Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How can i concatenate fields in my data then compare?

I am trying to find problems created by imaged systems running Alertus software. Scenario: Client checks into Aler...

by Loves-to-Learn Everything in

My extracted field contains special characters in extracted value. How can I replace it with actual string value?

Hi, My extracted field contains some special characters instead of actual string. For ex: Email_Address is ...

by Explorer in

How to combine multiple fields?

I have multiple fields with the name name_zz_(more after this) How would I be able to merge all of the like tests ...

by New Member in

eval searchmatch command OR if command

Hi, I need some help. I have two fields that mark the status alert, PROBLEM and OK, I'm trying to compare them with t...

by New Member in

Do you have a better way to monitor brute force attacks on Linux Servers?

This is the Linux system's secure log（/var/log/secure）。I tried to crack the user and password to login SSH . now,I...

by Communicator in

limiting error per event

Hi, I am new to splunk and would like guidance about how to only count 1 occurrence of the word ERROR per event. ...

by New Member in

How to generate a search for new events based on index time not event timestamp?

I want to build a system where an external event consumer periodically pulls newly indexed events from Splunk on a sc...

by New Member in

Compute time difference between events

I have events like Event EndDateTime Launch 2017-05-16 13:00:00 . . . Open 2017-05-16 13:00:30 I want to subtra...

by Path Finder in

Lookup in splunk

I want to use lookup in splunk . I am very new to lookup command . I have uploaded a csv file , suppose named lookupf...

by Explorer in

Pleasse help me with IF then ELSE condition in search query

If my search result has any count I want to append my search with OUTPUTCSV command else null. Something like if J...

by New Member in

How to search my JSON data to output Name, Sum(items_sold), and grouped by Name?

I've following JSON format data...below is one sample record. I'm looking for output in the format [ name , sum(items...

by Path Finder in

extract a string into readable datetime format

Hi, I have string in a format as "YYYYMMDD.HHMM" i.e. 20140120.1815 I want to display this in any readable date t...

by Builder in

Issue with strptime and strftime

I have a time input like below, Mon Jul 13 09:30:00 PDT 2015 | eval human_readable_time= strftime(strptime(my_...

by Explorer in

How to filter a multivalue field so it returns results containing 3 or more values?

Hello, thanks in advance for the help. I'd like to filter a multivalue field to where it will only return results tha...

by Path Finder in

Correlate most recent event ‘a’ with event ‘b’

I have a need to pull a field from the most recent event type ‘a’ and add it to event type ‘b’ for those records with...

by Explorer in

Rounding to -2 works but not -3?

Working on a search that will monitor when the searches that populate a summary index run and I'm needing to round th...

by Communicator in

Flood Splunk with test data to performance test real time dashboards and to war game

Hi, I want to flood splunk with a high number of test data to be able to identify flaws in the current alerting an...

by New Member in

Can you force the transaction command to keep duplicate entries in a multivalue field output?

I have a search using the transaction command that returns the following (as a single transaction, not as separate ev...

by Engager in

Combining separate fields to multi values

I have 300 match_ fields per event. Here are the first 9 from one event: match_1="Don\'t Be So Shy" match_2="Imany...

by New Member in

Trying to limit results by date

I am trying to filter results based on a search term (seen below) for only items that match a date from the time sear...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How can i concatenate fields in my data then compare?

My extracted field contains special characters in extracted value. How can I replace it with actual string value?

How to combine multiple fields?

eval searchmatch command OR if command

Do you have a better way to monitor brute force attacks on Linux Servers?

limiting error per event

How to generate a search for new events based on index time not event timestamp?

Compute time difference between events

Lookup in splunk

Pleasse help me with IF then ELSE condition in search query

How to search my JSON data to output Name, Sum(items_sold), and grouped by Name?

extract a string into readable datetime format

Issue with strptime and strftime

How to filter a multivalue field so it returns results containing 3 or more values?

Correlate most recent event ‘a’ with event ‘b’

Rounding to -2 works but not -3?

Flood Splunk with test data to performance test real time dashboards and to war game

Can you force the transaction command to keep duplicate entries in a multivalue field output?

Combining separate fields to multi values

Trying to limit results by date

Observability Highlights | January 2023 Newsletter

Security Highlights | January 2023 Newsletter

Platform Highlights | January 2023 Newsletter

Walklex Timespan

How to use MLTK to tune DNS Query Length Outliers ...

Optimizing metrics based searches?

How to use fit command together with foreach?

How to detect T1036.002: Masquerading (Right-to-Le...