Splunk Search

Thread Info

extract field between two single quotes please help

Sorry i am a noob to regex and splunk regex especially. Regex to extarct all that is between the two single quotes...

by Path Finder in

Calculate durations within a transaction

I have a transaction that crosses multiple applications. I have a eventguid that I use with the transaction command t...

by Motivator in

Convert field extraction into summarized value

Hi there, I have a log that prefaces each message with either "Sending data on connection" or "Received data on co...

by Explorer in

How can I chart pairs of values within the same field

I have entries in my log which can have the same username but can have multiple machine_types. For example, user "jac...

by Path Finder in

Did _time format (when displaying it) change?

Hi. We recently upgraded from a 4.2 installation to 4.3.3 and a report that includes the _time field (which used to c...

by Path Finder in

aggregating stats by wildcard or arbitrary number of fields

Imagine I have the following data: msg uid AB_test1 AB_test2 click 1 A A reqst ...

by Engager in

How to show the following 100 events after a particular event

Hi, I want to show next 100 events after a first occurence of particular string. eg:Iam searching a string id:9045...

by Communicator in

Percentage network bandwidth by site

Hi all, Another question... I have two extracted fields: "MB" and "site". I wish to do the following, over a pe...

by Path Finder in

Does splunk-wmi use the evt_resolve_ad_obj directive with remote "pulled" event logs?

I'm able to pull the events fine with the config below, but the GUIDs aren't being expanded. I've tried evt_resolve_a...

by Path Finder in

If field matches regex then make the value foo

Okay so, I have a field, "basedomain". This contains a huge list of data such as: google.com facebook.com googl...

by Path Finder in

How can i append my search results to a csv file ?

Hi . I have a scheduled search which runs for every 5 min . How do i save these results in a csv file ? when using...

by Motivator in

Fuzzy Search

I have a field called 'err_msg' this field contains a long line which consists of the error as well as the file name ...

by Communicator in

can i know the best95 and worst5 stats in splunk?

Hi, I have written a query which gives me the list of durations of all the transactions.Now i need to calucalte th...

by Motivator in

Can someone help me with a query relating to averages?

I was wondering if someone can help me with something I am trying to do. I have two extract fields called metricvalue...

by Engager in

splunk query slow.......

Is there a way to take a query, run it in the background, save the results to a file, and then reference that file in...

by Contributor in

Reverse DNS lookup and replacing host field with returned host name [SOLVED]

Running Splunk 4.2.3 on CentOS 5.3 x64 to capture syslog data sourced from network devices. I needed to enable DNS re...

by Explorer in

include indexTime in output file

I am looking to include the indexTime in my output file and then append that that field to an existing 'CreateTimeSta...

by Communicator in

Weekdays on Timechart

Hi, Is it possible for Splunk to show ALL days on the x-axis for a timechart? I have a search which returns data f...

by Explorer in

searching on syslog messages

I am testing out replacing LogLogic with Splunk. Right now, we have forwarded the LogLogic messages to a splunk forwa...

by Champion in

Grouped Search Results by IP

I am building a small visual app to assist cyber-security analysts. They have an automated process to identify "SO...

by Contributor in

Event Types not working

I have loaded logs and can do the following search: index=cms_cc_logs error This returns 239 events. If I d...

by Path Finder in

Transactions that span time period are counted in stats in all time periods from start to end

I need stats on transactions (WAN outages) over a given period - 1 day, for instance - to be grouped by hour. Howe...

by Engager in

Regex - fqdn, basedomain etc. from URL in CK log

Hi there, I have taken the following regex from here... http://splunk-base.splunk.com/answers/9736/revisiting-r...

by Path Finder in

What is a good search where I can capture the last 24hrs of successful AD domain logins?

I need to identify how many authorizations (active directory domain logins) per day on average we have per domain con...

by Splunk Employee in

Splunk response time is quite slow when I use the lookup script

Splunk response time is quite slow when I use the lookup script presented below. The response time of the web service...

by Motivator in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

extract field between two single quotes please help

Calculate durations within a transaction

Convert field extraction into summarized value

How can I chart pairs of values within the same field

Did _time format (when displaying it) change?

aggregating stats by wildcard or arbitrary number of fields

How to show the following 100 events after a particular event

Percentage network bandwidth by site

Does splunk-wmi use the evt_resolve_ad_obj directive with remote "pulled" event logs?

If field matches regex then make the value foo

How can i append my search results to a csv file ?

Fuzzy Search

can i know the best95 and worst5 stats in splunk?

Can someone help me with a query relating to averages?

splunk query slow.......

Reverse DNS lookup and replacing host field with returned host name [SOLVED]

include indexTime in output file

Weekdays on Timechart

searching on syslog messages

Grouped Search Results by IP

Event Types not working

Transactions that span time period are counted in stats in all time periods from start to end

Regex - fqdn, basedomain etc. from URL in CK log

What is a good search where I can capture the last 24hrs of successful AD domain logins?

Splunk response time is quite slow when I use the lookup script

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...