Splunk Search

Discussions

Thread Info

TERM(): How does it work under the covers ?

Hi, I have a query which I am not sure why its not working, Assume I have the following JSON record, which has be...

by Path Finder in

Search for users having a type of connection based on sessionID

Hello,I'm trying to debug an issue with an FTP service. I'd like to know that which users are using 'active data conn...

by Explorer in

using a search macro inside mvmap, missing )

Hi Community - I'm trying to extend the Levenshtein distance query in this tutorial: https://www.splunk.com/en_us/blo...

by Engager in

search log on list of server ip without using csv.file

hello, I have list of 20 server IP, I'm not administrator of Splunk, I need to find look match where source or dest...

by Loves-to-Learn in

help to write the request correctly

Hello guys!! help to write the request correctly. otherwise I don't understand how to do it right file.csv user...

by Communicator in

Unique host list but only when the # of hosts is < some #. To be used for alert content (inline table)

index=anIndex sourcetype=aSourceType ("*Starting application:*" AND (host="aHostName*")) | stats values(host) AS Serv...

by Contributor in

Creating Custom Accelerated Data Models

LOOK FOR BOLD for quick overview: I want to control the index-time extraction for events linked to an accelerated d...

by Explorer in

universal rex for extract intersting fields like (url, uri, user, email, ip, etc)

Hi is there any universal or general rex to extract every known intersting fields like (url, uri, user, email, ip,...

by Motivator in

Splunk query doesnt show results in dashboard panel but displays results when using search tab

Hi, I am having difficulty in showing up results from splunk query in dashboard panel where it always says 'No result...

by Engager in

How to get count of unique values by group?

Hi I am working on query to retrieve count of unique host IPs by user and country. The country has to be grouped i...

by Explorer in

use map with city name

Hi I have field that call city name is it possible without latitude or longitude, use map to show data on map just ...

by Motivator in

how find continuously occured events

Hi How can I find continuously occured events? e.g 1- I have field that call "response time" if some times s...

by Motivator in

How to pass aggregate function from drop down to time series chart

Hi, I'm trying to pass the aggregate function from the dropdown menu in the Splunk dashboard to the time-series...

by Communicator in

diff between numbers

Hineed to compare total numbers if they are different show table that present them23:57:05.253 app module: PACK: Tota...

by Motivator in

Dedup on data model aftet tstats shows the older event, not the newest

I have a tstats query that pulls its data from an accelerated data model. I need to grab only the most up to date hos...

by Builder in

Why do my post-process timecharts display bad results

Hi I need to use a post process search for displaying a timechart Here is my id configuration <search ...

by Motivator in

Best Way To Storing Predicted Values

I want to use predicted values in my search and apply them to a time chart. What would be the best way to store these...

by Contributor in

find value of fields after performing a regex to split a existing field delimited by a pipe

i have a field value with the following numbers = 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 |12 i would like to...

by Path Finder in

How to join search and use join ?

First Event INFO | 2021-10-18 05:17 AM | BUSINESS RULE | Payload for ID#: 40658606156551247672591634534230307 with ...

by Explorer in

Find change in installed antivirus software version

Starting our journey into Splunk and need some help. I am trying to send and alert when a new version of antivirus ...

by Explorer in

Display all the results of two searches.

Hi Experts, I am running two searches by combining them with appendcols.But the final result is the common fields o...

by Explorer in

Forcing Results Into a Pie Chart and Calculating Percentages In a Table - From the Same Query

I have a video player that logs the following: Video Starts - When a user clicks play and the first frame of the v...

by Explorer in

Slow search when using field "host"

Hi everyone, I have strange Splunk behavior regarding one of the indexes but first a little bit of background: En...

by Observer in

Aggregate only some results

I'll probably find my solution finally but if someone has something at hand, I'd be grateful for sharing  I ha...

by SplunkTrust in

help on base search

hello I try to use a base search between two single panel the first single panel is on the last 24 h and the seco...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

TERM(): How does it work under the covers ?

Search for users having a type of connection based on sessionID

using a search macro inside mvmap, missing )

search log on list of server ip without using csv.file

help to write the request correctly

Unique host list but only when the # of hosts is < some #. To be used for alert content (inline table)

Creating Custom Accelerated Data Models

universal rex for extract intersting fields like (url, uri, user, email, ip, etc)

Splunk query doesnt show results in dashboard panel but displays results when using search tab

How to get count of unique values by group?

use map with city name

how find continuously occured events

How to pass aggregate function from drop down to time series chart

diff between numbers

Dedup on data model aftet tstats shows the older event, not the newest

Why do my post-process timecharts display bad results

Best Way To Storing Predicted Values

find value of fields after performing a regex to split a existing field delimited by a pipe

How to join search and use join ?

Find change in installed antivirus software version

Display all the results of two searches.

Forcing Results Into a Pie Chart and Calculating Percentages In a Table - From the Same Query

Slow search when using field "host"

Aggregate only some results

help on base search

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

SignalFlow: What? Why? How?

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...