Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How do I join these two searches to get OS type?

Hi, When I run the searches below separately, they give me exact result, but when I tried joining them, it was no...

by Explorer in

How to write the regex to extract data inside square brackets?

How to write a regular expression for capturing elapsed time of requests, with a log in this format. .......status=[...

by New Member in

Where does 'Search Assistant' get the user search-history from?

Where do we actually get user ended search history from to fill the Search Assistant “My Search History”? (4.1) Se...

by Communicator in

How do I sum values inside a multivalue row?

Hi all, I'm trying to create a sum of fields inside a row, but I can't figure how to do it. This is my scenario: ...

by Engager in

How do I edit my search to get this field into my chart?

Dear All, I am using the Splunk App for Windows and I am trying to get a chart out looking something like: Comp...

by Communicator in

How to search for ValueA, look ahead to the following 20 events, and return results if there is no corresponding ValueB?

This is probably a very basic Splunk question, but as I move beyond basic searches, these are the kinds of use cases ...

by Explorer in

Pass a field from main search into subsearch for each record

I have a sourcetype that represents transactions. On the sourcetype are 3 fields of importance to this question,:an i...

by Path Finder in

Getting information adjacent to a match.

Hello Data example: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) I have ...

by Communicator in

Why does search typeahead no longer show "matching terms" after I upgraded to Splunk 6.3?

I upgraded to Splunk 6.3 and it's working beautifully, however, I no longer get "matching terms" as I type in the sea...

by Splunk Employee in

Pass one field from multiple fields returned by subsearch

Hi All, I have a search query like below. [search A | fields B,C] | search (D OR E) | fields F | table, B,C,F. ...

by Communicator in

Why does searching by source not work sometimes?

This command does not work. index=grb_test sourcetype=QServiceManagerFormat | source="\\\\netapp4\\Quants\\ST\log...

by Explorer in

How to search the difference between the values of two fields between separate searches?

I have a field of names from two indexes and wish to find the unique values between them. I thought I should have to ...

by Explorer in

How to graph the number of active sessions over time?

The data that I would like to graph consists of start events and stop events. Sessions consist of one start event and...

by Contributor in

Help with regular expression

I wish to extract any number between "cmdbRequest" & "- Transaction" . For Example from below string ERROR 2...

by Engager in

Is there any guide out there that would help in successfully configuring the Sophos Add-on for Splunk?

I have successfully downloaded and installed the Sophos Add-on for Splunk. Now I am attempting to configure it and am...

by Communicator in

How to extract everything after a carriage return?

Is it possible to get everything after a carriage return? Example Bills to pay: Car House Boat etc I tried ...

by Explorer in

How can I escape the 50K subsearch limit while linking commands (joining datasets) together?

Does anybody have any creative ways to join search outputs together and avoid subsearch limits?

by Esteemed Legend in

How do I search wineventlog security logs in an inputlookup table?

I have a list of privileged users from my inputlookup table and I want to know their dest ip. This is why I want to s...

by New Member in

Is there a way to report on the devices depositing syslogs on my heavy forwarders?

I need to write a search to report on what devices are sending logs to my heavy forwarders using syslog-ng to the /va...

by New Member in

Group and count totals on 3 or more levels

Hello fellow Splunkers! I'm trying to recreate an existing report for my firewall guy within Splunk with hopes of ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do I join these two searches to get OS type?

How to write the regex to extract data inside square brackets?

Where does 'Search Assistant' get the user search-history from?

How do I sum values inside a multivalue row?

How do I edit my search to get this field into my chart?

How to search for ValueA, look ahead to the following 20 events, and return results if there is no corresponding ValueB?

Pass a field from main search into subsearch for each record

Getting information adjacent to a match.

Why does search typeahead no longer show "matching terms" after I upgraded to Splunk 6.3?

Pass one field from multiple fields returned by subsearch

Why does searching by source not work sometimes?

How to search the difference between the values of two fields between separate searches?

How to graph the number of active sessions over time?

Help with regular expression

Is there any guide out there that would help in successfully configuring the Sophos Add-on for Splunk?

How to extract everything after a carriage return?

How can I escape the 50K subsearch limit while linking commands (joining datasets) together?

How do I search wineventlog security logs in an inputlookup table?

Is there a way to report on the devices depositing syslogs on my heavy forwarders?

Group and count totals on 3 or more levels

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

Windows Event Log of Account Creation

How to convert large bytes to human readable units...

How to convert a large number to string with expre...

Need help on Dashboard related issue?

Why does Walklex return spaces before some of the ...