Splunk Search

Discussions

Thread Info

Is there an efficient way to search for entries containing a specific substring of an indexed word?

I'm not entirely certain exactly how the search optimization in Splunk works. Certainly, if I search only for a rare ...

by Explorer in

How to edit my search to separate values in a column into two columns in my resulting table?

I have the table like this: time info id response time start time1 in 571 end t...

by Explorer in

How do I aggregate individual searches into a single search?

Hi. My organization is looking at identifying individual users (UserID) who have failed authentication(logon) >5 t...

by New Member in

rex construction help

Hi there I´m creating a REX to extract data from a raw field like this 2013-07-08T09:33:59.899088-05:00 10.27.253.125...

by New Member in

How to edit my search to replace an eval field with another field using stats sum?

Hi all. I have a search like this: index=data sourcetype=log* Type=INS finalStatus=done | eventstats values(f...

by Builder in

How to dynamically exclude a value for a day in a graph if the day is incomplete?

If I have a search for using earliest and latest, say 1st of Dec 16 to 1st Feb 2017, this will draw a graph. But if I...

by Motivator in

How to extract a field value to use as a search term for filtering?

Hello, I need a way to extract/convert a field value to a search condition. Example: field_value= "src_ip=1...

by New Member in

Is the duration field always in seconds? (transaction command)

Greetings everyone, I just want to verify that the transaction generated duration field is always in seconds. it does...

by Builder in

How to create a time chart with values from eventstats?

Hi all. I have a search like this: index=log sourcetype=data TYPE="PLATFORM" | timechart span=1d count by ARE...

by Builder in

Is it possible to use a value in a lookup in order to automatically adjust the time range a scheduled search runs?

I have a scheduled report, which is generating a lookup table. In this lookup csv, there is a field called "adjust", ...

by Communicator in

How to compare two fields values for two different time ranges

index=nessus severity!=informational severity!=low severity!=medium earliest=-1mon@mon latest=-0mon@mon | top 0 signa...

by New Member in

Is there a way to instruct Splunk to begin a search with the oldest event?

Is there a way to instruct Splunk to begin searching from a specific time forward instead of backwards from the curre...

by Explorer in

How to combine my 2 searches?

Hi, splunk Version 6.5.0 I try to combine 2 seaches and get 1 result of them, I tried the following without any...

by Path Finder in

How to filter on multiple values from multiple fields?

Hi, I have a log file that generates about 14 fields I am interested in, and of those fields, I need to look at a...

by New Member in

How to write the regular expression to extract these fields from my sample data?

Hello, I'm trying to create a regex to extract the fields to the follow logs: Example 1 msg=O equipamento ma...

by New Member in

How do I edit my rex syntax in my search to extract a field from an unstructured event?

I would like to perform field extraction from an unstructured event. I am unable to perform the field extraction fro...

by Explorer in

Why does my lookup search fetch results when searching one index but not with another?

Hi All, I have lookup file name called " Privilege_User_List.csv". Using Splunk index, I can able lookup the data and...

by Explorer in

How to edit my search to turn table results into table headers?

I'm running a search that combines download counts of external and internal viewers. To chart the different internal ...

by Communicator in

After creating an extracted field with the Field Extractor in Splunk Web, why are new values not appearing when searching the field?

I've created an extracted field using the field extractor GUI in Splunk Seb. When I created it, there were two values...

by Explorer in

How to search for events where someone visited a domain from a list in a static CSV file?

Greetings All, I am trying to use a static CSV file that contains bad domain indicators and search Splunk logs for...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Is there an efficient way to search for entries containing a specific substring of an indexed word?

How to edit my search to separate values in a column into two columns in my resulting table?

How do I aggregate individual searches into a single search?

rex construction help

How to edit my search to replace an eval field with another field using stats sum?

How to dynamically exclude a value for a day in a graph if the day is incomplete?

How to extract a field value to use as a search term for filtering?

Is the duration field always in seconds? (transaction command)

How to create a time chart with values from eventstats?

Is it possible to use a value in a lookup in order to automatically adjust the time range a scheduled search runs?

How to compare two fields values for two different time ranges

Is there a way to instruct Splunk to begin a search with the oldest event?

How to combine my 2 searches?

How to filter on multiple values from multiple fields?

How to write the regular expression to extract these fields from my sample data?

How do I edit my rex syntax in my search to extract a field from an unstructured event?

Why does my lookup search fetch results when searching one index but not with another?

How to edit my search to turn table results into table headers?

After creating an extracted field with the Field Extractor in Splunk Web, why are new values not appearing when searching the field?

How to search for events where someone visited a domain from a list in a static CSV file?

Splunk Observability Cloud | Customer Survey!

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

Starting With Observability: OpenTelemetry Best Practices

parsing _internal logs

How to Add Datamodel Fields in Search and Reportin...

Check lookup table for old/expired entries

AD servers with indexing delays when evt_resolve_a...

Using comparison function within mstats