Splunk Search

Discussions

Thread Info

Query to get admin group log-in events

Is there is any splunk query to get all login events for all users from administrators group.

by Path Finder in

Help with CASE

How do I assign the value "Informational" to the field Severity when the AV Version contains NULL values byu using th...

by Communicator in

Simple stats conditional for alert

I've set up a simple search for flapping interfaces on our switches, looks like so: LINEPROTO-5-UPDOWN: Line prot...

by Path Finder in

How does SPLUNK learn and correlate ?

I'm interested in intelligent analytics applications i.e. learning about data behaviour in order to alert on non-norm...

by Engager in

field extraction in splunk

I have a field called: Message which contain below type of data. MESSAGE Special privileges assigned to new...

by Path Finder in

How to treat nulls as zeros for purpose of adding?

I'm trying to add 2 fields, each of which contains some nulls. How can I treat these nulls as zeros for the purpose o...

by Path Finder in

Table Modify Structure

I have a query which results in following data But i need to generate a table in this format

by Contributor in

Problems Evaluating Field After Rex Extraction

I'm trying to evaluate a field after it is extracted at search time using rex. Unfortunately it is failing. An exampl...

by Engager in

How do you format numbers produced by 'count over'?

I've got a collection of Web log data where we like to see the URLs counted by host: sourcetype="access_common" | ...

by Communicator in

Calculating page read time

I have a requirement from the business to register the time a user stayed on a news story, the idea being that this w...

by Path Finder in

Problem with using SOURCE_KEY

I have some XML data that I parse into many fields, one of which is "relativePath" why can't I get the transforms to ...

by Splunk Employee in

SVG instead of Flash

Hi there, first of all congrats on the awesome software that splunk is. Having said that, I have noticed that t...

by New Member in

How to extract all hosts and their sourcetypes?

Trying to right a search that will extract and display all the hosts that have indexed data and their sourcetypes. An...

by Explorer in

Splunk vs IPv6

I have some questions about Splunk for IPv6. C I want to know if the Splunk software architecture supports IPv6? ...

by New Member in

How do I parse single-line entries for stacked timechart?

I've got a scripted input that dumps a line like the following every minute: 2011-12-22 08:46:56,0,30,6 What I...

by Path Finder in

Combine two stats count

How to combine these two stats count into one? ... | stats count by operation operation count added gid ...

by Explorer in

conditional field choice

Hello, I have log files which have both IP numbers (field IP) and corresponding names (field DNSNAME). I would lik...

by Communicator in

format field at search time (phone, ip, MAC, etc..)

I want to format nicely the fields or events at search time. by example : US phone : 11122223333 to (111) 222-3333...

by Communicator in

Compare values from multiple Data Inputs

I'm trying to write a search that will compare values from different data inputs and return the highest value to use ...

by Explorer in

using eval with automatic lookups

Is there a way to perform an eval when using an automatic lookup? I'm using user IDs in IIS logs to find a user's rea...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Query to get admin group log-in events

Help with CASE

Simple stats conditional for alert

How does SPLUNK learn and correlate ?

field extraction in splunk

How to treat nulls as zeros for purpose of adding?

Table Modify Structure

Problems Evaluating Field After Rex Extraction

How do you format numbers produced by 'count over'?

Calculating page read time

Problem with using SOURCE_KEY

SVG instead of Flash

How to extract all hosts and their sourcetypes?

Splunk vs IPv6

How do I parse single-line entries for stacked timechart?

Combine two stats count

conditional field choice

format field at search time (phone, ip, MAC, etc..)

Compare values from multiple Data Inputs

using eval with automatic lookups

Unify Your SecOps with Splunk Mission Control

Data Preparation Made Easy: SPL2 for Edge Processor

Introducing Edge Processor: Next Gen Data Transformation

lookup file works for me but no on else.

Running multiple query based on condition

compare today hourly stats and previous week same ...

ISSUE: Starting a Spunk Docker container via Docke...

Combining results in metric index?