Splunk Search

Discussions

Thread Info

compare a previous result

I have created a search for my VPN users, when they connect, from where they connect (SRC IP) and geoip that IP to lo...

by Path Finder in

How to show count of events per day dbconnect

Hi, here's my search, which includes a conversion from epoch time to a Y-d-m time format: | dbquery "DBNAME" "SELE...

by Explorer in

Splunk Search

I am new to splunk . I am trying to search some events in splunk,What I want is get all results which have field ...

by New Member in

relating AD logs with DHCP

Hi, I am trying to add a IP address hint to the Active Directory logs. I know it isn't completely reliable, but it...

by Communicator in

is there a way to get the number of events per transaction

Hi, is there a way to get the number of events per transaction?

by Contributor in

how to create sourcetype based on raw field in splunk

Hi, In my case, Splunk is getting data in by tcp port. I configure the TCP port with sourcetype="myagent". the json f...

by Contributor in

field extraction from raw data

Hi There, I have below data that i will like to extract as key-value pair from a custom event source i have create...

by Path Finder in

I would like group result

I have this request : sourcetype="accouting" fichier="*.log" | stats count by fichier Here is the result : ...

by Engager in

How can group age?

Dear All, I have data like age count 23 76 24 154 25 168 26 140 27 132 28 156 29 152 30 167 31 144 32 ...

by Contributor in

User Agent regex

I'm trying to create a regex to match the user agent from the following logs. Beginning with "Mozilla/*" and ending a...

by Path Finder in

Search Language variable for search duration

Hello, I was curious if there was a way to reference a search duration for use within the search? Primarily for use i...

by Path Finder in

Extracting File Names from URL String

Hello All, Having some trouble coming up with a way to extract a file with three random characters and a .jnlp ext...

by Explorer in

Preventing format from being called on a subsearch

Hello, I have a macro (a subsearch enclosed in square brackets) that I use to filter my initial search. I would li...

by Builder in

Where to put extract statement

Hi, I am processing some logs on a universal forwarder, which then sends the data to some indexers, which are sear...

by Champion in

I have summary data in the logs from a custom application, I would like to further aggregate my data an make it compatible with sistats output

I need to take already summarized data in the logs, aggregate it from a large group of servers, and build an si-type ...

by Explorer in

Extracting File Type

Hi Everyone, Trying to extract the File Type from Files (ex: pst, xml, etc). I have tried to split it: eval spl...

by Path Finder in

transforms.conf – supporting alternatives in REGEX and numbering the alternative-groups in the FORMAT lines

In the transforms.conf file, how do I support the alternatives on the REGEX line with the corresponding FORMAT line g...

by Explorer in

How do i Map out data on Google Maps

Hi everyone, I am very new to splunk and im trying to map out some car park relevant data on Google Maps app but to n...

by New Member in

Real time dashboard data not refreshing.

I've created a the following search that returns results when first run using 5 minute real time from the time picker...

by Contributor in

Limit search universe to certain search peer

Hi, Is there a parameter to limit the search universe to a particular search peer when executing the search in the se...

by Builder in

Help needed with Search to correlate Event Logs with Active Directory OU

Hello. I would like to create an alert anytime a privileged user account logs in to our domain. I can do separate sea...

by New Member in

Looking for a way to create better tables for large file

sourcetype="AAA_CDR" bob.com Total_Bytes > 0 | convert timeformat="%j" ctime(Event_Time) AS day | table User, day, To...

by New Member in

Whether splunk saves a copy of the log files in their server side

For security reason , in our project we want that the log files (audit logs,developer's logs etc) should not go outsi...

by New Member in

Up Down status from a Pre Defined List

Hi All, Below is my requiremnt , I have a CSV file which is quite big but in the belwo format Ips,Name 10.10.10...

by New Member in

Lookup table challenges

Tried experimenting with the Http Status codes example in the documentation for lookup tables. This is the error. ...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

compare a previous result

How to show count of events per day dbconnect

Splunk Search

relating AD logs with DHCP

is there a way to get the number of events per transaction

how to create sourcetype based on raw field in splunk

field extraction from raw data

I would like group result

How can group age?

User Agent regex

Search Language variable for search duration

Extracting File Names from URL String

Preventing format from being called on a subsearch

Where to put extract statement

I have summary data in the logs from a custom application, I would like to further aggregate my data an make it compatible with sistats output

Extracting File Type

transforms.conf – supporting alternatives in REGEX and numbering the alternative-groups in the FORMAT lines

How do i Map out data on Google Maps

Real time dashboard data not refreshing.

Limit search universe to certain search peer

Help needed with Search to correlate Event Logs with Active Directory OU

Looking for a way to create better tables for large file

Whether splunk saves a copy of the log files in their server side

Up Down status from a Pre Defined List

Lookup table challenges

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6