Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to restrict a user's search based on a lookup table?

Hi all, I'm developing an app for use across different teams at my company. We have certain security restrictions ...

by Contributor in

How to get back event raw data to the search results preview in Splunk 6.1?

I have recently upgraded my version up to 6.1.3 and noticed such thing in Splunk UI, when doing a standard search. ...

by Communicator in

Why is the latest event indexed 4 days ago when server logs show current data?

Hi, I have an issue currently where the last event was 4 days ago. I have checked the server logs manually and I c...

by Explorer in

"Last 15 min" - refers to event time or index time ?

"Last 15 minutes" - Is this referring to index time (or) Events time ? I have hosts located in different timezones...

by Motivator in

How to find unusual or rare events in my data?

I'm finding some splunk commands can detecting unusual event. For example, each event has username field, usually use...

by Engager in

How to extract date/time and host fields from stack trace events and match with user events?

We get unformatted stack traces dumped into the same source type as our event logs. I'd like to strip off the time/da...

by Contributor in

Assign the correct role to the index created using the Splunk API

We want to automate the index creation process so that we don't have to manually create the index before indexing the...

by Path Finder in

How to lookup against a csv file and join data with a multi-value field?

I have a lookup file that is basically the following: userid,group 1,g1 1,g2 1,g3 2,g3 2,g1 I want to do a loo...

by Explorer in

Inputlookup against a list of bad domains

I have a question on doing a inputlookup, and cant figure out where my point of failure is I have a csv file located ...

by Splunk Employee in

How to extract JSON from event data with rex?

I get Amazon SES bounce notifications via email. I'm using the IMAP plugin to read that email. Works fine. The email ...

by Path Finder in

[indexer] Streamed search execute failed because: User 'nobody' could not act as:

Can someone please tell me what this means, and where I can look to fix this? Thanks!

by Engager in

Ignore milliseconds of _time when grouping

I need to ignore the milliseconds when I group by _time stats avg(instance_internal) as amount by _time, unit_id, ...

by Engager in

mvindex not working trying to extract time of firewall events

Hi guys, I have a search which finds DHCP and Firewallevents with the same src_ip. It works perfectly fine, bu...

by New Member in

Query to return top ten users and the applications they connect to?

My events contain users and applications to which they connect to. I want a query to return top 10 users and the appl...

by Communicator in

How to calculate timespan of a field value as session-duration only for a specific sourcetype ?

I need to extract the session-duration from different BI server logs. Most BI server logs have clearly defined sessio...

by New Member in

Grouping events by time range relative to the current time, using calculations with eval statements

Hi, I want to groups event times in ranges relative to the current time. Currently this method does not work. The ...

by Path Finder in

Pivot search won't work if it's accelerated, but works fine when acceleration is removed

I currently have a simple constraint in a pivot datamodel which is: index=video earliest=-5h-1d@d+5h latest=-5h@d+...

by Explorer in

how to extract total count for different fields

Hi, i will like to extract the count for the following Data_no: 1T Identity: A Data_no: 2T Identity: C ...

by New Member in

Alert when a threshold is met consistently at certain intervals within a time frame

I'm having trouble building an alert. I want to get alerted, if during a 4 hour window, an IP has more than 5 blocks ...

by Explorer in

How to join people directory csv lookup with VOIP logs to see username?

I have VOIP logs that have the cgn and cdn number as format nnnnnnnnnn or nnnnn I have a people directory with teleph...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to restrict a user's search based on a lookup table?

How to get back event raw data to the search results preview in Splunk 6.1?

Why is the latest event indexed 4 days ago when server logs show current data?

"Last 15 min" - refers to event time or index time ?

How to find unusual or rare events in my data?

How to extract date/time and host fields from stack trace events and match with user events?

Assign the correct role to the index created using the Splunk API

How to lookup against a csv file and join data with a multi-value field?

Inputlookup against a list of bad domains

How to extract JSON from event data with rex?

[indexer] Streamed search execute failed because: User 'nobody' could not act as:

Ignore milliseconds of _time when grouping

mvindex not working trying to extract time of firewall events

Query to return top ten users and the applications they connect to?

How to calculate timespan of a field value as session-duration only for a specific sourcetype ?

Grouping events by time range relative to the current time, using calculations with eval statements

Pivot search won't work if it's accelerated, but works fine when acceleration is removed

how to extract total count for different fields

Alert when a threshold is met consistently at certain intervals within a time frame

How to join people directory csv lookup with VOIP logs to see username?

Part 2: Diving Deeper With AIOps

User Groups | Upcoming Events!

Splunk Lantern | Spotlight on Security: Adoption Motions, War Stories, and More

Error with connecting two search queries with appe...

multi-level nested JSON to table?

Matching index field value with lookup field value

extract fields from json-wrapped postfix logs?

How to configure alert when a service is in failed...