Splunk Search

Discussions

Thread Info

How to exlude the event from Indexing?

Hi I have a cisco ASA event , which I have to exclude before Indexing. What's the best way to do it? sample ev...

by Builder in

Transposing multiple DateTime fields into counts per Dates/Hour

We have events that have multiple time values to record timings of a translation. We are looking to show a count of e...

by Explorer in

Ability to add to search without re-running entire search?

hI, I've been asked if there is a way to add/extend a search without re-running it in it's entirety. Apparently, t...

by Champion in

Where can I find detailed documentation for using tstats with accelerated data models?

I'm starting to use accelerated data models to power some dashboards, but I'm having some issues. For example, after ...

by Path Finder in

Remove character pattern from field value

In one of my logs, I have some fields that return values such as: status=FA-Full Pulse AOV Access Realm)[ status=FA-F...

by Path Finder in

Extract fields from Windows Event Log Message

I have events that do not extract the fields from the message field by default. I'm trying to setup props/transforms ...

by Explorer in

Problem with Fields Aliases

Hi all, I have some problem with fields aliases. I try to explain, I receive a message MQ with a XML message body; i...

by New Member in

i want split all the "modify" tags value under a column and other tags vice versa.

Extends Asasociaoted With Deicooration: Linseld - Acation Coade; modify:extends -act5iodn; modify:extends -date;Exten...

by Builder in

Relative Time based on last event

I want to be able to compare 48 hours from my last event date, thought this would work but I keep getting 0 as my res...

by Contributor in

How to timechart time with SLA

I'm trying to replicate the following graph (not based on splunk data) into splunk. On Time Batch - Planned Time...

by Explorer in

How to generate a search to check memory, cpu, disk usage for each host?

Hello, I would like to do a search against forwarders, once I found that forwarder is running, I need to check mem...

by Explorer in

Add the column of numbers for the same result

I have 2 columns. One of them lists IP address of which many are repeating and the other column is of purchases. The ...

by New Member in

How to use a Lookup table to search against two sourcetypes with a common field that's named differently

I have two sources from Log files: “source1web”, “source2auth”, they both list IP addresses, but are named differentl...

by New Member in

How to create the Regular Expression for the xml

Hi Team, I have XML in the format present below and i am trying to use field transformation and field extraction i...

by Explorer in

filtered sub search

Hi I want to search for Text A on a index and find the Source Files and then on these source files search for Tex...

by New Member in

Different search results in Different systems

Hello All, I have a search query which gives the below results: Now the same query when my friend runs ...

by Explorer in

Search Query for Nested Jobs

Hi Everyone, I am a newbie to Splunk and trying to create Dashboards for Data Visualization. I have Real Time Data...

by Explorer in

case function -- why can't I operate on the results of a case function?

case function -- why can't I operate on the results of a case function? After the eval case function, I got 100 rows....

by New Member in

How to edit my search to find the average events per second for each day from the past week?

I am using the following query to calculate the average events per second | tstats count where index=* groupby ind...

by Communicator in

Adding lookup files for tuning purposes

So I'm new to Splunk (and ES) and have been asked to tune out some noise as we are getting a lot of false positives f...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to exlude the event from Indexing?

Transposing multiple DateTime fields into counts per Dates/Hour

Ability to add to search without re-running entire search?

Where can I find detailed documentation for using tstats with accelerated data models?

Remove character pattern from field value

Extract fields from Windows Event Log Message

Problem with Fields Aliases

i want split all the "modify" tags value under a column and other tags vice versa.

Relative Time based on last event

How to timechart time with SLA

How to generate a search to check memory, cpu, disk usage for each host?

Add the column of numbers for the same result

How to use a Lookup table to search against two sourcetypes with a common field that's named differently

How to create the Regular Expression for the xml

filtered sub search

Different search results in Different systems

Search Query for Nested Jobs

case function -- why can't I operate on the results of a case function?

How to edit my search to find the average events per second for each day from the past week?

Adding lookup files for tuning purposes

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

Streamline Data Ingestion With Deployment Server Essentials

Remediate Threats Faster and Simplify Investigations With Splunk Enterprise Security ...

AD servers with indexing delays when evt_resolve_a...

Using comparison function within mstats

splunk search statement using keyword from input b...

Ex Cisco - run a report for all DFS users who logg...

Splunk query to list all the queries that time out