Splunk Search

Discussions

Thread Info

Why is eval command case function not working?

Hi, I wrote a eval command and its not working. Kindly help. source = "2access_30DAY.log" | eval "new_field" = ...

by Path Finder in

SPL to extract field and field value?

SPL to extract field and field value when data seems like belowscreenshot attached.I need help in extracting field as...

by Explorer in

Combinatorics, permutation, foreach within a foreach... unique stats case to calculate a fields vertical relationship?

I have a unique query that I think I have a general logical approach to solving, but the syntax and most efficient ro...

by Explorer in

Is it possible to concatenate string with a number using eval?

Hi, Can we concatenate a string with a number using eval with '.' operator? I got to know that from a video, but w...

by Path Finder in

How to achieve a federated search to link the on-prem indexers to the cloud SH?

I have a distributed Splunk environment, meaning a SHC and IDX cluster connected via distributed search as outlined i...

by Path Finder in

The default search won't let you click the link, it just lets you filter on that field, is there an override to this?

I can control the data sent to the fields. All fields on the deafult search allow you include/exclude in search resu...

by Observer in

What happened to the data?

Hi, I have a question for my understanding. Kindly help. You had data in the past, one fine day if you see there ...

by Path Finder in

"[Errno 111] Connection refused" when I restart Splunk on my HF

Hello Splunkers,I am facing some errors every time I relaunch my Splunk service on my HF.Inside splunkd.log I have th...

by Contributor in

DNS tunneling detection - Help with fine tuning splunk search

Hey Splunkers,Can someone please help me with the logic, how can I finetune the search below to detect DNS tunnelling...

by Path Finder in

Is this message format possible for sending to splunk?

Tell me, is this message format possible for sending to splunk: curl --location --request POST 'http://170.25.25.2...

by Communicator in

How to use the results of subsearch?

My requirement is to utilize the results of the sub-search and use it with the results of the main search results, bu...

by Contributor in

Time range in rest query- Unable to get it down to last hour?

Hi, ive got the below query that im using to try and see when correlation searches have been edited: | res...

by New Member in

Suggestions on Minimum message type (json)?

Good afternoon!We have a problem in the workflow: a part of the customer's system, which is not developed by us, is n...

by Communicator in

Need help in extraction and creating table

Below query is in string text format need to separate each field and create a table with all columns for operator , ...

by Explorer in

Regex search help?

log: {“timeMillis”:“1667091964927",“timestamp”:“2022-10-30T01:06:04.927Z”,“thread”:“reactor-http-epoll-3",“level”:“IN...

by Explorer in

How to lookup two files with same column name and display only the difference?

This is my first question here! And I just started my journey with Splunk. I have two files test1.csv and test2.csv...

by Explorer in

How to search for newly established connection between members of the Splunk infrastructure?

Hello again community Today I received notice that on every Friday morning at a particular time there are a lot of...

by Contributor in

Join a lookup to events in an index where the date is one day prior?

I have an index that snapshots an inventory system every day. The inventory is a list of all active circuits. There...

by Explorer in

How to use OR operator between subsearch and fields?

Hey Splunkers, I have the following search but it is not working as expected. What I am trying to achieve is ...

by Explorer in

Stats count as a percentage as the total?

I have a search which I am using stats to generate a data grid. Something to the affect of Choice1 10 Choice2 50 C...

by Path Finder in

Help with rex- Unbalanced quotes when there are \ and " in string

Hey community, Can someone help me out with a rex related question! Many many thanks! I am trying to rex the V1...

by Loves-to-Learn Everything in

Why does transaction command seems to be encoding characters?

Hello all, This is my first post here. I have been learning Splunk over the past few months and I am loving it. ...

by Explorer in

Why can't I see preliminary search results when using associate command?

In my SPL I use the associate command. However, I've noticed that when I use the command, any previous preliminary s...

by Engager in

How to produce a csv based on a complex business logic?

We have a Splunk UI that allows the users to export a certain set of the rows from a lookup. The caveat is that each ...

by Motivator in

How to extract key/value with dynamic key name?

I found this, but I am unable to replicate it. I am not understanding where I am messing up here. Problem: I...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why is eval command case function not working?

SPL to extract field and field value?

Combinatorics, permutation, foreach within a foreach... unique stats case to calculate a fields vertical relationship?

Is it possible to concatenate string with a number using eval?

How to achieve a federated search to link the on-prem indexers to the cloud SH?

The default search won't let you click the link, it just lets you filter on that field, is there an override to this?

What happened to the data?

"[Errno 111] Connection refused" when I restart Splunk on my HF

DNS tunneling detection - Help with fine tuning splunk search

Is this message format possible for sending to splunk?

How to use the results of subsearch?

Time range in rest query- Unable to get it down to last hour?

Suggestions on Minimum message type (json)?

Need help in extraction and creating table

Regex search help?

How to lookup two files with same column name and display only the difference?

How to search for newly established connection between members of the Splunk infrastructure?

Join a lookup to events in an index where the date is one day prior?

How to use OR operator between subsearch and fields?

Stats count as a percentage as the total?

Help with rex- Unbalanced quotes when there are \ and " in string

Why does transaction command seems to be encoding characters?

Why can't I see preliminary search results when using associate command?

How to produce a csv based on a complex business logic?

How to extract key/value with dynamic key name?

What's New in Splunk Cloud Platform 9.3.2411?

Buttercup Games: Further Dashboarding Techniques (Part 6)

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...