Splunk Search

Discussions

Thread Info

How to get first logout after login?

I have daily user login/logout data like this: date,user,action2020-04-14 01:00:00,user1,login2020-04-14 01:05:00,...

by Explorer in

Splunk custom script with python and pip library | Integrity check of installed files failed

Hello Splunkers,I recently created a custom alerts on my Search Head, and for this alert to run I needed to install a...

by Communicator in

How to change chart marker size for each fields in splunk?

Hi Team, Current i have fields and with this query below, was able to get all fields are in same size. <option n...

by Explorer in

Why are my correlation search fields missing from the notable events?

I have a correlation search in Splunk ES that does some statistics, and return a table with the events; "src_ip", "de...

by Explorer in

Notable Event Custom Fields

I'm working on creating multiple custom correlation rules such as failed logins from one IP, failed logins from multi...

by Path Finder in

How to extract 3 characters after a given string in Splunk?

I want to extract the two characters 78 from the barvalue and have it in a separate column in my table:- deltava...

by Engager in

Why does search keep getting killed by 'Signal 9'?

For a certain search I keep getting the following error: Search process did not exit cleanly, exit_code=0, descrip...

by Path Finder in

How to filter by if a field exist?

My sample events look like this , API logs { location: Southeast Asia, properties: { backendMethod: GET e...

by Explorer in

Is there a way to make automatic lookups only use the local lookup table that exists on my search head?

From my search flashtimeline I can tell my search head in a distributed environment to only use the local lookup file...

by Splunk Employee in

How to fix Error when adding trusted domain lists to Splunk?

Hi all, I have created a dashboard incorporating few external domains I am receiving the error message like the d...

by Path Finder in

How to create alternative for subsearch?

I have a search with a subsearch. I run into the limitations of the maximum results (50.000) Now Ia m trying to fi...

by Path Finder in

Why does Splunk change date format from 2022-12-04 to 2022/12/04 when exporting to .csv?

Hi All, I am unsure if this question has been answered already - I couldn't see it. I have a time field in Sp...

by Explorer in

How to to update hour of a timestamp variable?

Hi, I'm looking for a way to change the hour of a time variable Exemple : myTime="2022-11-20 05:23:42" an...

by Path Finder in

How to search and sort based on dynamic value?

Hi, I am new to splunk and have a requirement where i have to search the logs which are on 100 servers and i have ...

by Explorer in

How to filter out event from outbound mail log having "Attachment" field contains file extension ".txt,.html,.jpg,.png"?

Looking for Splunk query to filter out event if "Attachment" field having extension .txt or .html or .jpg or .png ...

by Loves-to-Learn Everything in

BotS - Error in 'lookup' command: Could not find all of the specified destination fields in the lookup table

Hi, I am doing Boss of the SOC v1 and I stuck on question, where I need to use lookup. I imported .csv file ad her...

by Engager in

How to convert epoch time to a desired time zone?

Hi from below events how to convert epoch time to a desired time zone want to convert LAST_START="1670326641", ...

by Path Finder in

Why doesn't search return result when I list a field of a lookup?

I was trying to join a group of documents with a list of users that I had in a lookup, and the search return me resul...

by Engager in

How to calculate session times from large data set?

I'm analysing VPN connection logs to produce a report of the count of staff working from home for longer than 6 hours...

by Path Finder in

How to find the ips hitting the index waf?

To find the ips hitting the index waf by client ip, if the hitting ips present in lookup table 2 have to be exclude...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to get first logout after login?

Splunk custom script with python and pip library | Integrity check of installed files failed

How to change chart marker size for each fields in splunk?

Why are my correlation search fields missing from the notable events?

Notable Event Custom Fields

How to extract 3 characters after a given string in Splunk?

Why does search keep getting killed by 'Signal 9'?

How to filter by if a field exist?

Is there a way to make automatic lookups only use the local lookup table that exists on my search head?

How to fix Error when adding trusted domain lists to Splunk?

How to create alternative for subsearch?

Why does Splunk change date format from 2022-12-04 to 2022/12/04 when exporting to .csv?

How to to update hour of a timestamp variable?

How to search and sort based on dynamic value?

How to filter out event from outbound mail log having "Attachment" field contains file extension ".txt,.html,.jpg,.png"?

BotS - Error in 'lookup' command: Could not find all of the specified destination fields in the lookup table

How to convert epoch time to a desired time zone?

Why doesn't search return result when I list a field of a lookup?

How to calculate session times from large data set?

How to find the ips hitting the index waf?

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

Observability Highlights | January 2023 Newsletter

Security Highlights | January 2023 Newsletter

Is it possible to get User details from the _confi...

Why does Walklex return spaces before some of the ...

Why won't Walklex timespan follow time specificati...

How to use MLTK to tune DNS Query Length Outliers ...

Optimizing metrics based searches?