Splunk Search

Thread Info

How to perform search using 2 csv file to match 2 different values 1from first csv and other values from second csv?

I have indexes created and i have 2 csv first is ipv6.csv and its has coulmn called ip and second csv is cmd.csv it c...

by Loves-to-Learn in

Search with limited time clause

Hello all, I'm quite new to the wonderful world of Splunk, but not new to monitoring or IT in general. We are optim...

by Engager in

How to create a table with multiple fields?

Hi, I want to create a table in the below format and provide the count for them.I have multiple fields in my index...

by Path Finder in

How to store multiple values in one token and pass into another search

I have "Product Brand" multiselect filter in a Splunk dashboard. It is a dynamic filter rather than static. I also ha...

by Explorer in

Using stolen or forged user tickets (TGT)

hi guys, I want to detect a service ticket request (Windows event code 4769) and one of the following corresponding e...

by Explorer in

How to use custom key field in tstats?

I'm having trouble capturing the custom key - "UserKey_ABC" in the following script. With the following code, I'm n...

by Path Finder in

Best tool in the toolkit to access and correlate multivalue fields

Hi all, I've worked with multivalue fields in a limited capacity and I'm having trouble with a particular instance. G...

by Path Finder in

Determined which host doesnt have a particular software installed

index=xxxx sourcetype="Script:InstalledApps" DisplayName="Carbon Black Cloud Sensor 64-bit" I am trying to get the ...

by Engager in

Why does "geom geo_us_states" search display a world map instead of North America map?

Working my way through the Splunk e-learning offerings, I came across a lab exercise where the resulting query was ...

by Engager in

Convert seconds in days, hours and minutes?

Hi, i have a duration in seconds and want to convert it to days, hours and minutes. The additional seconds should be ...

by Path Finder in

Need help with a splunk search with appendcols

I am trying to get data from 2 indexes and combine them via appendcols.The search is index="anon" sourcetype="test1" ...

by Communicator in

ldapsearch: Trying to search last 2 days in whenChanged attribute dynamically.

I need to run a daily ldap search that will grab only the accounts that have change in the last 2 days. I can hard co...

by Explorer in

How to split comma separated values in single event and make each value as one row of table with individual values

If I am having list of comma separated numbers in single splunk event field: I am having too many event fields lik...

by Loves-to-Learn Lots in

How to check if values are incremental by 1 for a specific category

If the above displayed data is the result for my stats command [stats values(Values) as Values by Category], how can ...

by Explorer in

Rex not yielding result

Data: {"Field1":"xxx","message1":"{0}","message2":"xxx","message3":{"TEXT":"xxxx: xxx\r\n.xxxxx: {\"xxxxx\":{\"@CDI\"...

by Explorer in

Hi, Splunk defaults to 1 hour per column, how can I change that to 1 min per column to get a more detailed view?

by New Member in

How to split a field having multiple lines into individual lines and finally display in table format

I have field in the event which has multi-line data (between double quotes) and I need to split them into individual ...

by Loves-to-Learn Lots in

Is there a way to enforce SPL formatting in URL?

Is it possible to add some parameters in Splunk URL so that after clicking the URL, the viewer will see a well format...

by New Member in

Lookup - Filter a search with lookup content

Greetings. I am quite new to Splunk and read a lot of sources. However, I have a hard time to find my answer abou...

by Engager in

Set alert search results to 0 or have my query not find any results on a particular day between 1 AM and 2 AM?

I have an idea and am looking for some input on how to approach it, where to start. As mentioned in the subject. I...

by Contributor in

Alert Based Off Current Event Duration

Goal: Being able to alert off the latest event if the event is more than 300 seconds and is not blank or "non-product...

by Explorer in

I need help working with a Lookup Table...

Hello again!I'm working with two different sources of data both tracking the same thing but coming from different sou...

by Path Finder in

Slow scanning

hi guys, I want to detect that more than 10 different ports of the same host are sniffed and scanned every 15 minutes...

by Explorer in

Enhancing Data with Field Extraction and Automated Lookups

Hello to all,i have the following Issue:I receive logs from an older machine for which I cannot adjust the logging se...

by Explorer in

Why is tstats not working on docker image datasets?

I'm totally and utterly new to splunk. Just ran the dockerhub sample, and followed the instructions: https://hub.dock...

by Engager in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

How to perform search using 2 csv file to match 2 different values 1from first csv and other values from second csv?

Search with limited time clause

How to create a table with multiple fields?

How to store multiple values in one token and pass into another search

Using stolen or forged user tickets (TGT)

How to use custom key field in tstats?

Best tool in the toolkit to access and correlate multivalue fields

Determined which host doesnt have a particular software installed

Why does "geom geo_us_states" search display a world map instead of North America map?

Convert seconds in days, hours and minutes?

Need help with a splunk search with appendcols

ldapsearch: Trying to search last 2 days in whenChanged attribute dynamically.

How to split comma separated values in single event and make each value as one row of table with individual values

How to check if values are incremental by 1 for a specific category

Rex not yielding result

Hi, Splunk defaults to 1 hour per column, how can I change that to 1 min per column to get a more detailed view?

How to split a field having multiple lines into individual lines and finally display in table format

Is there a way to enforce SPL formatting in URL?

Lookup - Filter a search with lookup content

Set alert search results to 0 or have my query not find any results on a particular day between 1 AM and 2 AM?

Alert Based Off Current Event Duration

I need help working with a Lookup Table...

Slow scanning

Enhancing Data with Field Extraction and Automated Lookups

Why is tstats not working on docker image datasets?

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...