Splunk Search

Discussions

Thread Info

can we monitor our devices under splunk ?

I want to be able to monitor all the devices including unix servers, windows, network and firewall devices under Splu...

by Path Finder in

How to index a file without extracting fields?

I'm trying to index a file but I don't want Splunk to try to extract interesting fields. Or if it does, I want the fi...

by New Member in

String split to the same field

Hi, I am doing some email count analysis and run into the following problem. For inbound email the recipients fie...

by Path Finder in

How to rex a uri path in order to get a filename with certian extensions lik .pdf .exe .zip

Right now Im using rex field=cs_uri_path "^.*\/(?[^.\/]+.(?:[^.\/]){3,4})$" but im missing files like blah.1.0...

by Explorer in

How is regex in whitelist of inputs monitor for indexing file to start with special characters?

I try to index sybase logs which are located in /sybase/SID/ASE-1(5|6)_0/install/SID.log (SID is variable System-ID) ...

by Path Finder in

How do I convert this string into a timestamp? the convert and eval functions don't work.

I have the following string: 20170306155556+0000 Splunk doesn't seem to understand that format. I've tried str...

by Communicator in

How do I connect to a local SQLite database?

Hi all, This has been asked before, but I have yet to find an answer on Splunk Answers that details the actual ste...

by Communicator in

Add specific fields into the timechart OTHER category.

I'm generating a report of the daily usage of my users indexes over the past week using this search: earliest=-7d@...

by Path Finder in

Create Scatter Diagram That Show Data Fall Within Average Range

Hi all, i try to create a scatter diagram that will show idea range of values and how many fall within it. I try use ...

by Engager in

multiple search queries in one panel

Can anyone help simplify attached XML to display result in one panel as described below Current Result 3 pane...

by Engager in

Excute sql statement on splunk db connect

Hi All, am connected to oracle database & am trying to get data from it using splunk dbconnect, amd trying to excu...

by Explorer in

How to setup multiple SQL statements in a single DB Connection input

Hi Everyone, I am creating DB inputs in the Splunk DB Connector 3.0.2. I would like to run 2 sql statements or pos...

by Explorer in

indexer search limits reached

Hi, When i ran a command which will fetch the events from last 7 days from a host , splunk is throwing below messa...

by Path Finder in

Creating local temporary file creates Checksum mismatch

Hello, I'm trying to create an app that runs a script that executes an app, and the app creates a log file that I'...

by Explorer in

How to count hosts that have a field value of ((X OR Y) AND (A OR B)), over the course of time?

I am looking to find hosts that have two field values over the course of time for the search, for example a week. ...

by Path Finder in

How to use rex to extract values from URLs into a field?

Hello all, From the following list http://www.foo.com:80/main.html http://www.foo.com:80/xe/journal/v1/book/nF1...

by Path Finder in

How to pass unused fields in an outer search?

Hello, I need to execute a search where the 5 fields from one search would be used to search another data. Also, I...

by Explorer in

How to identify symantec ep av logs in splunk

Can any one tell how we can identify the symantec EP old av logs and will be there any source to pull these logs ?

by Explorer in

kvstore lookups and efficiency

I wanted to get peoples thoughts on using multiple data sources in Splunk and whether it’s worth doing some processin...

by Builder in

searching bro_dns answers{} array

bro_dns shows the results of a dns query as what I presume is an array, for example: answers: [ [-] mt-ingestion-...

by Explorer in

How to update a lookup file with top command results?

Hi, I have lookup file with host and count fields as below host.csv host count ----------------- host1 10 h...

by Explorer in

Display Avg Column

sourcetype="email_process" | eval processing_time_in_seconds = processing_time/1000 | table email, processing_time ,p...

by New Member in

How do I combine my two alerts into a single search?

The use case involves two alerts: ALERT 1: raising the alert when more than 4 systems got affected with the same v...

by Engager in

How to create a search to display with traffic on Splunk source and destination ports?

help me with Splunk search to display the traffic on Splunk source and destination ports.

by Communicator in

How can I update tags and corresponding permissions from a lookup table via Search Processing Language?

Hi, I have a list of hosts which are maintained and updated via a lookup table. Is it possible in Search Processing L...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

can we monitor our devices under splunk ?

How to index a file without extracting fields?

String split to the same field

How to rex a uri path in order to get a filename with certian extensions lik .pdf .exe .zip

How is regex in whitelist of inputs monitor for indexing file to start with special characters?

How do I convert this string into a timestamp? the convert and eval functions don't work.

How do I connect to a local SQLite database?

Add specific fields into the timechart OTHER category.

Create Scatter Diagram That Show Data Fall Within Average Range

multiple search queries in one panel

Excute sql statement on splunk db connect

How to setup multiple SQL statements in a single DB Connection input

indexer search limits reached

Creating local temporary file creates Checksum mismatch

How to count hosts that have a field value of ((X OR Y) AND (A OR B)), over the course of time?

How to use rex to extract values from URLs into a field?

How to pass unused fields in an outer search?

How to identify symantec ep av logs in splunk

kvstore lookups and efficiency

searching bro_dns answers{} array

How to update a lookup file with top command results?

Display Avg Column

How do I combine my two alerts into a single search?

How to create a search to display with traffic on Splunk source and destination ports?

How can I update tags and corresponding permissions from a lookup table via Search Processing Language?

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

Logs to Metrics

Developer Spotlight with Paul Stout

dashboard time token with multiple ealiest/latest ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...

Write Splunk log with Laminas