Splunk Search

Discussions

Thread Info

How to Remove dynamic part from error log and group by common error

I want to Remove dynamic part from error log and group by common error below is the message which will be generated d...

by New Member in

How to use search time range (earliest, latest) in eval?

(I'm nearly certain this had been answered before.) In order to know how long ago the last events occurred, I cope wi...

by SplunkTrust in

Combine searches

I have success events in sourcetype XYZ. Failure events in sourcetype ABC. I want to show failure count as a percenta...

by New Member in

Convert Dynamic Date into Variable.

Here is my search query ... earliest=-2d@d latest=now....| untable _time Metrics Value | eval Date=strftime(_time,...

by Path Finder in

Web service response metrics

I want to plot a graph for web service response for last 'n' hours. I want the web service actual response time to be...

by New Member in

How to search a field for text from another field?

It seems like this should be something pretty simple to do, so I hope I'm not just overlooking something. Let's sa...

by Explorer in

How to call a function every time I run a search?

I have written a small app on the django framework. One of its dashboards has a search bar that should accept either ...

by Path Finder in

How to compare search result of logs from production server to QA search result logs?

I want compare the 2 search result error logs and show the result. I want to compare based on "Error" log of 2 search...

by New Member in

core.user_auth.mfa_bypass_attempted - OKTA event

Has anyone dealt with this event? I'm reviewing different panels in OKTA app and I found one which looks for MFA bypa...

by New Member in

How to extract fields from key/value, but separated with "|" symbol?

Hi, I have my syslog file writen as the following. I index these events in a syslog sourcetype. What I need to e...

by Contributor in

Are there a standard set of attack vectors to search and alert for?

So I wanted to field this question out to the community. I'm looking to ensure that I'm covering as many attack vecto...

by Contributor in

Help extracting a field from an event

Hello, I need help extracting the following value from this sample event: 2015-10-12 09:15:01,590 CDC_HB_RCV C M D...

by New Member in

case statement using token for span in timechart

index=XXX sourcetype="XXX" itemKey ="$metric$" name = "$Host$" | timechart span=$spantime$m $statistic$(value) by nam...

by Explorer in

Getting reverse of IP address occurring in event ex " 2.20.111.140" should be shown as "140.111.20.2"

Events have IP address and are needed to be shown in reverse form . " 2.20.111.140" should be shown as "140.111.20...

by Explorer in

Picking events depending on timestamp

Hi, I have a script which gets value for a KPI for each 4 min. 10/9/15 8:44:00.000 AM KpiId="4185"|kpiName="D...

by Path Finder in

How to calculate speed (distance/time) from latitude and longitude fields?

hi everyone, looking for some best practice, advice, and awesomeness from you guys on this one. has anyone ever...

by Contributor in

Disable zoom in map

I'd like to disable the zoom feature in a <map> element within a dashboard. Is it possible? I just want to show a fix...

by Explorer in

How to configure search affinity in a multisite clustering ?

Hello Everyone, I am having trouble with a multisite configuration(version 6.3), i have two sites : site 1 : 1 ...

by Explorer in

Splunk 6.3.0: Source type not getting applied to forwarded structured data

I am using splunkforwarder-6.3.0-aa7d4b1ccb80-linux-2.6-x86_64.rpm to forward tab delimited structured data from one ...

by Explorer in

Removing duplicates

HI , i am new to splunk i need to create a report that has rest calls which has mulitple path parameters , so it was ...

by New Member in

How to prevent | stats count in a macro from triggering a remote search?

Using | stats count is often useful to do a quick test | stats count | some search where you do not need event dat...

by Motivator in

How to get physical address given latitude and longitude coordinates and show it in a table?

Given that I have my latitude an longitude in an RDBMS and I can access it using Splunk DB Connect. I want to show th...

by New Member in

How can I search on _internal logs from forwarders in my environment?

Hello everyone, It seems like I couldn't find any previous answer on this from the community. I have more than 100...

by Explorer in

Hard Disk Change on the Indexers

We have a clustered environment. 3 Indexers , 1 search head, 1 cluster master , 4 heavy forwarders and 100+ universal...

by Communicator in

All resource graphs empty

I installed SoS, enabled the collection scripts, and even though the scripts run fine and data is indexed, the resour...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to Remove dynamic part from error log and group by common error

How to use search time range (earliest, latest) in eval?

Combine searches

Convert Dynamic Date into Variable.

Web service response metrics

How to search a field for text from another field?

How to call a function every time I run a search?

How to compare search result of logs from production server to QA search result logs?

core.user_auth.mfa_bypass_attempted - OKTA event

How to extract fields from key/value, but separated with "|" symbol?

Are there a standard set of attack vectors to search and alert for?

Help extracting a field from an event

case statement using token for span in timechart

Getting reverse of IP address occurring in event ex " 2.20.111.140" should be shown as "140.111.20.2"

Picking events depending on timestamp

How to calculate speed (distance/time) from latitude and longitude fields?

Disable zoom in map

How to configure search affinity in a multisite clustering ?

Splunk 6.3.0: Source type not getting applied to forwarded structured data

Removing duplicates

How to prevent | stats count in a macro from triggering a remote search?

How to get physical address given latitude and longitude coordinates and show it in a table?

How can I search on _internal logs from forwarders in my environment?

Hard Disk Change on the Indexers

All resource graphs empty

Infographic provides the TL;DR for the 2024 Splunk Career Impact Report

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

How to check MQ reconnects after a connection is d...

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown