Splunk Search

Ask a Question

Discussions

Thread Info

How to extract nested JSON fields and array from Splunk data using spath?

I'm trying to extract some information from nested JSON data stored in Splunk. Here's a simpl...

by Path Finder in

How to create unique event?

Hello! I have some events just like this 2023-06-20 17:25:35.878 INFO Trace:[::] [#kafka-producer-network-thre...

by Path Finder in

How to identify an unusual source sending a high volume of emails, excluding VCP public wifi from the 172 Host?

Hi,I'm trying to build a search query for the Unexpected Host Sending a Large Amount of Email in which i need to Exc...

by Builder in

How to count specific field in a mini batch log events?

Each log event has more than 1 transaction because we are logging a mini batch log events. So, for every 2 minutes a ...

by Loves-to-Learn in

How can I refer part of query as a table?

I have a dbx query plus SPL commands that makes me a certain table, which I want to refer to via a table name, is it ...

by Explorer in

How to search a list of all enabled apps in Splunk and their versions on a search head?

Hi, Could you please help me to create a search which can list all apps enabled in Splunk (on splunk search head) ...

by Path Finder in

Index based search for user being added to multiple windows groups?

Hello Folks, Needed help with index based search for any user being added to multiple windows groups (preferably m...

by Engager in

Splunk Search to get time if exceeds cut off time on account of day changed?

Hai All, Good day, we have event in splunk for job_name Test job HAS START_TIME at 2023/06/15 23:30:33 and END_...

by Path Finder in

How to calculate percentage based on 3 different searches with Joins? Is that possible?

First query: index="raw_es2" app message="[Login][Password]Login simplified active." | stats count by messa...

by New Member in

How cache fields are computed in index _audit?

Hello All, I need help to understand the cache related fields returned by _audit index for scheduled searches. du...

by Contributor in

How to find top 10 URLs with high response time?

Hello Team, I need to have top 10 url's in the order of max average response time taken. Could you please help in ...

by Path Finder in

How to create a join when first search contains multivalues for single field?

Hi,I'm trying to join two searches where the first search includes a single field with multiple values. The matching ...

by Path Finder in

How to combine events having one field value same and create single row?

Hi, Require to combine events having one field value same and create single row . Query: index=webmethods_d...

by Loves-to-Learn Everything in

What is the best way to use if clause with where?

Hello Community, I have a table: Filename Status file1 1 file2 0 ...

by Explorer in

What is the difference between run_time and total_run_time?

Hello all, I need help to understand the difference between two fields run_time (fetched from index: _internal) an...

by Contributor in

Is it possible to do eval and lookups with makeresult?

Is it possible for me to do a main search and based on the results from main search I find the fileName and want to u...

by Contributor in

Optimizing SLA Tracking - Caching/Indexing or Saving Results?

Hi everyone, I have a pretty huge multisearch query with multiple inputlookups, untangling the spaghetti monster whic...

by Explorer in

Why are there a few fields are missing when importing data from DOORS next gen to Splunk?

Hello All, I tried to extract data from DOORS Next Gen. After importing the data, I found that few fields are miss...

by Engager in

How to display next 10 numbers?

Hi Splunkers, Here I'm asking help on Splunk query. I have a csv file with some numbers between 101-999, I need...

by Explorer in

How to dynamically select column in an XY series?

Hello! I am currently trying to dynamically select columns in my output that are generated by an xyseries. I am...

by Explorer in

How to remove null values then add fields?

Hi all, would love help with this one. I currently have a query where I have 4 different processing times by sess...

by Path Finder in

Can I set up a PS4 Game Session Timer and Notification?

Hi I want to know how long and when either of two games are being played on the PS4 or a laptop and be notified vi...

by Observer in

How to exclude users from service account values: a generic approach?

Hi,I'm attempting to create a method to exclude users from service account values without excluding a particular serv...

by Builder in

Extract multiple JSON fields

I am trying to create a table whereby two of the values are within a JSON array. The data in each array entry is base...

by Loves-to-Learn in

How to remove comms and parenthesis?

index="myIndex" app_name="myappName" My.Message = "*failed to retrieve the workOrder*"| rex "Order (?<Order>[^\s]+)"...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to extract nested JSON fields and array from Splunk data using spath?

How to create unique event?

How to identify an unusual source sending a high volume of emails, excluding VCP public wifi from the 172 Host?

How to count specific field in a mini batch log events?

How can I refer part of query as a table?

How to search a list of all enabled apps in Splunk and their versions on a search head?

Index based search for user being added to multiple windows groups?

Splunk Search to get time if exceeds cut off time on account of day changed?

How to calculate percentage based on 3 different searches with Joins? Is that possible?

How cache fields are computed in index _audit?

How to find top 10 URLs with high response time?

How to create a join when first search contains multivalues for single field?

How to combine events having one field value same and create single row?

What is the best way to use if clause with where?

What is the difference between run_time and total_run_time?

Is it possible to do eval and lookups with makeresult?

Optimizing SLA Tracking - Caching/Indexing or Saving Results?

Why are there a few fields are missing when importing data from DOORS next gen to Splunk?

How to display next 10 numbers?

How to dynamically select column in an XY series?

How to remove null values then add fields?

Can I set up a PS4 Game Session Timer and Notification?

How to exclude users from service account values: a generic approach?

Extract multiple JSON fields

How to remove comms and parenthesis?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...