Splunk Search

Ask a Question

Discussions

Thread Info

Change default APP in a rest API call for a inputlookup

Hi could you please give me an advice how to edit a call to the Splunk Rest API with the following parameter: searc...

by Explorer in

Join with conditions

I have two tables EmailXDocDateCheckedNamea@a.comDoc 11/1/2021aa@a.comDoc 21/15/2021aa@a.comDoc 31/30/2021b E...

by Communicator in

How to pass CSV values to a search via macro?

We have a foo.csv which will be updated regularly, and we have searches which require some of the data in foo.csv to ...

by Communicator in

search to show hosts missing specific winevent log

Hi there, I've got a basic search to provide the most recent timestamp for a successful backup using wineventlog da...

by Engager in

log4j Macros

Hello, This article, https://research.splunk.com/stories/log4shell_cve-2021-44228/ , lists many log4j attack vector...

by Builder in

How can I separate count eval results into individual rows depending on the data found?

Hi, Currently, my query produces the correct results but they are all aggregated into single cells, and I would lik...

by Path Finder in

Search for *

I want to search for "index=*" .... what is the best way to run it ? I tried to run "index=\*" but it's not work...

by Contributor in

How to create fields dynamically

Hi,I have events which contain 3 Fields: "StartDate", "Value_per_month" and "Nr_of_Month". They basically disclose so...

by Engager in

convert time

I'm looking to convert the results for these fields in PST time zone, so that I can fetch the events based on these ...

by Engager in

Join Query

I have an Index B which has job_name and job_status details and another index A which has ticket number and job_name...

by Path Finder in

SEDCMD help

We have below CEF logs coming in from the device where few field doesn't have any value like cs2 below CEF:0|ve...

by Path Finder in

Need help regex

by Path Finder in

Two condition match - sequential number pid and certain values on associated fields

Hi,Need help to get following results from the search. all helps will be appreciated. On the image below, same color...

by Explorer in

Splunk query to display count based on message

Hi, I need a help with a query to display the count based on a particular message. For example, "Failed project on ...

by Loves-to-Learn Everything in

How to drilldown an external link with part of url in a row

Hi, I have a table like this : part_of_urlcount/test11/test22/test33 I want to drilldown with a link which...

by Builder in

How to merge 2 lines in a table into one

Hi, I have a table like this : testcounttest AA1test AB2test C3 I want to merge "test AA" and "test AB" wh...

by Builder in

Need Minutes and hours conversion

Hi, I am trying this cmd index="wineventlog" host IN (*) EventCode=6006 OR EventCode="6005" Type=Information| ...

by Path Finder in

Failed to find Windows Event Log

Hello I'm trying to injest event from this Microsoft event viewer: [WinEventLog://Microsoft-Windows-TerminalS...

by Path Finder in

Need help on Queries Combination.

Hi,Search 1: It is used to findout the server healthindex=win sourcetype="xmlwineventlog" host=Prod_UI_*| eval Status...

by Path Finder in

Using OR with regex

Hello, Is it possible to user OR with regex? For example i have search | regex something="", and I need | regex s...

by Contributor in

Generete event after 3 consecutive failure

Hi, I need an help with splunk search query where in an incident need to be generated for a log backup failure afte...

by Loves-to-Learn Everything in

Use subsearch to gather ip addresses for use in another type off search?

Playing around to find a way to gather IP-Addresses from one type of search, to gather other type of information abou...

by Engager in

How to find several terms in all _raw ?

Hi, I want to find specific strings in all event in order to classify them into two values, like "if there is "A" o...

by Builder in

How can I find delta between events using transaction command?

I could retrieve the list of the transactions as a single event below. Transactions start with "Dashboard Load:" ...

by Path Finder in

Need help in creating alert when new QID is published from qualys

I would like to create an alert when new QID from qualys is published. For that I'm using FIRST_FOUND_DATETIME field...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Change default APP in a rest API call for a inputlookup

Join with conditions

How to pass CSV values to a search via macro?

search to show hosts missing specific winevent log

log4j Macros

How can I separate count eval results into individual rows depending on the data found?

Search for *

How to create fields dynamically

convert time

Join Query

SEDCMD help

Need help regex

Two condition match - sequential number pid and certain values on associated fields

Splunk query to display count based on message

How to drilldown an external link with part of url in a row

How to merge 2 lines in a table into one

Need Minutes and hours conversion

Failed to find Windows Event Log

Need help on Queries Combination.

Using OR with regex

Generete event after 3 consecutive failure

Use subsearch to gather ip addresses for use in another type off search?

How to find several terms in all _raw ?

How can I find delta between events using transaction command?

Need help in creating alert when new QID is published from qualys

Monitoring MariaDB and MySQL

Financial Services Industry Use Cases, ITSI Best Practices, and More New Articles ...

Splunk Federated Analytics for Amazon Security Lake

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6