Splunk Search

Discussions

Thread Info

Joining Searches for Authentication Times

So I have two searches; one for the client_vpn_asa and one for the nac, they both require regex: index=client_vpn_...

by Explorer in

Increase the number of values shown for selected fields

Is there a way to increase the number of values shown for selected fields from 10 to 20-25? A customer has put in a r...

by Motivator in

Transaction not showing some events in table format

I am using Transaction command to group events in one line and want to see this in a table format. Have the "order_nu...

by New Member in

limit results by 10 events per day in one month timeframe

Hi- I have this search query: "source="/prod/splunkforwarder/bin/scripts/jrexpiry.sh" npw.gov.se" and my time frame i...

by Path Finder in

How to execute a shell script kept in app's bin folder using a dashboard?

I have a requirement to execute a script (does file cleanup) to be executed from a dashboard button (so as to avoid l...

by Revered Legend in

updrate SPLUNK 6.0 to 6.0.3

Steps to perform upgrade?

by New Member in

Timestamp splitted in log files

Hi all, I'm trying to extract the timestamp from a crappy unstructured logs. Every event is one line with 300 charact...

by Path Finder in

Troubling json extraction

I can't for the life of me figure this out. There seem to be examples all over and none of them address this. I ha...

by Builder in

how to take the values from nth field

Hi all, Below is my search... source="computer_status_export_SEP12_Mar27.csv" | dedup "Computer Name","MAC Address1" ...

by Super Champion in

HTML Dashboard - Clarification on the search

A HTML Dashboard is created that has five textboxes and one search button.When the search button is clicked,the value...

by Explorer in

List of default working extractions in Splunk like "| extract access-extractions"

Hi All, So I was looking at some unextracted web log data, found this link: http://docs.splunk.com/Documentation/S...

by Path Finder in

_time from filename using Eval

Hi My file name is like ABC20140321.csv I want splunk to read _time value from this file name. I tried to edit dat...

by Explorer in

eval if isnull hope fill other values

Hi: My weburl sometim is null, i hope if weburl is null then weburl1 fill to weburl. I'm try "eval n=if(isnull(hos...

by Path Finder in

Failed Logins

I am observing the failed logins of a user and it is getting locked quite frequently morning between 01:30 AM to 02:3...

by Path Finder in

how to do "where field in" with splunk

I need to do a query which looks like field in [list of values]. The list could be another query's return values.

by Explorer in

Date Field calculations help

Hello All, I am hoping one of you can help me out with the following: I have a Powershell script which is displaying ...

by Path Finder in

Summary Index Migration

Hello Everyone, We currently have a Splunk instance up and running and are looking to stand up a completely differ...

by Explorer in

How to load a list of values for a search from the GUI

How can I look for a list of 50+ values without typing in "foo=1 OR foo=29 OR foo=4219...". Obviously without touc...

by Explorer in

Timecharting the sum of a max value in a field.

I think I have the hard part of this figured out but, I'm struggling with how to send it into time chart. Here's the ...

by Path Finder in

How to make from one row two?

Hello All My table looks like these Number Name Position Login1 Login2 1 John expert johns1 johns2 is it pos...

by Contributor in

*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:
SOAR (f.k.a. Phantom) >>
Enterprise Security >>
Splunk Enterprise or Cloud for Security >>
Observability >>

Or Learn More in Our Blog >>

Splunk Search

Discussions

Joining Searches for Authentication Times

Increase the number of values shown for selected fields

Transaction not showing some events in table format

limit results by 10 events per day in one month timeframe

How to execute a shell script kept in app's bin folder using a dashboard?

updrate SPLUNK 6.0 to 6.0.3

Timestamp splitted in log files

Troubling json extraction

how to take the values from nth field

HTML Dashboard - Clarification on the search

List of default working extractions in Splunk like "| extract access-extractions"

_time from filename using Eval

eval if isnull hope fill other values

Failed Logins

how to do "where field in" with splunk

Date Field calculations help

Summary Index Migration

How to load a list of values for a search from the GUI

Timecharting the sum of a max value in a field.

How to make from one row two?

Is it possible to fetch events from bar index in 5...

How to generate alarm for when CPU peaks at100% o...

Difference between per_second and span=1s in timec...

Help comparing outputcsv to inputcsv

How to hide columnName from table?