Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to extract everything after a carriage return?

Is it possible to get everything after a carriage return? Example Bills to pay: Car House Boat etc I tried ...

by Explorer in

How can I escape the 50K subsearch limit while linking commands (joining datasets) together?

Does anybody have any creative ways to join search outputs together and avoid subsearch limits?

by Esteemed Legend in

How do I search wineventlog security logs in an inputlookup table?

I have a list of privileged users from my inputlookup table and I want to know their dest ip. This is why I want to s...

by Explorer in

Is there a way to report on the devices depositing syslogs on my heavy forwarders?

I need to write a search to report on what devices are sending logs to my heavy forwarders using syslog-ng to the /va...

by New Member in

Group and count totals on 3 or more levels

Hello fellow Splunkers! I'm trying to recreate an existing report for my firewall guy within Splunk with hopes of ...

by Explorer in

is_pid_valid

I am seeing this error, causing splunk to not start, how can I resolve it? Operation "is_pid_valid" failed in /opt...

by Explorer in

Is it possible to modify a form token's value after it is selected?

HI currently i am calling a splunk report with a parameter like below. Host is like ServerName.DatabaseName <a hre...

by Explorer in

How to edit my search to get the output to show on a radial gauge?

I am trying to show the total amount of space we are using in a box right now for a dashboard. Here is my following s...

by New Member in

Replacing multiple values in events with data from a lookup table.

I am fairly new to Splunk so forgive me if this is a simple question. I have a lookup table with the following data: ...

by New Member in

Why is this search for RDP failed logins no longer returning results with error "No matching fields exist" after upgrading to Splunk 6.2.6?

Hey everyone We updated to Splunk 6.2.6 and now some of our searches don't work anymore, and I was wondering if s...

by New Member in

How to group the daily active users by their activity during the last 2 weeks?

Hi, I would like to group the daily users by their number of active days during the last 2 weeks. My current searc...

by Motivator in

How to edit a time chart search to sort on count by date, rather than count by user?

Yesterday I was asked if I can swap out time chart, so that the time is on the top, and user name is on the left. ...

by Communicator in

How to find all searches that are scheduled to run every hour?

I have this search host=MyIndeders sourcetype=cpu | multikv fields CPU pctUser | timechart span=5m avg(pctUser) AS...

by Motivator in

Convert Millseconds to Epoch Time

Hi, I wonder whether someone could help me please. I'm extracting a time stamp in the format 2015-01-31T23:59:55.2...

by Motivator in

How to edit my search to get the sum event counts within a 4 minute window?

Hello, I have the following data (this is the result of a transaction): Date Hour Paypload ...

by Communicator in

How to automatically update a CSV lookup based on a daily CSV file output from a curl script?

Hello, I have a CURL script that generates a CSV file, and I would like to use that CSV file as a lookup for some ...

by Path Finder in

Slow queries searching for records starting at an earliest datetime using C# SDK and dashboard

Hi Splunkers, I’m having problems with slow queries when returning a fixed number of events starting from a specif...

by Explorer in

How can I compare 2 fields from database dumps and return lists from 1 database off all data that is not found in the other?

I have dbdump from my vulnerability software RetinaCS and dbdump from McAfee. I want to compare the assetNames field ...

by Loves-to-Learn Lots in

stats latest(myfield) data for a table?

So I have a search that I am building, though the results must be output into a table, due to not all fields being pr...

by Motivator in

Grouping using regex, then do stats

Assume each event includes 2 fields: path and duration among other fields. Path can have values: (i) type1 = /x/y/, ...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to extract everything after a carriage return?

How can I escape the 50K subsearch limit while linking commands (joining datasets) together?

How do I search wineventlog security logs in an inputlookup table?

Is there a way to report on the devices depositing syslogs on my heavy forwarders?

Group and count totals on 3 or more levels

is_pid_valid

Is it possible to modify a form token's value after it is selected?

How to edit my search to get the output to show on a radial gauge?

Replacing multiple values in events with data from a lookup table.

Why is this search for RDP failed logins no longer returning results with error "No matching fields exist" after upgrading to Splunk 6.2.6?

How to group the daily active users by their activity during the last 2 weeks?

How to edit a time chart search to sort on count by date, rather than count by user?

How to find all searches that are scheduled to run every hour?

Convert Millseconds to Epoch Time

How to edit my search to get the sum event counts within a 4 minute window?

How to automatically update a CSV lookup based on a daily CSV file output from a curl script?

Slow queries searching for records starting at an earliest datetime using C# SDK and dashboard

How can I compare 2 fields from database dumps and return lists from 1 database off all data that is not found in the other?

stats latest(myfield) data for a table?

Grouping using regex, then do stats

Splunk APM & RUM | Upcoming Planned Maintenance

Part 2: Diving Deeper With AIOps

User Groups | Upcoming Events!

What is wrong with my sub-pipeline in appendpipe?

Help with non eng word rex search?

Cannot export search results- How to fix error?

How to remove null values then add fields?

How to calculate distinct count for present values...