Splunk Search

Discussions

Thread Info

How to edit my search to compare two dates?

I want to compare two dates using case statement Theoretically, case( _time > "2016-01-01") . If True, Print "Yes" in...

by Explorer in

How do I reference other fields in a Splunk regex search?

Would like to do this: Where indexa has two fields, md5 and allmd5 Two records exist like this: md5=99ed710d...

by Explorer in

Is there a way to search which heavy forwarder sent a log to the indexer?

Is there a way to search a log and figure out which heavy forwarder sent the log to the indexer?

by New Member in

How to find the top 5 results from one field (x) per another field (y) and display results in a graph?

Suppose I am interested in finding out the top 5 videogames bought (in the last 24 hours) per top 10 stores and would...

by Explorer in

How to search a proxy log index to get a list of URLs that match URL field in a lookup table?

I have a proxy log index which contains a URL field. I also have a lookup table, which contains a list of known b...

by Explorer in

Is it possible to put a conditional statement in a field extraction?

I have files I am ingesting that have variable formats. I want to pick those lines out that only have an IP address a...

by Builder in

How to write a regular expression for my use case?

11-01-2016 14:53:32.199 -0500 INFO StreamedSearch - Streamed search connection terminated: search......................

by Communicator in

Using the Splunk SDK for PHP, how do I output a search result in a CSV file?

Hi, I want to get results of a search in a CSV file. I tried this, but its giving me error HTTP 400 Invalid output...

by Communicator in

How to edit my search to list top 10 products sold in the last 4 hours, and compare these results to 30 days ago?

Hi folks, I have Splunk version 6.2.7 and am trying to create a report to display the top 10 products sold within ...

by Explorer in

Forescout: How to generate a report for month over month AV compliance?

I need to provide month over month AV compliance given the following calculation: (Total # AV compliant servers / ...

by Path Finder in

How can I filter my results to compare values in two fields?

I have 2 fields called sc_bytes & cs_bytes in my results. How can I then filter my results to give me events when the...

by Path Finder in

How to extract the OS and Browser from a user agent string in our logs without a Splunk app or external script?

Hello Experts, I need help in determining the OS and Browser's that appear in our logs. I understand the easiest ...

by Explorer in

How can I rex on an exact error code?

Hello ppl I have a set of Error messages in an event log that looks like this ERROR [43f796d8da] there are several c...

by Explorer in

How to search for IP addresses in a lookup that are not found in my events?

I have a lookup which has an IP address column, and I'm trying to find which if the IP addresses from this lookup tab...

by Communicator in

Why is my field extraction not working properly between two log files?

Hello, I want to extract a field with the field extractor in Splunk. But when I extract these logs on log 1, I wil...

by Path Finder in

How do you use the arules search command?

I can't get any output data. My test dataset includes two fields f1 and f2: | inputcsv tmp1030.csv | arules f1 f2...

by Engager in

How can I view the full city list that Splunk uses for iplocation?

Hi, Does anyone know how I can view the full city list that Splunk uses for iplocation? I'm exporting my data, th...

by New Member in

How to search for and display the count of events per sourcetype in a table?

Hi all. I have a search that begins with: index="first" OR index="second" sourcetype=* I need to show a tab...

by Builder in

How to generate a search that will correlate multiple IP addresses that hit the same URL?

I am utilizing Cisco Ironport Squid logs. I found a suspicious event that is possible malware related and multiple co...

by Explorer in

How to write a search to display forwarders missing at a certain point in time?

Hi Guys Is there a search that can pull back the forwarders that are missing / not sending data at a point in time...

by Communicator in

How to calculate the time difference in minutes between two events?

I have two events I'm using this nt_time=strptime(VENDOR_NOTIFIED_TIME,"%F %T")|eval st_time = strptime(START_D...

by Explorer in

extracting fields between pattern in a search and and calculating length of value

Hello. I have a simmilar quesiton to this : https://answers.splunk.com/answers/176585/how-to-extract-a-field-bet...

by New Member in

Why am I getting "message Max Raw Size Limit Exceeded" errors that are now affecting search performance?

Hi Guys, I'm running a search and it seems to take longer than needed. I've search the logs for errors and found t...

by Communicator in

How to search for a field value during a certain period of time using an extracted time field?

Hi I have an extracted field from regex, ie Time_extract which gives hour. Now I want to get the logs between a p...

by Explorer in

Help with Splunk 6.3 Simple XML text input box: condition match regex IP address

I am trying to test a text input box value to determine if an IP address was provided. If an IP address was provided,...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to edit my search to compare two dates?

How do I reference other fields in a Splunk regex search?

Is there a way to search which heavy forwarder sent a log to the indexer?

How to find the top 5 results from one field (x) per another field (y) and display results in a graph?

How to search a proxy log index to get a list of URLs that match URL field in a lookup table?

Is it possible to put a conditional statement in a field extraction?

How to write a regular expression for my use case?

Using the Splunk SDK for PHP, how do I output a search result in a CSV file?

How to edit my search to list top 10 products sold in the last 4 hours, and compare these results to 30 days ago?

Forescout: How to generate a report for month over month AV compliance?

How can I filter my results to compare values in two fields?

How to extract the OS and Browser from a user agent string in our logs without a Splunk app or external script?

How can I rex on an exact error code?

How to search for IP addresses in a lookup that are not found in my events?

Why is my field extraction not working properly between two log files?

How do you use the arules search command?

How can I view the full city list that Splunk uses for iplocation?

How to search for and display the count of events per sourcetype in a table?

How to generate a search that will correlate multiple IP addresses that hit the same URL?

How to write a search to display forwarders missing at a certain point in time?

How to calculate the time difference in minutes between two events?

extracting fields between pattern in a search and and calculating length of value

Why am I getting "message Max Raw Size Limit Exceeded" errors that are now affecting search performance?

How to search for a field value during a certain period of time using an extracted time field?

Help with Splunk 6.3 Simple XML text input box: condition match regex IP address

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions