Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

relating AD logs with DHCP

Hi, I am trying to add a IP address hint to the Active Directory logs. I know it isn't completely reliable, but it...

by Communicator in

field extraction from raw data

Hi There, I have below data that i will like to extract as key-value pair from a custom event source i have create...

by Path Finder in

I would like group result

I have this request : sourcetype="accouting" fichier="*.log" | stats count by fichier Here is the result : ...

by Engager in

How can group age?

Dear All, I have data like age count 23 76 24 154 25 168 26 140 27 132 28 156 29 152 30 167 31 144 32 ...

by Contributor in

User Agent regex

I'm trying to create a regex to match the user agent from the following logs. Beginning with "Mozilla/*" and ending a...

by Path Finder in

Search Language variable for search duration

Hello, I was curious if there was a way to reference a search duration for use within the search? Primarily for use i...

by Path Finder in

Preventing format from being called on a subsearch

Hello, I have a macro (a subsearch enclosed in square brackets) that I use to filter my initial search. I would li...

by Builder in

Where to put extract statement

Hi, I am processing some logs on a universal forwarder, which then sends the data to some indexers, which are sear...

by Champion in

I have summary data in the logs from a custom application, I would like to further aggregate my data an make it compatible with sistats output

I need to take already summarized data in the logs, aggregate it from a large group of servers, and build an si-type ...

by Explorer in

transforms.conf – supporting alternatives in REGEX and numbering the alternative-groups in the FORMAT lines

In the transforms.conf file, how do I support the alternatives on the REGEX line with the corresponding FORMAT line g...

by Explorer in

How do i Map out data on Google Maps

Hi everyone, I am very new to splunk and im trying to map out some car park relevant data on Google Maps app but to n...

by New Member in

Real time dashboard data not refreshing.

I've created a the following search that returns results when first run using 5 minute real time from the time picker...

by Contributor in

Looking for a way to create better tables for large file

sourcetype="AAACDR" bob.com TotalBytes > 0 | convert timeformat="%j" ctime(EventTime) AS day | table User, day, Total...

by New Member in

Up Down status from a Pre Defined List

Hi All, Below is my requiremnt , I have a CSV file which is quite big but in the belwo format Ips,Name 10.10.10...

by New Member in

Lookup table challenges

Tried experimenting with the Http Status codes example in the documentation for lookup tables. This is the error. ...

by Communicator in

Display last 20 lines from search query

I'm searching for a particular keyword in Splunk & now that I found the results in Splunk, I need to see last 20 line...

by Path Finder in

Temporary relocating the dispatch folder.

I am trying to move a massive amount of events from the main index to a dedicated index for the sourcetype. I am tryi...

by Communicator in

matching multiple constraints in a transaction

I need to find hosts on which Event B occurred within three minutes of Event A. I'm trying to use transaction, but I ...

by Builder in

Traffic getting to server, but not getting splunk'd.

I have an ASA firewall sending data to my splunk server (syslog port 514). When I run tcpdump... tcpdump -i eth1 h...

by New Member in

Actual Searches of Concurrent Searches

I have been looking into usage metrics for my companys Splunk deployment with the aim of analysing users searches and...

by Path Finder in

Splunk Search

Discussions

relating AD logs with DHCP

field extraction from raw data

I would like group result

How can group age?

User Agent regex

Search Language variable for search duration

Preventing format from being called on a subsearch

Where to put extract statement

I have summary data in the logs from a custom application, I would like to further aggregate my data an make it compatible with sistats output

transforms.conf – supporting alternatives in REGEX and numbering the alternative-groups in the FORMAT lines

How do i Map out data on Google Maps

Real time dashboard data not refreshing.

Looking for a way to create better tables for large file

Up Down status from a Pre Defined List

Lookup table challenges

Display last 20 lines from search query

Temporary relocating the dispatch folder.

matching multiple constraints in a transaction

Traffic getting to server, but not getting splunk'd.

Actual Searches of Concurrent Searches

count Events per minute but only for same users

Device inventory based on logins

Fieldformat didn't work with foreach

How to display a unit format and a color format in...

Changing the background of Single Value Viz. with ...