Splunk Search

Discussions

Thread Info

using EVAL

I have a form that prompts user for a 4 digit number representing a location. I want to insert that location number i...

by Communicator in

How can I override or offset the x-axis values in a Timechart?

I am working with Qualys Vulnerability reporting in Splunk and I'm building out a timechart of aging Vulns (Active Vu...

by Explorer in

Is there a way to do a Splunk query on data spread across different splunk instances?

Is there a way to do a Splunk query on data spread across different splunk instances? I guess not. If not, is there a...

by Communicator in

How to extract only the top level domain (TLD) from email addresses?

I am working with an email application. Currently doing a report based on domains using the product. Issue is there a...

by Engager in

Getting a Diff of two searches (items removed only)

Hello, I'm trying to compare the output of two searches, and display any items that were there yesterday, but not ...

by Engager in

sendemail - External search command 'sendemail' returned error code 1

Hi .. I have a special alerts app which is used to generate email alerts..Now in this app i have customized the de...

by Motivator in

Cross-referencing No-Fly lists with passenger manifests; how to compare massive lists?

I work for a certain agency which maintains a list of names of individuals who are on a "no-fly" list. Every day, som...

by Contributor in

How to write a search to extract an IP address after a line within a Windows security event?

Hello, I have the following: 11/20/2014 11:04:58 AM LogName=Security SourceName=AD FS 2.0 Auditing EventCode=50...

by Engager in

How to create a search to predict license violations?

I'm trying to use commands like predict and trendline to write a search that will alert on a predicted license violat...

by Explorer in

REGEX/Props.conf - Extracting the same field from multiple places in the same sourcetype?

I have one sourcetype that has a common field, but it's located at different places in the event depending on the mes...

by Influencer in

Why curl command for CSV output of top 20 error messages using regex returns error " -bash: syntax error near unexpected token `(' "?

I'm trying to use the REST API to export an aggregation of the top 20 error messages in my log4j formatted logs. I wa...

by Explorer in

How to write a transaction search where startswith has the same value as endswith?

Hello, I am kind of new to Splunk and unfortunately I ran out of Ideas how to solve the problem i'm facing. I need...

by Engager in

Why regex in search query is now failing, but used to work for months prior?

Today or sometime in the last week a query of mine stopped working. It worked before and should work now. The followi...

by Explorer in

How to write a search to get a table of eventstats perc95 and avg by a certain field?

I need a table which gives me both perc95(response_time) and avg(response_time) by service_name I am using the below ...

by Path Finder in

Monitoring logons of domain users (EventCode 4624)

Hello! I have logs from Domain Controller Active Directory in Splunk and try to configure monitoring of user logon...

by Explorer in

Calculations off of results of two stats searches

I have 2 searches: index=av_log sourcetype=sophos_threat_events | dedup ComputerName FullFilePath | stats count by...

by Communicator in

Timechart dynamic drilldown

Hi, I have a timechart as my first dashboard to display all the exception types over the time and below query is u...

by Explorer in

How to overlay two searches on the same chart in Splunk 6.1 or 6.2?

I have 2 searches and would like to overlay them on the same chart. The first creates a stacked column chart: inde...

by Communicator in

Finding multiple events for same user

Ok, so title might not say exactly what I'm looking for but here is my scenario. a. We have users who received err...

by Path Finder in

Building transactions with randomly ordered events

I have a log file with repeating patterns looking like this. Notice there are only 3 distinct field names and pay att...

by Contributor in

ordering of fields in a transaction (mvfind bug?)

I am trying to determine the sequence of pageviews that a visitor visits. I have the following query: eventtype="A...

by Builder in

The Lovely Transaction Command

When using the transaction command, I am getting unexpected results. Search: sourcetype=abc source="/u/spool/zlogs...

by Path Finder in

Convert epoch time from drilldown parameter

I have set up a drilldown to jump from a timechart graph to another dashboard. <link> <![CDATA[ /app/SPSearchData/d...

by Communicator in

How to pass the counts from two panels into a third panel to get a percentage of the whole and use a speed meter?

I am wanting to add a panel to a dashboard which shows a percentage of total vulnerable hosts to total hosts in the e...

by New Member in

Manipulating fields within a transaction

What would be the best way to go about manipulating fields within a transaction? For example, let's say I have the fo...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

using EVAL

How can I override or offset the x-axis values in a Timechart?

Is there a way to do a Splunk query on data spread across different splunk instances?

How to extract only the top level domain (TLD) from email addresses?

Getting a Diff of two searches (items removed only)

sendemail - External search command 'sendemail' returned error code 1

Cross-referencing No-Fly lists with passenger manifests; how to compare massive lists?

How to write a search to extract an IP address after a line within a Windows security event?

How to create a search to predict license violations?

REGEX/Props.conf - Extracting the same field from multiple places in the same sourcetype?

Why curl command for CSV output of top 20 error messages using regex returns error " -bash: syntax error near unexpected token `(' "?

How to write a transaction search where startswith has the same value as endswith?

Why regex in search query is now failing, but used to work for months prior?

How to write a search to get a table of eventstats perc95 and avg by a certain field?

Monitoring logons of domain users (EventCode 4624)

Calculations off of results of two stats searches

Timechart dynamic drilldown

How to overlay two searches on the same chart in Splunk 6.1 or 6.2?

Finding multiple events for same user

Building transactions with randomly ordered events

ordering of fields in a transaction (mvfind bug?)

The Lovely Transaction Command

Convert epoch time from drilldown parameter

How to pass the counts from two panels into a third panel to get a percentage of the whole and use a speed meter?

Manipulating fields within a transaction

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Get Inspired! We’ve Got Validation that Your Hard Work is Paying Off

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...