Splunk Search

Thread Info

How to create the proper search to extract all of the fields and their respective field_values from the sample data?

Hi Splunkers!Any one able to assist me with a search that I am trying to create below. I want to extract some data fr...

by Path Finder in

How do I evaluate on column in space and tab delimited logs?

Hello all. I have a log file that looks like this; PROCESS UP STATUS RESTARTS AGEPROCESS1 2/2 Running 0 6d...

by Explorer in

How extract data model fields using REST search?

I'm trying to at least initially to get a list of fields for each of the Splunk CIM data models by using a REST searc...

by Motivator in

What is the fastest way to use a lookup (or match records against a secondary source)?

I have index with json data that represents call data (phone calls), but there is nothing native in the index that re...

by Path Finder in

Why is data is got getting indexed when we are adding csv file from add data under settings?

Hi,data is got getting indexed when we are adding csv file from add data under settings .. its events count is showin...

by Explorer in

Upgrade Splunk Enterprise from 8.x to 9.x

We are currently required to upgrade our Splunk environment from version 8.2.4 to version 9.x, and we are concerned a...

by Path Finder in

How to configure alert when a service is in failed state in a centos server?

We have configured some program to run as a service in Unix server. I want to configure an alert in Splunk that when...

by Loves-to-Learn in

How to search for disk usage greater than 70 percent for 10 mins?

I wanted to know how we can construct a search query for a service which is running on a centOS server and the utiliz...

by Loves-to-Learn in

Help on SPL for Lateral Movement?

Hello Folks, I am new with Splunk. I am looking to build a query to detect lateral movement using Windows Servi...

by Engager in

How retrieve search results via Splunk API?

I recently enabled Splunk tokens (using SAML authentication) and am able to successfully execute basic API calls (suc...

by Path Finder in

How to have all of the CLTW workstations to be summed up as 1 count and so forth for the other locations?

I am having trouble with using the time chart command effectively to make count of all workstations and with them bro...

by Path Finder in

Why are streamstats reset_after for streamstats aggregation not working?

Hello, I am trying to use Streamstats with Sum(value) and I want to reset that sum after it reaches a certain thres...

by Loves-to-Learn Everything in

Why did the search job terminat unexpectedly?

We have a job which is getting terminated intermittently , even though when this search gets executed successfully it...

by Loves-to-Learn in

How to view tools.csv file?

Hi There, I am currently looking at a search within Splunk Security Essentials (Concentration of Attacker Tools by...

by Communicator in

How to find max(_time) for sourcetypes & host by sourcetype host?

I found the following search to identify Missing / New sourcetypes and made a few changes.I am getting data and my ne...

by Contributor in

How to search based on embedded search and partial string matching?

Hello, Not sure if something similar has been posted but what i'm trying to do is a partial match of all the ids i...

by Engager in

Is it possible to alternate colors and values for bar chart on weekly basis?

Hi all, I want to ask if it's even possible to somehow alternate the values in stacked bar chart, that one week th...

by Path Finder in

How to calculate SLA?

my query below (Index=x source=xtype valid) or (index=y source= ytype passed) | eval which=if(match(_raw, " valid...

by Explorer in

How to merge two panels into one panel in a single row in simple xml dashboard?

Hi Team, We have dashboard which will contains the daily job related information. In that we have two panels like ...

by Loves-to-Learn Everything in

Upgrading Splunk 8.0.x to 9.0.x

I currently have a Heavy Forwarder that forwards logs to Splunk Cloud but the heavy forwarder version is at versi...

by Builder in

Does the Elasticsplunk app no longer exist?

Hello, I have noticed that the Elasticsplunk app no longer exists https://splunkbase.splunk.com/app/3493 I do not ...

by Builder in

How to do something like if two of more of ( s1,s2,s3 ) in URL, and symbol count > 2 in url?

.... url = "abc-jjjj-j-xyz.exmaple.come"|eval s1 = abc|eval s2 = efg|eval s3 = xyz|eval symbol ="-" how do i do so...

by Explorer in

How to count after rex multivalue?

Hi, I am doing rex on a field that looks like this (showing multiple events below) a#1|b#30|c#6|d#9 b#5|d#7|...

by Engager in

How to combine results of inputlookup and a search to a table?

I want to search from a lookup table, get a field, and compare it to a search and pull the fields from that search ba...

by Loves-to-Learn Lots in

How can I search for the alerts usecase?

Hi, Need a search for the below usecase Search for alert_type=ufa and alert_name=" suspicious Downloads"Please incl...

by Builder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

How to create the proper search to extract all of the fields and their respective field_values from the sample data?

How do I evaluate on column in space and tab delimited logs?

How extract data model fields using REST search?

What is the fastest way to use a lookup (or match records against a secondary source)?

Why is data is got getting indexed when we are adding csv file from add data under settings?

Upgrade Splunk Enterprise from 8.x to 9.x

How to configure alert when a service is in failed state in a centos server?

How to search for disk usage greater than 70 percent for 10 mins?

Help on SPL for Lateral Movement?

How retrieve search results via Splunk API?

How to have all of the CLTW workstations to be summed up as 1 count and so forth for the other locations?

Why are streamstats reset_after for streamstats aggregation not working?

Why did the search job terminat unexpectedly?

How to view tools.csv file?

How to find max(_time) for sourcetypes & host by sourcetype host?

How to search based on embedded search and partial string matching?

Is it possible to alternate colors and values for bar chart on weekly basis?

How to calculate SLA?

How to merge two panels into one panel in a single row in simple xml dashboard?

Upgrading Splunk 8.0.x to 9.0.x

Does the Elasticsplunk app no longer exist?

How to do something like if two of more of ( s1,s2,s3 ) in URL, and symbol count > 2 in url?

How to count after rex multivalue?

How to combine results of inputlookup and a search to a table?

How can I search for the alerts usecase?

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...