Splunk Search

Discussions

Thread Info

Using restrict search terms to assign a user group access to a specific subnet of firewall traffic, why are only some field extractions working?

I have a user group that I'm trying to assign access to a specific subnet of firewall traffic. Their network traverse...

by Path Finder in

Why is eval case not working in my search?

HI All , I hope someone can help me out with a problem I currently see in a query. I have a Splunk DB Connect ...

by Path Finder in

How to place a solid border around a chart panel using XML/CSS?

I'd like to place a solid border around a chart panel in XML - I'm struggling to comprehend how this is done within X...

by New Member in

Geostats is not working in 6.3

Hi, I have a lookup table in which I have area code and longtitue and latitude and other details, at the other en...

by Contributor in

How is frozen data accessed in splunk?

I've been looking at sizing a Splunk instance based on https://splunk-sizing.appspot.com/#v=10 and it mentions hot, c...

by Engager in

Is there a better way to write OR statements in a Splunk search?

Is there a better way to do an OR in Splunk? Example: api_domain="purchase" OR api_domain="user" OR api_domain=...

by Builder in

Can I get search script to filter only errpt errors?

I am getting below output when i am searching in syslog. I want to filter only Error Log messages given below. sea...

by Path Finder in

How can I extract the same date/time consistently from Cisco ISE logs with different date and time stamp formats?

Having an issue searching Cisco ISE logs in Hunk where values I know exist in the events/logs (independently verified...

by Influencer in

Alert to trigger secondary search

Is there any easy way for an alert to trigger another search? my use case is for an account lockout to trigger a ...

by Path Finder in

How to get stats with a percentage change for a certain field?

In stats, I want something equal to (latest - earliest) / earliest for certain field. How I can achieve that?

by Path Finder in

How to plot a bubble representing the total number of occurrences of an event using Latitude and Longitude with geostats?

Hi There, I have 158 events with three fields - latitude, longitude, and an integer value representing the total n...

by Path Finder in

I need help with a range of numbers in REGEX

I have the following REGEX to pickup the bytes out, ^(?:[^,\n]*,){31}(?P\d+). I need to know the REGEX to filter out ...

by Path Finder in

Why am I unable to set new fields in a custom search streaming command?

I'm writing a custom search command to convert all the full path xml names to just local names. I'm also making the f...

by Explorer in

How to edit my search to filter out JSON fields for an alert report?

Hi Folks, I am attempting to look at some Splunk logs and within the JSON, I only care about 3 fields: cmd, vax, o...

by New Member in

How do I edit my transaction search to make sure that a certain event is present between the start and end events?

Hi guys, I am monitoring suspicious user activity using the transaction command. For example, if EventCodes X, Y, ...

by New Member in

Running SearchManager in a dashboard, I get 165 results, but why does SplunkResultsModel only return the first 100 events?

Hi, After I run a SearchManager in dashboard, the number of result events I see is 165, however, when I use the fo...

by New Member in

How to write a search to display a table of counts, including fields with 0 results?

Hi, How can I create this kind of table? MissingA : 0 MissingB : 100 MissingC : 200 I'd like to create a das...

by New Member in

Why am I getting different count results using "chart count by field" versus "chart count(field) by field"?

Hello, I have this raw line: 2016-02-25T15:48:09.762479+01:00 03ucas amavis[1369]: (01369-16) run_av (ClamAV-cl...

by Path Finder in

Is it possible to store a field as a boolean value?

Assuming I'm not completely incorrect, I don't believe there is a way to store a field as a boolean value. There are ...

by Explorer in

How to define a calculated field based on chained rex statements in Splunk Web?

I'm using Splunk Enterprise. I have a search that looks like: index=foo sourcetype=yapache_access host=bar | fiel...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Using restrict search terms to assign a user group access to a specific subnet of firewall traffic, why are only some field extractions working?

Why is eval case not working in my search?

How to place a solid border around a chart panel using XML/CSS?

Geostats is not working in 6.3

How is frozen data accessed in splunk?

Is there a better way to write OR statements in a Splunk search?

Can I get search script to filter only errpt errors?

How can I extract the same date/time consistently from Cisco ISE logs with different date and time stamp formats?

Alert to trigger secondary search

How to get stats with a percentage change for a certain field?

How to plot a bubble representing the total number of occurrences of an event using Latitude and Longitude with geostats?

I need help with a range of numbers in REGEX

Why am I unable to set new fields in a custom search streaming command?

How to edit my search to filter out JSON fields for an alert report?

How do I edit my transaction search to make sure that a certain event is present between the start and end events?

Running SearchManager in a dashboard, I get 165 results, but why does SplunkResultsModel only return the first 100 events?

How to write a search to display a table of counts, including fields with 0 results?

Why am I getting different count results using "chart count by field" versus "chart count(field) by field"?

Is it possible to store a field as a boolean value?

How to define a calculated field based on chained rex statements in Splunk Web?

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...