Splunk Search

Thread Info

Matching A vs AAAA rex help

All, I'm stuck on a regex issue. Not sure how I can match A records vs AAAA records within windows dns logs. I cam...

by Path Finder in

joining two searches with common field

I'm not an advanced user of splunk, so I'm not even sure this is possible. I have two searches which have a common fi...

by Explorer in

dbConnect sinkhole not working for dbmon directory

I'm using dbConnect, and my $SPLUNK_HOME/var/spool/dbmon directory is filling up with old data. I've checked dbx/loca...

by Explorer in

Can an ausearch command be used in the search field?

I am attempting to convert a audit script on my linux audit server into something manageable in Splunk. Can I use the...

by Explorer in

count on 2 fields

Hello, The command Who returns me the log : USERNAME LINE HOSTNAME TIME root pts/1 PC1.domain.com Oct 21 14:17 ro...

by Engager in

Using subsearch or transaction to correlate events from different sources?

Hello, I have a set of events coming from a source that tell me if a user came from a certain page "Source". From thi...

by Explorer in

Update Summary Index Events

There are 2 data sources A & B with common field common_field. Source A Common_Field A1-Field A2-Field C...

by Contributor in

Splunk v6: GeoIP usage without pivot

Hi all In Splunk v6, when using datamodels, I can add GeoIP information to ipv4 attributes. Is it somehow possible...

by Contributor in

lookup based on 2 fields not working

i have created a lookup.csv file as below and uploaded the file. then i have created lookup definition with this part...

by Path Finder in

Need to extract IP Address

I am very new to splunk and still learning, but have a need to get some IP addresses from a very large log file. Basi...

by Explorer in

Scheduler stop working

I have about 150-200 scheduled searches that runs every minute. Most of searches look for data from 15 minutes till n...

by Path Finder in

Transaction Totals

Hello I'm trying to get the search to find a transaction and within that transaction is information like brokerID,...

by Builder in

regex question...

Hi, I have an inputs.conf that has the following whitelist: whitelist = (?i)vpxd-\d{5}\.log The 5 was origin...

by Champion in

FTP file staistics

I am new to spluk, I have the below sample log and would like to arrive statistics on userwise how many files/Bytes r...

by Explorer in

transaction query

I have a search as source="C:\\Data\\acctdata\\snm4-logger.log" | transaction FILENAME_FIELD keepevicted=true| where ...

by Explorer in

splunk search and changed domaincontroller name

Hello, I have recently changed the computername of my Domaincontroller. When I make a splunk search with "failed pass...

by Path Finder in

Zero events monitoring in chart

Hi! I need to build realtime search which tracks if NO events with particular P_LOGIN_NAME are received in last 15...

by Path Finder in

Custom Python Command

Can we write custom python commands in splunk ..

by New Member in

Rex query :Help required in writing a pattern

I want to use rex to figure out the pattern for a url. The URL looks something like - text . The other 2 urls are ha...

by Explorer in

Timechart search and subsearch together

I'm trying to graph the total number of hits to our website alongside the total number of hits to a subset of pages w...

by New Member in

Combining Two Columns to Chart 3rd for Root Cause

I have a log that outputs a table every day of issues that occur between two parties. I'm able to split the output ta...

by Communicator in

Finding unique entries

I have syslog data that looks like so: 2013-10-17T12:37:01.608054-04:00 fw01.77MowatAv01.YYZ %ASA-1-106021: Deny S...

by Path Finder in

User Preferences

How and where does Splunk store user's preferences (like selected fields, last used time range, that kind of thing)? ...

by Motivator in

Can we combine data from different Apps?

Hi, Can we combine data from different Apps?

by Contributor in

How to count the size of json array of a single event

How to count the size of json array of a single event For example {"a" : [{"b": true}, {"b": true}, {"c": true}]} ...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

Matching A vs AAAA rex help

joining two searches with common field

dbConnect sinkhole not working for dbmon directory

Can an ausearch command be used in the search field?

count on 2 fields

Using subsearch or transaction to correlate events from different sources?

Update Summary Index Events

Splunk v6: GeoIP usage without pivot

lookup based on 2 fields not working

Need to extract IP Address

Scheduler stop working

Transaction Totals

regex question...

FTP file staistics

transaction query

splunk search and changed domaincontroller name

Zero events monitoring in chart

Custom Python Command

Rex query :Help required in writing a pattern

Timechart search and subsearch together

Combining Two Columns to Chart 3rd for Root Cause

Finding unique entries

User Preferences

Can we combine data from different Apps?

How to count the size of json array of a single event

Detecting Brute Force Account Takeover Fraud with Splunk

Buttercup Games: Further Dashboarding Techniques (Part 9)

Buttercup Games: Further Dashboarding Techniques (Part 8)

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...

Splunk Search

Are you a member of the Splunk Community?

Discussions