Splunk Search

Ask a Question

Discussions

Thread Info

How to create a rule that does a search against phishtank.com

basically i want to be able to search if users have visited sites that are listed in phishtank.

by Explorer in

How to change a rex field extraction to an inputs.conf file?

Here I am asking another question, but I think that this one will help me with other questions that I've had. Curr...

by Communicator in

Why does the Transaction command for "All Time" not include all recent events?

I have search lots of transaction questions and don't see any related to this question. I have a search that defin...

by Explorer in

Do lookup fields work in conjunction with fields that have been created using rex in the search string?

Do lookup fields work in conjunction with fields that have been created in the search string? The output of user g...

by Communicator in

How can I create a table showing successful logins on a server?

How do I create a table that lists which user logged in to the windows server and the time that they successfully log...

by Explorer in

If/Then To different Eval Statements

I'm trying to have a Splunk Alert kick off an email (to an email script) and depending on the search query it should ...

by Communicator in

Append search issue

I am trying to find out details of a remote session. Although the events are the same, they are separate by action (a...

by Path Finder in

Improve search reducing appendcols

Hello, is there any way to improve this search by reducing appendcols number ? Source is the same, only download_...

by Explorer in

map command not working whn used in advanced xml

Hi PFB the snippet in my dashboard: <module name="Search" layoutPanel="panel_row2_col1" autoRun="True"> <param...

by Contributor in

adding commas to numbers, chart+by breaks it.

Howdy all, I'm using the following search index="summary_collaboration" source="Inbound Messages Accepted & D...

by Path Finder in

Manipulating a Table

Hi All, I have a following table. Total is the sum of the cost of items by country using eventstats. Countr...

by Contributor in

How to extract fields at search-time and display values in one row without modifying props.conf?

As this sourcetype is used for other searches, the props.conf cannot be modified for adding the line merger, how to I...

by Path Finder in

Adding documentation to events

I have been thinking about about having documentation "attached" to events. For example a short explanation of a func...

by Engager in

長いサーチの実行でunknown sidエラーが表示される

UI から、完了するまでに時間がかかる（３時間ほど）サーチを実行したところ、サーチ自体は完了せずに Unknown sid エラーが表示されました。また、この状態で Job Inspector の画面を表示しますと 500 Inter...

by Contributor in

Table of count of specific user action by unique user

I would like to create a table similar to the following: Of Reports Created Users % >10 ...

by Contributor in

using a variable with eval

Yet another Newbie question, I have the following search string that's working fine: | eval DOCSIS_TxPWR_Rdy=case(...

by Path Finder in

Digital Intelligence questions

Hi, guys I dive in Web Analytics and figure out some questions. Please, help me to find answers. All my questions ...

by Path Finder in

Rex not working for special characters

Hi Folks, I've worked out a regex to pull out group names from audit logs. It works for one field with no special ...

by Communicator in

Why is there no Raw Events export option when I have a search with stats command or returns a table?

From the GUI, you should also see a "Raw Events" as an export option along with json, xml, and csv however I do not s...

by Communicator in

DB Connect: I don't see any data after adding my database input

I have defined a database input (dump type) with a simple SQL query and a key-value output format. \ The "dbx.log"...

by Explorer in

search query not filtered by tag command

I have created a field using the rex command. I have partioned the field into two parts: admin and spss_user. However...

by Communicator in

Regex fails as when defined as field extraction, but works with rex command. "Regex: missing terminating ] for character class"

This works in my search: rex field=source "\w:\\\[\w]*\\\(?<app_path>[^\\\]*)" But when I try to define it as ...

by Communicator in

How to get 7 day timechart of percentage of missing Session_ID's by SITE_ID compared to Total number of entries per SITE_ID?

Been wrapped around this a few days now without luck. Starting Query: Tells me how many Session_ID's were not incl...

by Explorer in

How to sum the values in a field over a specific time span?

New to splunk! I'm currently having trouble trying to sum values in a field over a specific time span... My sea...

by Engager in

Compare identical fields from 2 searches

I have 2 searches which I appended and I am trying to search based on a matching session ID (to find details of a rem...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to create a rule that does a search against phishtank.com

How to change a rex field extraction to an inputs.conf file?

Why does the Transaction command for "All Time" not include all recent events?

Do lookup fields work in conjunction with fields that have been created using rex in the search string?

How can I create a table showing successful logins on a server?

If/Then To different Eval Statements

Append search issue

Improve search reducing appendcols

map command not working whn used in advanced xml

adding commas to numbers, chart+by breaks it.

Manipulating a Table

How to extract fields at search-time and display values in one row without modifying props.conf?

Adding documentation to events

長いサーチの実行でunknown sidエラーが表示される

Table of count of specific user action by unique user

using a variable with eval

Digital Intelligence questions

Rex not working for special characters

Why is there no Raw Events export option when I have a search with stats command or returns a table?

DB Connect: I don't see any data after adding my database input

search query not filtered by tag command

Regex fails as when defined as field extraction, but works with rex command. "Regex: missing terminating ] for character class"

How to get 7 day timechart of percentage of missing Session_ID's by SITE_ID compared to Total number of entries per SITE_ID?

How to sum the values in a field over a specific time span?

Compare identical fields from 2 searches

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions