Splunk Search

Ask a Question

Discussions

Thread Info

Adding SLA compliance percentage

Hi All, Need some guidance for calculating SLA Achieved percentage column. This is how my results look like after ru...

by Builder in

How to filter for total number of users on an appliance?

For Cisco I used the filter below, I will need to add filters for whatever view I am looking for. I want to look u...

by Explorer in

How to find last value of multivalue field (Split and mvindex)?

I have a URL field and need to find the last word (split by "/") Ex: URL 1: xxx/yyy/ServiceNameURL 2 : aaa/bbb/ccc...

by New Member in

How to calculate time difference using ctime?

Hi All, I have a very simple use case and that is to display the time difference between 2 fields that already have t...

by Builder in

How to get last login from multiple date ?

please help,i used _time from date log, and i using time from windowstime, but i tried substraction bot of them not r...

by Explorer in

How to display only subsets of data from correlated sendmail log transactions?

The sender and recipient information I need from Unix/Linux "sendmail" logs is contained in separate lines in the se...

by Engager in

How to use regex to send events to NullQueue?

Hi, How to use regex to send all events related to fw_rule=0 and from a sensor sensor=abcd-f01 to null queue? s...

by Builder in

Is there any configuration/way to merge two or more events into one ?

I was trying to send data through Splunk HEC (Http event Collector). curl http://ip:8088/services/collector -H "Aut...

by New Member in

Not receiving data from particular source

Hi My sources:1. /app/splunkser/ShiftNonMinJMC/ShiftNonMinJMC.log 2. /app/splunkser/ShiftNonMinJMC/ShiftNonMinJMC...

by Path Finder in

How to add value in two fields based on their name?

Hi, I would like to add value in two fields based on their name. I want the output as sum of traffic_in#fw1+traffic_...

by Communicator in

Why won't Walklex timespan follow time specifications?

When I use walklex on my indexes, it doesn't appear to be following the time specifications very well. Does anybody k...

by Explorer in

How to extract a timestamp from line 2 of a CSV and apply it to each line of data in the remainder of file?

We have a particular file of the format: Field1, Field2, Timestamp field, Field4, Field5, Number of records, Field...

by Explorer in

How to use tstats in search?

Hi allwhen i run my original query i am getting one result and when i execute the same query using tstats i am gettin...

by Path Finder in

How to load all artifact_offsets in loadjob?

Hey all! I have a saved search that runs on a schedule and generates those "artifacts", I know I can access a specifi...

by New Member in

Has anyone come across this warning below in Splunk Web?

Hi, I recently came across this warning on Splunk web and was just wondering if anyone else has encountered this be...

by Explorer in

Why won't strptime work for the below format?

Hi, My Strptime function is not working for the below format. date format: 1/13/23 11:44:11.543 AM eval tim...

by Explorer in

How to compare contents of one lookup to another?

Currently I have an inputlookup csv that contains a list of IP addresses and lookup csv that has a list of subnets. I...

by Path Finder in

How to change each instance of a field search result?

I'm doing a search for server names and will eventually extract to to a csv. However, each result comes out as one of...

by Path Finder in

How to filter events with regex?

I'm trying to filter out events like the ones below using the regex expression regex _raw!="^[A-Za-z0-9]{4}:.*$" ...

by Explorer in

How to blacklist regex in parsing?

Currently running Splunk Universal Forwarder version 9.0.3. Looking to ignore Windows event logs (EventCode = 4103...

by Path Finder in

Is there a way to search across multiple lookup files to find text within them?

Hi Is there a way to search across multiple Lookup files to find text within them ? I know that you can use | inp...

by Explorer in

How to disable save as option?

I want to disable the feature of save as, user can able to search but shouldn't be able to save it as a dashboard or ...

by Communicator in

How to use a lookup to filter raw data from a log?

Hi all, I am new to Spluntk and have problem with my search. I have a Lookup table: Error.csv Filter*Error1*...

by Engager in

How to split time into column and other fields into row?

|eval TotalApps=if(match('Total',"NTB"),"1","0") |eval In-Progress=if('Total'="NTB" AND isnull('APPL_SUB-DATE'),"1...

by Loves-to-Learn Lots in

Events are getting matched, but why don't I see any table with messageid and timediff?

I have 2 events having fields1. id_cse_event: sqsmessageid,timestamp2. Scim: sqs_message_id, timestamp.I want to sear...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Adding SLA compliance percentage

How to filter for total number of users on an appliance?

How to find last value of multivalue field (Split and mvindex)?

How to calculate time difference using ctime?

How to get last login from multiple date ?

How to display only subsets of data from correlated sendmail log transactions?

How to use regex to send events to NullQueue?

Is there any configuration/way to merge two or more events into one ?

Not receiving data from particular source

How to add value in two fields based on their name?

Why won't Walklex timespan follow time specifications?

How to extract a timestamp from line 2 of a CSV and apply it to each line of data in the remainder of file?

How to use tstats in search?

How to load all artifact_offsets in loadjob?

Has anyone come across this warning below in Splunk Web?

Why won't strptime work for the below format?

How to compare contents of one lookup to another?

How to change each instance of a field search result?

How to filter events with regex?

How to blacklist regex in parsing?

Is there a way to search across multiple lookup files to find text within them?

How to disable save as option?

How to use a lookup to filter raw data from a log?

How to split time into column and other fields into row?

Events are getting matched, but why don't I see any table with messageid and timediff?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...