Splunk Search

Ask a Question

Discussions

Thread Info

How do I iterate and match values within a column of my search result?

So, to start with, I have a table like this. Person role Time abc DBA 15-5-2017 abc SE 15-5-2017 xyz blahblah 14-2...

by Path Finder in

Help me with search query command

help me with JOIN query for my usecase i have index=abc sourcetype=abc index=abc sourcetype=pqr In sourcetype=abc...

by Communicator in

Metadata fields of custom search command

Hi guys, could you give me a documentation of the metadata fields of the custom search command? Im searching for s...

by New Member in

Writing a search that will catch sourcetypes that have logged in x amount of time

We are wokring on coming up with a methd to detect data that stops coming in based on sourcetype. I believe I will wa...

by Builder in

Re-apply extraction during search time for access_combined_wcookie data source

Is there anyway to apply access_combined_wcookie extraction to some historical data during search time? Some of the d...

by New Member in

How to determine how long a search will run for?

I've been waiting for over an hour and my search is still running with over 50 million events so far. I'm tempted to ...

by Path Finder in

where and eval clause does not work with "AND" condition?

Firstly, with below search, there are events returned: |from datamodel foo.fooo |search Counterparty=abc Transacti...

by Path Finder in

stats on transaction

Hello, I wonder about how can I do stats operation like counting of something inside of a transaction? I have a...

by Path Finder in

How to search for a user and then be able to see the computer he/she is logging into?

How would i search for a user and then be able to see the computer he/she is logging into?

by New Member in

what does the coalesce and eval in my query do?

Could anyone explain what does the below search string means ? | eval fieldA=coalesce(abc, "def")

by Builder in

Sparkline and Trend Indicator splunk

Hi, I did Sparkline and Trend Indicator splunk as compared to lastweek. In the result it showing as 92 means in...

by Path Finder in

How can i concatenate fields in my data then compare?

I am trying to find problems created by imaged systems running Alertus software. Scenario: Client checks into Aler...

by Explorer in

My extracted field contains special characters in extracted value. How can I replace it with actual string value?

Hi, My extracted field contains some special characters instead of actual string. For ex: Email_Address is ...

by Explorer in

How to combine multiple fields?

I have multiple fields with the name name_zz_(more after this) How would I be able to merge all of the like tests ...

by New Member in

eval searchmatch command OR if command

Hi, I need some help. I have two fields that mark the status alert, PROBLEM and OK, I'm trying to compare them with t...

by New Member in

Do you have a better way to monitor brute force attacks on Linux Servers?

This is the Linux system's secure log（/var/log/secure）。I tried to crack the user and password to login SSH . now,I...

by Communicator in

limiting error per event

Hi, I am new to splunk and would like guidance about how to only count 1 occurrence of the word ERROR per event. ...

by New Member in

How to generate a search for new events based on index time not event timestamp?

I want to build a system where an external event consumer periodically pulls newly indexed events from Splunk on a sc...

by New Member in

Compute time difference between events

I have events like Event EndDateTime Launch 2017-05-16 13:00:00 . . . Open 2017-05-16 13:00:30 I want to subtra...

by Path Finder in

Lookup in splunk

I want to use lookup in splunk . I am very new to lookup command . I have uploaded a csv file , suppose named lookupf...

by Explorer in

Pleasse help me with IF then ELSE condition in search query

If my search result has any count I want to append my search with OUTPUTCSV command else null. Something like if J...

by New Member in

How to search my JSON data to output Name, Sum(items_sold), and grouped by Name?

I've following JSON format data...below is one sample record. I'm looking for output in the format [ name , sum(items...

by Path Finder in

extract a string into readable datetime format

Hi, I have string in a format as "YYYYMMDD.HHMM" i.e. 20140120.1815 I want to display this in any readable date t...

by Builder in

Issue with strptime and strftime

I have a time input like below, Mon Jul 13 09:30:00 PDT 2015 | eval human_readable_time= strftime(strptime(my_...

by Explorer in

How to filter a multivalue field so it returns results containing 3 or more values?

Hello, thanks in advance for the help. I'd like to filter a multivalue field to where it will only return results tha...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do I iterate and match values within a column of my search result?

Help me with search query command

Metadata fields of custom search command

Writing a search that will catch sourcetypes that have logged in x amount of time

Re-apply extraction during search time for access_combined_wcookie data source

How to determine how long a search will run for?

where and eval clause does not work with "AND" condition?

stats on transaction

How to search for a user and then be able to see the computer he/she is logging into?

what does the coalesce and eval in my query do?

Sparkline and Trend Indicator splunk

How can i concatenate fields in my data then compare?

My extracted field contains special characters in extracted value. How can I replace it with actual string value?

How to combine multiple fields?

eval searchmatch command OR if command

Do you have a better way to monitor brute force attacks on Linux Servers?

limiting error per event

How to generate a search for new events based on index time not event timestamp?

Compute time difference between events

Lookup in splunk

Pleasse help me with IF then ELSE condition in search query

How to search my JSON data to output Name, Sum(items_sold), and grouped by Name?

extract a string into readable datetime format

Issue with strptime and strftime

How to filter a multivalue field so it returns results containing 3 or more values?

Developer Spotlight with Brett Adams

Index This | What can you do to make 55,555 equal 500?

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

How to use "case" command with count?

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...