index time not event timestamp?

I want to build a system where an external event consumer periodically pulls newly indexed events from Splunk on a sc...

by New Member in

Compute time difference between events

I have events like Event EndDateTime Launch 2017-05-16 13:00:00 . . . Open 2017-05-16 13:00:30 I want to subtra...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do I create a time chart that predicts based on the values inside the search field?

How to get the 6 month ago column from field in lookup?

rex over 2 lines with 2 combined search phrases

How to color columns based on a variable?

How to create a multivaluefield from fieldnames with a specific pattern?

How to edit my search to show the count of a field per country?

How do I iterate and match values within a column of my search result?

Help me with search query command

Metadata fields of custom search command

Writing a search that will catch sourcetypes that have logged in x amount of time

Re-apply extraction during search time for access_combined_wcookie data source

How to determine how long a search will run for?

where and eval clause does not work with "AND" condition?

stats on transaction

How to search for a user and then be able to see the computer he/she is logging into?

what does the coalesce and eval in my query do?

Sparkline and Trend Indicator splunk

How can i concatenate fields in my data then compare?

My extracted field contains special characters in extracted value. How can I replace it with actual string value?

How to combine multiple fields?

eval searchmatch command OR if command

Do you have a better way to monitor brute force attacks on Linux Servers?

limiting error per event

How to generate a search for new events based on index time not event timestamp?

Compute time difference between events

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...