Splunk Search

Discussions

Thread Info

Parse duration in format `HH:MM:SS.NNNNNNN`

I'm struggling to convert a duration in format HH:MM:SS.NNNNNNN to seconds in a concise manner. For example, 01:03...

by Path Finder in

When running a CLI search with a specific timerange, is there a way to prevent INFO line from appearing?

Attempting to build some monitoring whereby we run a Splunk search from the command line interface (CLI) over a given...

by Communicator in

Prevent splunk from streaming results to a custom search command?

I've created a custom command in python that needs to view an entire set of events as a single batch, because it's co...

by Engager in

How to write a search that will determine if a lookup file has been updated?

How to write a search that will determine if a lookup file has been updated? Thanks.

by Communicator in

How do I manually update a saved search at a time other than scheduled through user request?

I have an intensive search populating a dashboard that i'd like to schedule once a day, or as requested by the user -...

by Communicator in

Row limit for custom commands

I've got a custom command that we're running over a large set of data. When I just run the part of the query up to ri...

by Splunk Employee in

How to find the latest event (message) with a given key (field)?

I have components which are sending UDP messages to splunk. The message format is key1=value1|key2=value2|.... ...

by Communicator in

symantec DLP

Dear Sirs, in symantec dlp we have different policies consider it as (1,2,3,...etc) and when i user violate any polic...

by Explorer in

How to split a multivalue field into separate fields?

I have a customer that is attempting to check a field “Account_Name”. Some of the events have multiple account names ...

by Splunk Employee in

How do I write a search to compare timestamps in indexed data to timestamps in a lookup table?

Need a help urgently in using a lookup in a search. I have a lookup table as below and need to use this data in the s...

by Explorer in

How to remove consecutive duplicate values by host from custom perfmon counters?

Hi There, I am trying to figure out how to remove duplicates in a custom perfmon counters data that is exported t...

by New Member in

How to edit my search to compare two dates?

I want to compare two dates using case statement Theoretically, case( _time > "2016-01-01") . If True, Print "Yes" in...

by Explorer in

How do I reference other fields in a Splunk regex search?

Would like to do this: Where indexa has two fields, md5 and allmd5 Two records exist like this: md5=99ed710d...

by Explorer in

Is there a way to search which heavy forwarder sent a log to the indexer?

Is there a way to search a log and figure out which heavy forwarder sent the log to the indexer?

by New Member in

How to find the top 5 results from one field (x) per another field (y) and display results in a graph?

Suppose I am interested in finding out the top 5 videogames bought (in the last 24 hours) per top 10 stores and would...

by Explorer in

How to search a proxy log index to get a list of URLs that match URL field in a lookup table?

I have a proxy log index which contains a URL field. I also have a lookup table, which contains a list of known b...

by Explorer in

Is it possible to put a conditional statement in a field extraction?

I have files I am ingesting that have variable formats. I want to pick those lines out that only have an IP address a...

by Builder in

How to write a regular expression for my use case?

11-01-2016 14:53:32.199 -0500 INFO StreamedSearch - Streamed search connection terminated: search......................

by Communicator in

Using the Splunk SDK for PHP, how do I output a search result in a CSV file?

Hi, I want to get results of a search in a CSV file. I tried this, but its giving me error HTTP 400 Invalid output...

by Communicator in

How to edit my search to list top 10 products sold in the last 4 hours, and compare these results to 30 days ago?

Hi folks, I have Splunk version 6.2.7 and am trying to create a report to display the top 10 products sold within ...

by Explorer in

Forescout: How to generate a report for month over month AV compliance?

I need to provide month over month AV compliance given the following calculation: (Total # AV compliant servers / ...

by Path Finder in

How can I filter my results to compare values in two fields?

I have 2 fields called sc_bytes & cs_bytes in my results. How can I then filter my results to give me events when the...

by Path Finder in

How to extract the OS and Browser from a user agent string in our logs without a Splunk app or external script?

Hello Experts, I need help in determining the OS and Browser's that appear in our logs. I understand the easiest ...

by Explorer in

How can I rex on an exact error code?

Hello ppl I have a set of Error messages in an event log that looks like this ERROR [43f796d8da] there are several c...

by Explorer in

How to search for IP addresses in a lookup that are not found in my events?

I have a lookup which has an IP address column, and I'm trying to find which if the IP addresses from this lookup tab...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Parse duration in format `HH:MM:SS.NNNNNNN`

When running a CLI search with a specific timerange, is there a way to prevent INFO line from appearing?

Prevent splunk from streaming results to a custom search command?

How to write a search that will determine if a lookup file has been updated?

How do I manually update a saved search at a time other than scheduled through user request?

Row limit for custom commands

How to find the latest event (message) with a given key (field)?

symantec DLP

How to split a multivalue field into separate fields?

How do I write a search to compare timestamps in indexed data to timestamps in a lookup table?

How to remove consecutive duplicate values by host from custom perfmon counters?

How to edit my search to compare two dates?

How do I reference other fields in a Splunk regex search?

Is there a way to search which heavy forwarder sent a log to the indexer?

How to find the top 5 results from one field (x) per another field (y) and display results in a graph?

How to search a proxy log index to get a list of URLs that match URL field in a lookup table?

Is it possible to put a conditional statement in a field extraction?

How to write a regular expression for my use case?

Using the Splunk SDK for PHP, how do I output a search result in a CSV file?

How to edit my search to list top 10 products sold in the last 4 hours, and compare these results to 30 days ago?

Forescout: How to generate a report for month over month AV compliance?

How can I filter my results to compare values in two fields?

How to extract the OS and Browser from a user agent string in our logs without a Splunk app or external script?

How can I rex on an exact error code?

How to search for IP addresses in a lookup that are not found in my events?

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions