Splunk Search

Ask a Question

Discussions

Thread Info

Need Minutes and hours conversion

Hi, I am trying this cmd index="wineventlog" host IN (*) EventCode=6006 OR EventCode="6005" Type=Information| ...

by Path Finder in

Failed to find Windows Event Log

Hello I'm trying to injest event from this Microsoft event viewer: [WinEventLog://Microsoft-Windows-TerminalS...

by Path Finder in

Need help on Queries Combination.

Hi,Search 1: It is used to findout the server healthindex=win sourcetype="xmlwineventlog" host=Prod_UI_*| eval Status...

by Path Finder in

Using OR with regex

Hello, Is it possible to user OR with regex? For example i have search | regex something="", and I need | regex s...

by Contributor in

Generete event after 3 consecutive failure

Hi, I need an help with splunk search query where in an incident need to be generated for a log backup failure afte...

by Loves-to-Learn Everything in

Use subsearch to gather ip addresses for use in another type off search?

Playing around to find a way to gather IP-Addresses from one type of search, to gather other type of information abou...

by Engager in

How to find several terms in all _raw ?

Hi, I want to find specific strings in all event in order to classify them into two values, like "if there is "A" o...

by Builder in

How can I find delta between events using transaction command?

I could retrieve the list of the transactions as a single event below. Transactions start with "Dashboard Load:" ...

by Path Finder in

Need help in creating alert when new QID is published from qualys

I would like to create an alert when new QID from qualys is published. For that I'm using FIRST_FOUND_DATETIME field...

by Engager in

Failed Login Query

Hello, I am trying to write a query that will display failed logins (Account_Name, Host, Count). First Query in...

by Loves-to-Learn in

Scatter plot with text values and colour

I'm trying to plot the following as a scatter chart: The y-axis should be the namespace. Namespace is a small set o...

by New Member in

Sum column a x times with different columns in a single query

e.g how to get sum of below in single querysum(val_2) by applicationsum(val_2) by val_1Query Result(single query)c...

by Explorer in

using 2 stats queries in one result

I have tried multiple ways to do this including join, append but in each case all I get is one column result being di...

by Path Finder in

How to calculate time for a given day of week?

How to perform calculations on a given day of week? Specifically, I want to compare a given time value, say given_da...

by SplunkTrust in

Are there inherited properties/restrictions when using collect to copy from one index to another?

We were presented with a situation where non-admin users needed access to Splunk license data from the _internal inde...

by Contributor in

How to forward data in multisite cluster

Hello splunkers, i need to understand the best way to forward my data in multisite indexer cluster for Disaster Rec...

by Explorer in

DBxquery help

HI All, I have a DB querry, need a help in date filter. | dbxquery connection="ITDW" shortnames=true que...

by Communicator in

how to define a generic sourcetype regex for service status

Hi, I have a script which can pull the service status for each of the service, I have defined it to be a common sou...

by Explorer in

Regex extract all matched field values per event

Hi Splunk Community, I have run into an interesting scenario where I need to write a field extraction that will par...

by New Member in

Create a search who return status ok, or 200

Hello, I'm working in Splunk enterprise with the search queries. I use a Website monitoring app for my website. ...

by New Member in

search results expiring

Hi at all, I noted a strange thing: in a splunk 8.2.2 with ES 6.6.2, the customer scheduled some daily reports wi...

by SplunkTrust in

Calculate time difference between two events

Hi All, I am using the below search to calculate time difference between two events ie., 6006 and 60056006 is e...

by Path Finder in

How to display the latest event as a result?

Search query :1 index="main" earliest=06/01/2019:00:00:00 latest=now | stats first(status) by src destination port Se...

by Communicator in

How to get the forwarder IP address reproting to splunk

Hello, Can i please know how to get the all forwarders IP addresses that a reporting to splunk without use of inte...

by Path Finder in

How to project alphanumeric values on y axis in timechart?

I have a requirement for having start and stop times with there status be projected over time as a line graph.I have ...

by Observer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Need Minutes and hours conversion

Failed to find Windows Event Log

Need help on Queries Combination.

Using OR with regex

Generete event after 3 consecutive failure

Use subsearch to gather ip addresses for use in another type off search?

How to find several terms in all _raw ?

How can I find delta between events using transaction command?

Need help in creating alert when new QID is published from qualys

Failed Login Query

Scatter plot with text values and colour

Sum column a x times with different columns in a single query

using 2 stats queries in one result

How to calculate time for a given day of week?

Are there inherited properties/restrictions when using collect to copy from one index to another?

How to forward data in multisite cluster

DBxquery help

how to define a generic sourcetype regex for service status

Regex extract all matched field values per event

Create a search who return status ok, or 200

search results expiring

Calculate time difference between two events

How to display the latest event as a result?

How to get the forwarder IP address reproting to splunk

How to project alphanumeric values on y axis in timechart?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...