Splunk Search

Discussions

Thread Info

How to write a search to compare and find the difference between monthly results over a period of time?

We have the below splunk query to get the availability report. How to compare monthly availability results? Example: ...

by Builder in

Joining logs on a field

I have several log messages that are joined by a single field, id - each of the messages will include that field. Wha...

by New Member in

Dynamic field extraction with multiple values; Cisco ISE Posture checks

From our Cisco ISE we get Posture report events, each event can have multiple PostureReports. PostureReport=Encas...

by Builder in

How to get top 10 users with their avg & stdev response time and group the rest of the users as OTHER value?

I need the count, average response time, and stdev response time for top 10 users. I also want to group the rest of u...

by New Member in

How use a not local csv file as lookup ?

Hi, I use a csv file as a lookup in a search command like this : sourcetype="airmantool" | rex ".\s(?[A-Z]+)\s+...

by New Member in

Using Results from a search and use them in a new search

I'm trying to figure out if it's possible to take the results out of a search and define them and automatically use t...

by Path Finder in

Time Chart to display active events by comparing start and stop time.

I have a log file that has the start_time and stop_time of different actions. We can call the action to be in the "ac...

by Communicator in

How to append a subsearch where count < 50?

Hello - Any suggestions on how to append a subsearch where count < 50? ...|stats count | where count < 50 | appe...

by Contributor in

Nginx log parsing

Hi! I would like to extract fields from my nginx access log which was configured so: '[ $connection : $msec : $...

by Explorer in

How to write a complex transaction Search

Hi There, Identify the transaction duration based on individual field, field3,fiel4 values. Events may not be same...

by Motivator in

How to search across multiple Data Centers in a clustered environment?

I have two Data Centers: one in New York (NY) and other in San Francisco (SF) city. We have a Cluster Master , Search...

by Communicator in

Can the Cluster Peer be re-added to the Cluster Master without restarting Cluster master or the Cluster Peer?

Can the Cluster Peer be re-added to the Cluster Master without restarting Cluster master or the Cluster Peer? I have ...

by Communicator in

How to search the 90th percentile value in a series of values and the count of values that are greater than the 90th percentile?

I need the 90th percentile value in a series of values and the count of values that are greater than the 90th percent...

by Path Finder in

How to return "Specific text" in the subject of an alert if regex matches any field/value from the results?

Hi, I am trying to work to get "Specific text" in the subject of an alert using regex if possible. Here it goe...

by Explorer in

Detecting MS14-068 (AD) exploitation attempts. How to concatenate the Domain Name and Account name in the search query?

I'm trying to query instances where Security_ID != {Domain Name}\Account_Name in the security event logs per Microsof...

by Engager in

Is It possible do two different searches and write the output data in another index?

by Explorer in

How to configure character set encoding for Russian in Splunk?

Hello. Can you help me? I have a log: filename":"\u0421\u043e\u0433\u043b\u0430\u0448\u0435\u043d\u0438\u0435 \u0...

by Communicator in

Where do we find date of creation for Knowledge objects in Splunk?

Hi All, Where do we find date of creation for Knowledge objects (Searches and reports, Event types, Tags, Fields a...

by Contributor in

How to write a search that automatically compares volume for this year against the same day of the week last year?

Greetings! Trying to build a search that automatically compares volume for this year against the same day of the w...

by Contributor in

DB Connect App Error Code 47

I have setup a MSSQL database connection using the DB Connect App, this database does have a specific port. When sett...

by Motivator in

Summary index event timestamp issue

I have a search that generates 24 hours of timechart results with a 10 minute span. The search returns expected resul...

by Path Finder in

How to use the extract command for a field extraction of key value pairs?

having some time trying to extract fields automaticaly from the message below. really wanted to test out the xtract b...

by Path Finder in

Can my dashboard pick from a set of predetermined timechart spans depending on the user's timerange length?

First, the answer here may be to simply not use span=1h at all, but rather to use bins=500 or some similar number in ...

by SplunkTrust in

Splunk DB Connect: How to get dbquery to respect time range picker?

All, I'd like to do something like the following | dbquery MyDatabase "SELECT * FROM myTable WHERE timestamp > ...

by Contributor in

Calculation based on field matching counts of a value

We have a CSV fields set defined (shortening it here), Txn,Destination,Status test1,NY,Pass test2,NY,Pass test2,N...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to write a search to compare and find the difference between monthly results over a period of time?

Joining logs on a field

Dynamic field extraction with multiple values; Cisco ISE Posture checks

How to get top 10 users with their avg & stdev response time and group the rest of the users as OTHER value?

How use a not local csv file as lookup ?

Using Results from a search and use them in a new search

Time Chart to display active events by comparing start and stop time.

How to append a subsearch where count < 50?

Nginx log parsing

How to write a complex transaction Search

How to search across multiple Data Centers in a clustered environment?

Can the Cluster Peer be re-added to the Cluster Master without restarting Cluster master or the Cluster Peer?

How to search the 90th percentile value in a series of values and the count of values that are greater than the 90th percentile?

How to return "Specific text" in the subject of an alert if regex matches any field/value from the results?

Detecting MS14-068 (AD) exploitation attempts. How to concatenate the Domain Name and Account name in the search query?

Is It possible do two different searches and write the output data in another index?

How to configure character set encoding for Russian in Splunk?

Where do we find date of creation for Knowledge objects in Splunk?

How to write a search that automatically compares volume for this year against the same day of the week last year?

DB Connect App Error Code 47

Summary index event timestamp issue

How to use the extract command for a field extraction of key value pairs?

Can my dashboard pick from a set of predetermined timechart spans depending on the user's timerange length?

Splunk DB Connect: How to get dbquery to respect time range picker?

Calculation based on field matching counts of a value

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

StateSpaceForecast holdback and forecast_k for eva...

ITSI thresholds: adaptive vs static