Splunk Search

Ask a Question

Discussions

Thread Info

How to create a query to identify blocked IP's by firewall and the reason?

Hi, I am working with firewall logs in external IP's , I want to collect blocked IP's from the firewall, and blocked...

by Engager in

How can I compare two values obtained from a search and a lookup table?

Hello, For the past week I've been working in a way to run some queries for a report about vulnerability findings. ...

by Explorer in

Listing the common fields from 2 Indexes that that dont exist during a specified time

I am trying to correlate authentication attempts [ index_A (username, role) vs index_B (username, authentication_time...

by Engager in

What rex to use for the extraction of virtual from URI?

These two cells are examples of results I see in IIs logs. If the field is just a / (backslash) ( as in the first...

by Observer in

Is there a REST command to delete rows from lookup.csv?

is there a REST command to delete rows from the dmc_forwarder_assets.csv? For example, to remove rows where the statu...

by Explorer in

What other commands do you avoid to save system resources?

Hi, I have a general question about which commands do you usually avoid in order to make search faster? For exa...

by Explorer in

Index migration event count becomes 3x more

I recently migrated a clustered index. We wanted to rename the index. I created the new index as your normally woul...

by Communicator in

Can I create a multivalue _meta field?

I have a use case that uses an indexed field that is configured at input time: [monitor:///my/input/file1] _meta =...

by Path Finder in

How to extract an unknown number of fields with rex command?

Let's say I have data in an event that looks like this: NAME: John NAME: Mary NAME: Sue ...

by Path Finder in

How to create a table with emails sent and emails received from a given emails addresses?

Hi Guys,I'm trying to create a table with the count emails sent and emails received from a given emails addressesColu...

by Explorer in

Has anyone else got inconsistent results in Splunk?

Hi, on our Splunk instance I have set a report using a time chart with a span of 1h and time frame of a day and th...

by Communicator in

How to get fields in different events in a table?

Hello: I am trying to get fields from different events in the same table. I have two different events, and let'...

by Explorer in

How to find incremental or constant rate points of last 24 hours?

Hi I have challenge that need to know how with splunk, math, statistics, ... able to solve it. Here is the log:...

by Motivator in

How to solve this issue with eval if?

Hi, I am facing an issue with the eval if condition. Please help. index=main, source=ls.csv | eval new...

by Path Finder in

Will using a wildcard with where work?

I am trying to get a wildcard to work with a where clause. Not sure if I'm doing something wrong altogether or just m...

by New Member in

How to display default value in rex statements if the value is blank?

Hi, I am using the following script in Splunk query. Here i am trying having multiple values in field AdditionalDa...

by Path Finder in

How to filter data from JSON object having one field name and list of values into table?

I have data something like below. msg: { application: test-app correlationid: 0.59680117.1667864418.7d2b...

by Path Finder in

Lookup (KVStore) doesn't return any data?

Can't seem to get this lookup(KVstore) to function.The dataset is from active directory in some cases in the same eve...

by Explorer in

How to create specific timerange fields to group stats?

Hello, I have a collection of logs (same source type) but some of them have different or additional fields. In orde...

by Loves-to-Learn Lots in

Help joining two different sourcetypes from the same index that both have a field with the same value but different name

Hello everybody, I'm trying to join two different sourcetypes from the same index that both have a field with the ...

by Explorer in

How to achieve "Message":"###1234$$$ Invalid" result with rex?

splunk data: 2022-01-01T02:06:12.182Z 7c3edf29-c081-4cca-ae9b-0f79ef7d1c8d INFO {"InfoLogInformation":{"MethodName":"...

by Engager in

How to ceate a regex blacklist in inputs.conf with a common string value in log file?

Hi All, Having issue in identifying the correct blacklist regex expression to skip the few logs which are loading ...

by New Member in

How to find App based on source types and indexes?

Hello I have a quick question. are there any ways we can find a specific index name that was used within which Ap...

by Motivator in

Help with search for week event analysis

Hello Team, I have used to ask the same question in my previous ask :https://community.splunk.com/t5/Splunk-Search...

by Motivator in

How can I optimize my query ?

I have the following query with multiple joins and using max=0 which is not giving me all results as I think the size...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to create a query to identify blocked IP's by firewall and the reason?

How can I compare two values obtained from a search and a lookup table?

Listing the common fields from 2 Indexes that that dont exist during a specified time

What rex to use for the extraction of virtual from URI?

Is there a REST command to delete rows from lookup.csv?

What other commands do you avoid to save system resources?

Index migration event count becomes 3x more

Can I create a multivalue _meta field?

How to extract an unknown number of fields with rex command?

How to create a table with emails sent and emails received from a given emails addresses?

Has anyone else got inconsistent results in Splunk?

How to get fields in different events in a table?

How to find incremental or constant rate points of last 24 hours?

How to solve this issue with eval if?

Will using a wildcard with where work?

How to display default value in rex statements if the value is blank?

How to filter data from JSON object having one field name and list of values into table?

Lookup (KVStore) doesn't return any data?

How to create specific timerange fields to group stats?

Help joining two different sourcetypes from the same index that both have a field with the same value but different name

How to achieve "Message":"###1234$$$ Invalid" result with rex?

How to ceate a regex blacklist in inputs.conf with a common string value in log file?

How to find App based on source types and indexes?

Help with search for week event analysis

How can I optimize my query ?

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions