Splunk Search

Ask a Question

Discussions

Thread Info

How to write regex to read all the value in all the lines?

Hi Everyone, I am desperately seeking help for my new query in SPLUNK. The search result will look like the below:...

by Loves-to-Learn in

How to search for different events on the same day, with different time frames?

Hi all! I have been absolutely stumped by this and hoping you can help me out. I am trying to find users that have...

by Explorer in

How to exclude matching results from Lookup?

Hi all - I am trying to exclude matching results from a lookup and can't get it to work. I've tried multiple searches...

by Communicator in

How to add URL Link to Alert Email?

I have a search that is run as a cron and creates an email. It is very simple; index=my_index host=* logon Ev...

by Builder in

How to count number of applications associated with a given user and report if less than 10?

I'm working on a search that evaluates events for a specific index/sourcetype combination; the events reflect SSO inf...

by Path Finder in

How would I configure CyberArk TA, Search Head, and Syslog Server?

Hello, Data in CyberArk comes through the Syslog Server and CyberArk TA needs to be installed into Search head (or...

by Motivator in

Nested Search and Map Search- Is there a way to make this search more efficient?

Dear all, I want to combine 2 search job into 1 job.My first search job is to search all the alert_id occur in the...

by Explorer in

How to filter on multiple events?

Hello, I have a search that outputs table data that looks like this: hst code type hosta 01 ...

by Explorer in

How to make a new row in a table based on one of the tables column value?

Hello!!!I am doing calculations for the time it takes when a machine is undergoing maintenance. Right now, I calculat...

by Path Finder in

How can get an alert for each host in a lookup?

I currently have a lookup that contains two columns. Hostnames and Location. I can use the following formula to sear...

by Explorer in

Could someone help me with inputlookup within a search?

Hi all, I am quite new to Splunk and now trying to create a dashboard panel using a query that does the following:...

by Engager in

How to write case statement for below log?

Hi Splunkers. I have two level of logs (NOTICE,ERROR), for Error logs(json), method_name and message is automatica...

by Explorer in

How to find Abuse of GitHub?

Hi Team,I'm new to Splunk Tool, I just have a question how to hunt below things in Splunk:1). Investigate net connect...

by New Member in

How do I use rex to remove everything after a specific character, but not said character

Hello, I am using rex to remove everything after a specific character, but i need to keep the specific character. ...

by Explorer in

How do I add search results to lookup AND send entire lookup by email?

I was asked to archive search results in a CSV then send those results periodically by email. My solution is to do th...

by Explorer in

How to join search based on multiple values?

Hi, I am trying to build a correlation that matches traffic to threat intel to figure out if it has been blocked or n...

by Explorer in

How to filter out timestamp without miliseconds?

We have 2 types of orders in the system, some are entered manually by phone and some are processed automatically as t...

by Path Finder in

How to create multisearch with different transactions times and find a distinct average time for each transaction?

Hello Friends, I have an interesting query that I would like help on. I have three transactions that we are tra...

by Path Finder in

How to compare 2 Search's percentage results?

Hey Team, I am trying to generate a search which returns a complete set of results from today and then compares it wi...

by Engager in

Why is my Splunk index showing "0"?

I push the logs to splunk using hec method using this end point "/services/collector" that index data showing in 1 ...

by Explorer in

Why is timechart with where and streamstat not retrieving same results as where and stats?

I am running a query where the following fetches the latency above 1000 milliseconds: As you can see the q...

by Explorer in

How to create an eval and use of like?

I am trying to an eval with like to assign priority to certain IPs/hosts and running into an issue where the priority...

by Influencer in

How to insert checkboxes in a simple statistics results table?

Hello Splunkers, I have a situation where I have to replace the first cell in each row in a statistics table with ...

by Path Finder in

How do I compare times to find the closest to time in a column?

Hi everyone, From dbxquery, I retrieve this table: idstart_time1end_time1start_time2end_time2123413/09/2022 21:...

by Communicator in

Display total count of unique values of a field?

Hi, Fundamentals question but one of those brain teasers. How do i get a total count of distinct values of a field...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to write regex to read all the value in all the lines?

How to search for different events on the same day, with different time frames?

How to exclude matching results from Lookup?

How to add URL Link to Alert Email?

How to count number of applications associated with a given user and report if less than 10?

How would I configure CyberArk TA, Search Head, and Syslog Server?

Nested Search and Map Search- Is there a way to make this search more efficient?

How to filter on multiple events?

How to make a new row in a table based on one of the tables column value?

How can get an alert for each host in a lookup?

Could someone help me with inputlookup within a search?

How to write case statement for below log?

How to find Abuse of GitHub?

How do I use rex to remove everything after a specific character, but not said character

How do I add search results to lookup AND send entire lookup by email?

How to join search based on multiple values?

How to filter out timestamp without miliseconds?

How to create multisearch with different transactions times and find a distinct average time for each transaction?

How to compare 2 Search's percentage results?

Why is my Splunk index showing "0"?

Why is timechart with where and streamstat not retrieving same results as where and stats?

How to create an eval and use of like?

How to insert checkboxes in a simple statistics results table?

How do I compare times to find the closest to time in a column?

Display total count of unique values of a field?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Using Time Range with Bin

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...