Splunk Search

Discussions

Thread Info

Showing log counts by error type

Hello, I would like to make a stacked column chart with number of errors by hour and error type (warning, error, et...

by Explorer in

How to group the count of daily events by their month?

Hi and just reaching out as stumped. Very grateful for assistance. This query returns the following in the statistics...

by Explorer in

search for username that got most 403 status code

1) I want to list top 10 usernames those got most 403 status codes. for example a username named sigma got 2000 o...

by Path Finder in

Splunk commands

where can i find all the Splunk queries and how to use them?

by New Member in

How can I monitor user activity pattern search?

Hi,I'm trying to figure out the query to identify when users are connecting to the VPN or not.

by Builder in

Help with basic regex

Hi Is anybody can tell me what is the goal of this regex? | regex ImagePath="\\\\\\\\" As far as I know, it see...

by Motivator in

Logging Best Practises, non key=value pair

We generally follow a pattern of logging in a key=value pattern. I am curious if we should totally avoid logs that ...

by New Member in

Working with a json string

I've got a feed that is sending non-compliant json since spath doesn't work on it. I put together this search ...

by Contributor in

Splunk Query to Generate an n-event sample across sourcetypes in an index

Hi people, I wonder whether it is possible to run a query that generates a set of n-sample of events for each sourc...

by Communicator in

Check if the date in splunk message is between 2 dates

I have a splunk event with below format: { message { DATE: 2023-07-20T11:53:04 } } I want to find all t...

by Path Finder in

Performance issue with query

Hi, I have a query written to find average exceptions per device on monthly basis for my use case. The query retur...

by Explorer in

How to create a query that coverts a number into minutes hours and days?

I am getting a value from my data that a number buts actually the duration how do I convert into minuets hours and da...

by Explorer in

How many login attempts can be seen in the logs for username=admin?

I'm trying to complete the lab for my cybersecurity course. I googled few thing for this question, but this question ...

by New Member in

TA_browscap add-on giving an error when performing a lookup

Hello version 9.0.0 We are using v1.2 of the browscap add-on and are having issues with it performing searches. ...

by Engager in

Running search on 2 indexes using lookup table

Grateful if anyone can help or guide me in the right direction. I am running a search against a lookup table. The o...

by Engager in

Grouping events by specific field and generate timechart for both groups?

There is a complicated requirement for me, the splunk beginner. Hope you can give me some advice. The splunk versi...

by Observer in

What are lookups for INGEST_EVAL in distributed deployment?

Hi, Distributed deployment that includes SH Cluster and IDX Cluster, HEC on IDXs is used to receive the data.I wan...

by Engager in

Heavy Forwarder from two sources to two splunk clouds with different indexes?

I would like to forward logs from sources coming from udp inputs in a Heavy Forwarder to two splunk clouds with diffe...

by Loves-to-Learn Lots in

How do I create a table with each row has separate search?

I am beginner and i want to create something like this my Splunk search1 is index=XXX source="/opt...

by Loves-to-Learn in

How to get the time of the event when finding maximum event count that has happened in a minute over a time

I have a query to find the maximum event count that has happened in a minute over time as below index="xxx" "he...

by Explorer in

Join/lookup/subsearch on multiple fields with precedence?

We have a large (~500 line) report being used to calculate CVE scores and fill a summary index daily, with vulnerabil...

by Motivator in

How to extract the new field into interesting field from raw event?

Hi Team,we are trying to add new field as a display name into interesting field from below raw eventDisplayName: sam...

by Path Finder in

Why is eval case not evaluating fields?

Hi, i have a field with the models, like below, and with this info i want to define a new field like brand. ...

by Explorer in

How do I search field extraction for table?

Hi, I have below scenario. Image_Name and Name_Space are being ingested with below variations in table A. Image_na...

by Builder in

Dropdown panel issue- How do I get just one value in DIVISOR?

i have two drop down panels Basically when i select any value in Monitored statistics the Divisor value shoul...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Showing log counts by error type

How to group the count of daily events by their month?

search for username that got most 403 status code

Splunk commands

How can I monitor user activity pattern search?

Help with basic regex

Logging Best Practises, non key=value pair

Working with a json string

Splunk Query to Generate an n-event sample across sourcetypes in an index

Check if the date in splunk message is between 2 dates

Performance issue with query

How to create a query that coverts a number into minutes hours and days?

How many login attempts can be seen in the logs for username=admin?

TA_browscap add-on giving an error when performing a lookup

Running search on 2 indexes using lookup table

Grouping events by specific field and generate timechart for both groups?

What are lookups for INGEST_EVAL in distributed deployment?

Heavy Forwarder from two sources to two splunk clouds with different indexes?

How do I create a table with each row has separate search?

How to get the time of the event when finding maximum event count that has happened in a minute over a time

Join/lookup/subsearch on multiple fields with precedence?

How to extract the new field into interesting field from raw event?

Why is eval case not evaluating fields?

How do I search field extraction for table?

Dropdown panel issue- How do I get just one value in DIVISOR?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...