Splunk Search

Discussions

Thread Info

How to achieve top 10 src_ip's along with top 10 urls for each src_ip?

I'm trying to run a query to figure out the top 10 src_ip's along with their top 10 urls visited. When I try the belo...

by Engager in

How to clean up query for top 10 urls of top users?

I'm currently building a query that reports the top 10 urls of the top 10 users. Although my current query works, I w...

by Explorer in

Suggestions for Tenable .csv field extraction

Within the tenable:sc:vuln sourcetype there is a particular field "PluginText" that has a value for hardware serial n...

by Path Finder in

How do I modify x-axis values to display date only for each column?

Hi, how can I modify x-axis in order to display date only for each column. query | eval finish_...

by Path Finder in

How to add field from a lookup in an index search and displaying the result

Hello, I have a lookup on which we have two columns, one with the computer name and the other with the OS version....

by Explorer in

Host field missing in events coming from a particular machine- How do I find host field information?

I am not able to find the host field information for the events coming from a particular machine. This is related to...

by Explorer in

How to concatenate Dynamic multivalue fields to single value fields?

Hi all, I have events coming in that have multivalue fields, but not always the same fields are multivalue. I want...

by Engager in

How to convert at InfluxDB SQL query to a Splunk SPL search?

We have a FIG (fluentD/InfluxDB/Grafana) setup in which we want to change the IG part to Splunk. We have several dash...

by New Member in

Is there any way to use all returned values under a certain field in a search?

Let's say I have a multivalue fieldA and a fieldB. I know you can do something like "| where field=value" in a search...

by Engager in

Why are Tokens not getting recalculated on changing the form value?

Hi team, As per my requirement, on changing a particular form element [Token 1] , a set of other tokens [Token2,To...

by Engager in

How to try to search for new MFA factors with DUO?

I'm trying to find any new MFA factors(DUO) used by any user in the past X days in order to create an alert. As an e...

by Engager in

How to compare and generate percentage from two lookup fields?

file1.csv and file2.csv with a common field of "Tests". Wanting to compare File2 field "Tests" against file1.csv fiel...

by Path Finder in

How to Extract multiple 10-digit numbers from field2

Hi, Novice splunker here. My search only extracts 1st 10-digit number and my data contains atleast 4 or more 10-digi...

by Engager in

How to calculate time difference from 2022-07-14T09:05:08.21-04:00 format

Good Day,I need help to calculate the time difference for field "@timestamp" containing time format 2022-07-14T09:05:...

by Path Finder in

How to implement alert that need to consider state of past alert?

I need to first issue an alert for overheat temperature 24 hours in advance for the affected locations, for their for...

by Communicator in

Why does Xyseries drop duplicates?

index=a host="b" source="0*_R_S_C_ajf" OWNER=dw*|eval ODate=strptime(ODATE,"%Y%m%d")|eval ODATE=strftime(ODate,"%Y-%m...

by Path Finder in

How to achieve field extraction to list domain admins from AD logs?

I have been trying to extract a field to list domain admins from AD logs. The logs have all the admins starting with ...

by Explorer in

How to transform above result into below table?

index="*dockerlogs*" source="*gps-request-processor-dev*" OR source="*gps-external-processor-dev*" OR source="*gps-ar...

by Explorer in

How to achieve conditional eval/searchmatch or subsearch result based on the value of another field?

I have a scenario where I am analyzing the format of a given string to determine what the name of the format is (e.g....

by Contributor in

How to add new fields to certain events via _meta?

Hi Splunkers, I try to get a new internal field "_application" added to certain events. So i added a new field ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to achieve top 10 src_ip's along with top 10 urls for each src_ip?

How to clean up query for top 10 urls of top users?

Suggestions for Tenable .csv field extraction

How do I modify x-axis values to display date only for each column?

How to add field from a lookup in an index search and displaying the result

Host field missing in events coming from a particular machine- How do I find host field information?

How to concatenate Dynamic multivalue fields to single value fields?

How to convert at InfluxDB SQL query to a Splunk SPL search?

Is there any way to use all returned values under a certain field in a search?

Why are Tokens not getting recalculated on changing the form value?

How to try to search for new MFA factors with DUO?

How to compare and generate percentage from two lookup fields?

How to Extract multiple 10-digit numbers from field2

How to calculate time difference from 2022-07-14T09:05:08.21-04:00 format

How to implement alert that need to consider state of past alert?

Why does Xyseries drop duplicates?

How to achieve field extraction to list domain admins from AD logs?

How to transform above result into below table?

How to achieve conditional eval/searchmatch or subsearch result based on the value of another field?

How to add new fields to certain events via _meta?

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Splunk logs multiple lines as a single event

Splunk searches using lookup might get affected if...

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?