Splunk Search

Thread Info

Could someone provide guidance on Lag found in splunk universal forwarders?

Hi Community, I have two separate Splunk installs: one is the 8.1.0 version and another one is 8.2.5 The o...

by Communicator in

How to create column chart?

I created this data table by "mvappend" command. dont have "_time" column and have only 3months records. MONTH ...

by Explorer in

How do I change the Date time format?

Hi Team, I have query, result returned for "dateofBirth" filed is "yyyymmdd" like "19911021", can I format the va...

by Explorer in

SC4S: version 2 filter events not working

Hi, I tried to filter events on version 2.30.0 based on v1.110.0 configuration, but it failed to dropped events in ve...

by Observer in

How to Pull specific value from MV field?

Hi All, I have a mv field with a bunch of different values. I want to learn how to pull specific values based on s...

by Path Finder in

Why is Lookup changing MV field to non MV?

Hello I am a bit confused here but I have a search that runs and creates a multivalue field called "tags{}.name". Th...

by Path Finder in

How to change setting for saved searches maxing out at 50k results?

Hi Splunk Community, I am having a problem with saved searches not saving the full results. I have a saved search ...

by Path Finder in

How to store this string in a variable and use it in any other index?

index = "abc" required_field = "xx" | table date - gives me a single string in the table. How can I store this string...

by New Member in

how can i use like and not like in the same query?

| where like(RouteCode, "50%") AND !like(RouteCode, "503%")I am trying to show Routecode 501,2, -- anyother not 503.

by Path Finder in

How to compare predefined fields against Splunk search query? And then for each mismatch in result?

Hello All, I am new to Splunk. My Splunk index is already getting data from a Kafka source index=k_...

by Explorer in

How to use the second index to search missing fields

Please see this search - i'm trying to add missing field values from another index to this search. index=1 earl...

by Engager in

Why is sourcetype pan:threat extracting incorrect fields?

Hi all, so, on my es-security search head, this sourcetype is incorrectly parsing the user field. It is capturing all...

by Engager in

Help with query to notify when data ingestion is stopped

Query to find when host is stopped, Here as mentioned in picture, the field _time stopped at the time , when the host...

by Contributor in

How to crete an alert to notify when host back to normal?

I'm having a list of serve down and need to notify once its back to normal (up), This is the requirement, once th...

by Contributor in

How to get All legend names to be displayed in Piechart View?

( | stats count by app ) I have 30 apps to be displayed in a Piechart format. But in visualization i can view only 14...

by Path Finder in

How to replace a string with RegEx in search result

I have my Sonicwall logfiles coming into Splunk. By searching this index I want to replace "dst" (Destination IP addr...

by Explorer in

Is there a way calculate the duration between the status=holding and status=end also?

Hi All, I am using transaction to group my DDOS appliance events based on a field called status which has values lik...

by Builder in

How to group over multiple fields for stats?

Hi, I'm able to get the response in a tabular format using the command: table clientName, apiMethod, sourceSyst...

by Explorer in

How do you use value or capture groups as regex's curly bracket number parameter?

In the code below, i want the explicit {5} to be replaced with a variable like {$session_length$}. Is this possible? ...

by Path Finder in

How to combine the rows of a table?

Hi All, I have logs like below in splunk. log1: "count":1, log2: gcg.gom.esb_159515.rg.APIMediation.Disp1.3....

by Contributor in

How to Merge two query resultsets?

I have two Searches and following are its result individually - index="myindex" <my search 1> | table App Size Cou...

by Path Finder in

How do I select 2 lines in logs using regex?

Hi, I am working on logs so the logs can be of just one line or multiple lines and if it is of one line I wanted t...

by Path Finder in

Help with union not working

Hello I'm running this query: | union [ search host="puppet-01" OR host="jenkins-01" OR host="ANSIBLE-...

by Communicator in

Implementation of logic in search to send an alert

My requirements consists of lookup file, it consists of list of hosts, as it is the saved results of an alert, so the...

by Contributor in

How to create an Alert on disabled AD accounts being re-enabled?

Does anyone have experience writing a query that can be used to alert on disabled AD accounts being re-enabled? I've ...

by Path Finder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

Could someone provide guidance on Lag found in splunk universal forwarders?

How to create column chart?

How do I change the Date time format?

SC4S: version 2 filter events not working

How to Pull specific value from MV field?

Why is Lookup changing MV field to non MV?

How to change setting for saved searches maxing out at 50k results?

How to store this string in a variable and use it in any other index?

how can i use like and not like in the same query?

How to compare predefined fields against Splunk search query? And then for each mismatch in result?

How to use the second index to search missing fields

Why is sourcetype pan:threat extracting incorrect fields?

Help with query to notify when data ingestion is stopped

How to crete an alert to notify when host back to normal?

How to get All legend names to be displayed in Piechart View?

How to replace a string with RegEx in search result

Is there a way calculate the duration between the status=holding and status=end also?

How to group over multiple fields for stats?

How do you use value or capture groups as regex's curly bracket number parameter?

How to combine the rows of a table?

How to Merge two query resultsets?

How do I select 2 lines in logs using regex?

Help with union not working

Implementation of logic in search to send an alert

How to create an Alert on disabled AD accounts being re-enabled?

Detecting Brute Force Account Takeover Fraud with Splunk

Buttercup Games: Further Dashboarding Techniques (Part 9)

Buttercup Games: Further Dashboarding Techniques (Part 8)

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...

Splunk Search

Are you a member of the Splunk Community?

Discussions