Splunk Search

Discussions

Thread Info

How to work out the age of a user based on date of birth?

I want to group users by their age which range from roughly 5 years to 90. The dateofbirth field is formatted like th...

by Communicator in

Do unused search-time field extractions significantly impact performance if the extracted fields are not used?

I have a new analyst requesting to add some search-time field extractions for sourcetype=syslog to simplify reporting...

by Contributor in

Why is my PDF report not displaying the chart from my custom js script?

Hi All, My dashboard has a custom js script, and while sending the PDF report, my graph which is from the js scrip...

by Communicator in

App for Stream - pcap replay

I have a pcap with DNS traffic that I want to analyze. I downloaded the 'Stream Examples' app and the main Splunk App...

by Path Finder in

Inline vs Saved Search

Which do you recommend from a OS and search performance perspective and for realtime searches in a dashboard (or clos...

by Splunk Employee in

How to change a field with a numeric value in a CSV input file to a word equivalent at index-time?

For example, csv field is vulnerability severity (range of 1-10). I want to change that to one of 3 values depending ...

by New Member in

excluding holidays and weekends a count of days with events and a count of total days excluding weekends and holidays

I need to get a count of possible days an event could be happening while excluding weekends and holidays, for example...

by Path Finder in

Is it possible to perform bitwise operations on values in the eval function?

In the following query I'm trying to get the logical AND of two numbers: * | head 1 | eval x=2 | eval y=2 | eval ...

by Explorer in

Building query to detect blackhole Exploit Kit traffic

So, I've been logging traffic from my malware analysis sandbox looking for ways to develop a query to identify hosts ...

by Explorer in

How can I write a search to find lost connections with hosts?

Greetings, I am using a syslog setup for my data source. I am trying to create a way to search for lost connection...

by New Member in

Cannot put a date string into outputcsv filename argument

I want to run a report each hour, this report returns a single row. I want to create a separate csv file for each day...

by Path Finder in

How to filter out fields from my search that contain a dash "-" as a value?

I'm creating a dashboard that displays event "headers" for certain events, and a drill down search that will display ...

by Explorer in

How do I edit my search to remove specific substrings from URI values in my results in statistics tab?

I wrote a search which gives the result below in the statistics tab: URI Count HTTPS://XXXXXXXX//AAAA.aspx%3FUI...

by New Member in

How do I extract key value pairs from a field in a log file that has XML content?

Hi All, I have log file which has XML content in one of the fields and I need to extract its key value pairs. Can ...

by Contributor in

Is there a way to use structured field extraction (PSV in this case) that works with multiline field values?

Hi There, I have been trying with no luck today to do a structured field extraction using the "Add Data" function ...

by Explorer in

How to define cell colours in the "Lookup File Editor"?

Hi, how can I define cell colours for a csv in the lookupeditor as shown here? http://lukemurphey.net/projects/...

by Motivator in

How to edit my search to find the number of retention days (frozenTimePeriodInSecs/86400) for a specific index?

I have the following search to calculate the RetentionDays of all the indexes in a cluster, but I'm unable to fetch t...

by New Member in

How to convert time to seconds in my search?

Using this search to show the average runtime by a jobname selected from a drop-down menu. The time right now shows u...

by Communicator in

How do I expand rows in a lookup into columns?

Hi Still learning the language. Hopefully this is a simple one. I have a lookup that displays as Computer1 ...

by Path Finder in

How to edit my search to only return results that exceed a certain count within a time window?

I would like to issue the following search, but only get results that exceed a count within a time window. I see how ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to work out the age of a user based on date of birth?

Do unused search-time field extractions significantly impact performance if the extracted fields are not used?

Why is my PDF report not displaying the chart from my custom js script?

App for Stream - pcap replay

Inline vs Saved Search

How to change a field with a numeric value in a CSV input file to a word equivalent at index-time?

excluding holidays and weekends a count of days with events and a count of total days excluding weekends and holidays

Is it possible to perform bitwise operations on values in the eval function?

Building query to detect blackhole Exploit Kit traffic

How can I write a search to find lost connections with hosts?

Cannot put a date string into outputcsv filename argument

How to filter out fields from my search that contain a dash "-" as a value?

How do I edit my search to remove specific substrings from URI values in my results in statistics tab?

How do I extract key value pairs from a field in a log file that has XML content?

Is there a way to use structured field extraction (PSV in this case) that works with multiline field values?

How to define cell colours in the "Lookup File Editor"?

How to edit my search to find the number of retention days (frozenTimePeriodInSecs/86400) for a specific index?

How to convert time to seconds in my search?

How do I expand rows in a lookup into columns?

How to edit my search to only return results that exceed a certain count within a time window?

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...