Splunk Search

Discussions

Thread Info

Tracking a transaction where the ID changes part way through

I'm attempting to track a mule transaction where the correlation ID changes part way through the request, I would nor...

by Explorer in

Need help correlating different events to meet an ultimate condition

I have these three different searches: A search to display when users create a new user account A search to displa...

by Explorer in

How append will act if the first search return nothing?

I want to search for a phone number among multiple indexes and I use append to combined the result together but what ...

by Explorer in

How to Filter on Null Values?

Hello, I am trying to filter on null values for the field called Device. None of the following searches below work- c...

by Path Finder in

How to predict a 4th value based on 1,2,3 values in splunk machine learning tool kit i have been asked to give the 4th value as well to predict 4th value. In my case I don't have the 4th value.

How to predict a 4th value based on 1,2,3 values in splunk machine learning tool kit i have been asked to give the 4t...

by New Member in

How to edit my search that looks over the last 7 days but displays each day?

I have been asked by Legal to get login logoff time for colleagues with in certain time frames usually very specific ...

by Path Finder in

Search with input lookup

Hi Team, Need Help on run search checking server live or not using lookup boxdata box_env box_live_state box_lo...

by Path Finder in

How do you create 2 variables Y axis column chart?

Hello, I want create a column chart with 2 y-axis variables (AP and FP). I want AP to be the number of bars on the X ...

by Explorer in

How do I extract the second from _time?

How do I find whether the time stamp of an event covers a specific second within a day? So, we need to identify all t...

by Ultra Champion in

evaluate values from two different lookups

I have a lookup file assignment_schedule containing below sample data assignment_group task_order schedule ...

by Explorer in

Joining with two unrelated tables

I have two tables The first table has a list of Categories. The Second table has a list of Offices. Such as C...

by Motivator in

How to compare two field values and return a new field with a percent match between the two?

I would like to compare two field values and return a new field with a percent match between the two. Current search...

by New Member in

Date Conversion

Hi, How to convert this SQL statement to SPL pls select DateDiff(day, ga.Initial_L1_Decision_Date, Close_date) as...

by Explorer in

How to find a specific user in an Active Directory lookup using ldapsearch command?

I have the following ldapsearch | ldapsearch domain="PROD" search="(&(objectClass=group)(cn=DSMS Operations))" | ...

by Path Finder in

Necessary to order db query by rising column?

Is it necessary to include an ORDER BY $rising_column$ in my database tail query? This can be very expensive on a lar...

by Motivator in

How to exclude the Windows events with Splunk process before indexing?

Hi, I see a lot of events in Windows logs with Process splunk-regmon, powershell etc. Is there a way to exclude th...

by Builder in

Timeseries data - average age of user

Hi all - I have a dataset that tracks server access. Every time a server makes a request an event is generated. A ...

by Contributor in

Top command based on lookup result

The following search will give the count of attacks by attacker_IP and destination branch. index=waf Name=block ...

by Path Finder in

ticket count every open months

how can i count "several" tickets as "OPEN" every month including when it was created(create_date, mmddyyyy) to the m...

by Explorer in

How to rename multiple field names with certain criteria

How do I replace the MB in each field name with GB ?? _time XXX-XX-MB XXX-XXX-MB XXXXXXMB_XX_XXX 1 2017-07-...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Tracking a transaction where the ID changes part way through

Need help correlating different events to meet an ultimate condition

How append will act if the first search return nothing?

How to Filter on Null Values?

How to predict a 4th value based on 1,2,3 values in splunk machine learning tool kit i have been asked to give the 4th value as well to predict 4th value. In my case I don't have the 4th value.

How to edit my search that looks over the last 7 days but displays each day?

Search with input lookup

How do you create 2 variables Y axis column chart?

How do I extract the second from _time?

evaluate values from two different lookups

Joining with two unrelated tables

How to compare two field values and return a new field with a percent match between the two?

Date Conversion

How to find a specific user in an Active Directory lookup using ldapsearch command?

Necessary to order db query by rising column?

How to exclude the Windows events with Splunk process before indexing?

Timeseries data - average age of user

Top command based on lookup result

ticket count every open months

How to rename multiple field names with certain criteria

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...