Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How do I write an eval statement to return "True" if there is only one non-zero value in a row, else "False"?

I have results with field names A, B, C, D that will look something like this; A B C D 0 10 0 0 1...

by New Member in

multikv parsing of a table not picking all the values

I have a table like below: CPU0 CPU1 CPU2 CPU3 0: 1826872 0 0 0 IO-APIC-edge tim...

by New Member in

How do I edit my search to find if a user logged in to multiple machines within a certain time range, and identify each of these machines?

I want to know how to determine if a user logged on to multiple machines within a certain time window, and also ident...

by New Member in

How to append values from different searches based on the occurrence of the first one?

Hello there, I know this question might be worded a little weird. I'm trying to create a report that shows the top wo...

by New Member in

Index Time field extraction

I have a custom log file with entries like the one below, I want to pull 8 fields out at index time so I can graph an...

by Engager in

How to search the count of web requests by folder specified in URI stem of web server logs?

I have an enterprise scale MVC website with 4 or 5 major modules/views that runs on a Windows server with full IIS lo...

by Explorer in

How can I generate a report with a list of deployed forwarders and their installation path on the remote servers?

Is there a way I can generate a report with a list of deployed forwarders and its installation path on the remote ser...

by Communicator in

how to identify beacon activity

Hello all, I've recently observed activity that smells like beaconing. After trying to modify the searches provide...

by New Member in

Is it possible to set a token using a field found in a lookup without drilldown?

Can I set a token using a field found in a lookup table? I've been researching online, but I haven't found a real sol...

by Path Finder in

How to filter out events in Splunk 6.3.1 at index-time, except files containing the string "#!" in the first 5 characters of the file?

Hi, I only want to index files containing the string #! in the first 5 characters of the file. Therefore, I create...

by New Member in

Do base_max_searches and max_searches_per_cpu settings take effect on both search head and indexer?

Do these settings take effect on both SH and indexer? # the maximum number of concurrent searches per CPU max_sear...

by Champion in

How to edit my search to group keys as column headers with aggregated values in a single row?

I have a search: sourcetype="my_data"| stats count by queue which aggregates data in a table by the field queu...

by Engager in

How do I get REGEX to extract multiple values from an event?

I have a long, that gets pretty long, and currently splunk is ingesting it as a whole. this log gets up a couple hund...

by Motivator in

How to parse grepable Nmap output?

I have several events with similar to this raw data field that I would like to break down into a new event for each I...

by Path Finder in

How to convert epoch time to HH:MM:SS AFTER using stats AVG?

So I have the following search: Index="Cyber" sourcetype=Response queue = "Incident" status ="resolved" | dedup t...

by Path Finder in

Comparing two string values

I have email address' that are used as user names in two different source types in two different indices. I am trying...

by Explorer in

How to write a search to find the difference between values in multiple fields?

Hello, I would like to find the difference between values in a couple of fields for two months. I figured out h...

by Path Finder in

LDAP queries (not authentication) via Splunk (lookup? something else?)

Hi, Obviously Splunk has some native understanding of LDAP for authentication, but my desire is to use it to look ...

by Contributor in

How to swap out the underlying search in a dashboard for a table drilldown using Simple XML?

Hi, I want to do this, but I'd prefer to do it in Simple XML. Is it possible? http://docs.splunk.com/Documentation...

by Communicator in

How do I calculate the square root of a summed field?

Hello, I'm trying to solve for a standard error formula in the number of observations I have for all hbss dlp even...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do I write an eval statement to return "True" if there is only one non-zero value in a row, else "False"?

multikv parsing of a table not picking all the values

How do I edit my search to find if a user logged in to multiple machines within a certain time range, and identify each of these machines?

How to append values from different searches based on the occurrence of the first one?

Index Time field extraction

How to search the count of web requests by folder specified in URI stem of web server logs?

How can I generate a report with a list of deployed forwarders and their installation path on the remote servers?

how to identify beacon activity

Is it possible to set a token using a field found in a lookup without drilldown?

How to filter out events in Splunk 6.3.1 at index-time, except files containing the string "#!" in the first 5 characters of the file?

Do base_max_searches and max_searches_per_cpu settings take effect on both search head and indexer?

How to edit my search to group keys as column headers with aggregated values in a single row?

How do I get REGEX to extract multiple values from an event?

How to parse grepable Nmap output?

How to convert epoch time to HH:MM:SS AFTER using stats AVG?

Comparing two string values

How to write a search to find the difference between values in multiple fields?

LDAP queries (not authentication) via Splunk (lookup? something else?)

How to swap out the underlying search in a dashboard for a table drilldown using Simple XML?

How do I calculate the square root of a summed field?

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

Observability Highlights | January 2023 Newsletter

New install- why doesn't search work?

Why does Walklex return spaces before some of the ...

Why won't Walklex timespan follow time specificati...

How to use MLTK to tune DNS Query Length Outliers ...

Optimizing metrics based searches?