Splunk Search

Discussions

Thread Info

search to get an overview of all dashboards and apps with authorizations

I have a search to get an overview of all users with their authorizations: roles, capabilities, indexes (search found...

by Communicator in

Find difference between numerical values in a Multivalue field

Hi, As mentioned in the subject, I wanted to perform a simple subtraction operation on individual values/elements w...

by Path Finder in

Stats format help

Hi, I have below output with my search, base search| stats count by User, action UseractioncountAlexinstall3Al...

by Path Finder in

Search Using Lookup with Multiple Search Terms for the Same Field

Hello All. I am trying to use a lookup to perform a tstats search against a data model, where I want multiple searc...

by Explorer in

InfoSec - Continuous Monitoring - Intrusion Detection Dashboard

Would someone be able to help me understand how do to this? I would like to modify the built in dashboard in the Inf...

by Loves-to-Learn Lots in

How to extract a seconday date/time?

I have a scripted input created to monitor certificate expiration. An example event: Tue Jul 27 12:07:55 CDT 2021...

by Builder in

Count by start of string

I have an query that index ="main" |stats count by Text |sort -count | table count Text results: countText10dog...

by Engager in

Remove start of result

I have an query that index ="main" |stats count by Text |sort -count | table count Text results: countText10b'd...

by Engager in

Why is INDEXED_EXTRACTIONS=csv not working in props.conf?

I have a distributed Splunk instance with the search head separated from the Indexers. I want to drop a CSV file with...

by Communicator in

Search a two messages from 6 hosts and show top 6 results

Hi I am trying to search two strings in message like "Stopped successfully" and "connected" from 6 host names. Pl...

by Explorer in

Find incommon values within two Inputlookups without JOIN / Search NOT

Hello, I have a search where I need to combine two inputlookups to find incommon values in a field they both have. ...

by Explorer in

combine result foreach

Hello I have a auditd search like type=EXECVE msg=audit(16): a0="sendmail" a1="-t" I would like one field with an...

by Explorer in

Adding Integers/numerical data in 2 multivalue fields to a new field

Hi All, I think the subject of my questions says it all... I wanted to add numerical data from 2 multivalue fields,...

by Path Finder in

Compare on field values with another field values

Hello I want compare one field values with another when I tried to compare it is coming in this format as shown in ...

by Path Finder in

Calculate hourly usage from Machine data

Hi, I have uploaded a JSON data from one of my APM tools into Splunk to get some meaningful insights. The events are ...

by Path Finder in

% failures for same index

Need help with a Splunk query to display % failures for each day during the time range selected, for same index but ...

by Communicator in

How to specify a timezone in a datamodel

Is there a way to specify a timezone in a datanmodel? I have an eval field called date relying on Splunk's _time fi...

by Communicator in

count number of arguments in bat file

I'm trying to count of the number of occurrences / frequency /variations of arguments appearing for a bat file. For e...

by New Member in

Getting data from Mainframe system??

Hi all, How to get data from Mainframe systems onto Splunk??

by Path Finder in

Extract the User-Agent from HTTP request

Below the excerpt from my HTTP request and I'm trying to get the User-Agent value from it and so far not successful. ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

search to get an overview of all dashboards and apps with authorizations

Find difference between numerical values in a Multivalue field

Stats format help

Search Using Lookup with Multiple Search Terms for the Same Field

InfoSec - Continuous Monitoring - Intrusion Detection Dashboard

How to extract a seconday date/time?

Count by start of string

Remove start of result

Why is INDEXED_EXTRACTIONS=csv not working in props.conf?

Search a two messages from 6 hosts and show top 6 results

Find incommon values within two Inputlookups without JOIN / Search NOT

combine result foreach

Adding Integers/numerical data in 2 multivalue fields to a new field

Compare on field values with another field values

Calculate hourly usage from Machine data

% failures for same index

How to specify a timezone in a datamodel

count number of arguments in bat file

Getting data from Mainframe system??

Extract the User-Agent from HTTP request

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

Observability Highlights | January 2023 Newsletter

New install- why doesn't search work?

How to achieve search to match the fields with cur...

How to join two table with aggrouped date value?

Why does Walklex return spaces before some of the ...

Why won't Walklex timespan follow time specificati...