Splunk Search

Ask a Question

Discussions

Thread Info

Compare 2 fields from different Index

I am trying to look for accounts which are not active anywhere in network. (index=network user=*) OR (index=okta Sa...

by Loves-to-Learn Everything in

Extract fields from a list

How to extract values from below log file using rex? Log: {Attribute(name=xyz, values={'1'}), Attribute(name=atte...

by Explorer in

Getting a list of unique IDs from a large data set efficiently

We have a relatively small set of devices that emit daily in the vicinity of a million events each. Each device has ...

by Communicator in

For loop within Lookup Table

Hello! I have a lookup table that looks like the following: hosttimestamphost110:33host24:24 What I would...

by New Member in

How to filter the lookup output with the Where clause

Does the Lookup cmd allow for Where clause to filter the output of Lookup? Or do I need to have an extra sub search w...

by Path Finder in

find time gaps

Hi i have log like this, need to find where unusuall time gap between "Packet Processed" and "Send Packet" that exist...

by Motivator in

Why cant i supply a field as value for mvfilter?

I'm trying to exclude a value from a multivalue list, but it only works when I input the string as a value, not as a ...

by Communicator in

[search] Total Login Failures along with Failures per user

Hi All,Can someone help to build a search to check for Total_login_Failures > 10 (per 24H) OR Number of Failures pe...

by Builder in

Long running searches

On all SearchHead cluster members with ver 8.0.2, every day we are observing that CPU utilization grows. After rough...

by Splunk Employee in

Transforming Commands

I'm having issue with a search of mine. I've been trying to organize the matrix so that it will be ready for my pivot...

by Explorer in

Is there a way to monitor servers through Splunk?

Hey everyone, I just had a small search, is there any way to monitor servers using Splunk and get data on their av...

by Explorer in

help on base search event limit

hi I use a basic base search like this <search id="test"> <query>index=toto sourcetype=tutu | fields ...

by Motivator in

How to get the latest date from a lookup

Hello All, Anyone know how I can get the latest date from a lookup file? I am using the script below: | inpu...

by Communicator in

how to format the output of a splunk query ?

Hi, I have a splunk query which results the two outputs (using table) such as "JOB_NAME" and "JOB_ID". For e...

by Path Finder in

How to remove a specific part of a string

My event returns the following: 1@test.com/test/2_0" xmlns:d4p1="http://www.w3.org/1999/xlink"> <eb:Description xml...

by Engager in

REST command is not including all columns from CSV

Hello Splunk Community I have managed to use REST to add some columns from my CSV files. However, not all the colu...

by Communicator in

Adding a field for the amount of minutes the failure rate is above a certain threshold

Hi, I have the bellow search which works out the successes, failures, success_rate, failure_rate and total howe...

by Communicator in

Joining 2 Multivalue fields to generate new field value combinations

I'm working with some json data that contains 1 field with a list of keys and 1 field with a list of values. These pa...

by Contributor in

Find values contained on another filed not exact match

Hello All, This may seem easy, but its been quite tedious. How can I create one field that has common values from ...

by Communicator in

Adding a field for the amount of minutes the failure rate is above a certain threshold

Hi, I have the bellow search which works out the successes, failures, success_rate, failure_rate and total howe...

by Communicator in

How to set color to result if output is less than equal to current date

I wan to set color for output of column if it's date matches current or two days before current date.

by Loves-to-Learn in

multiple case statement not working

Im working with JSON data and the structure is as per the below data: { [-] application: { [+] } completedA...

by Path Finder in

Why chart dc(ids) over _time by events is not working after updating plugins such as "/app/3117" and "/app/3137"??

Actually I created several dashboards in splunk using chart command to look at aggregation w.r.t multiple fields and ...

by New Member in

Searching for active, inactive users.

Hey.Im trying to create a search that lists users that have for example more than 90 days between the last 2 logons.I...

by Communicator in

Index Earliest and Latest events

Hi, I currently have this search that gets the earliest and latest timestamp of index. But since I am running t...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Compare 2 fields from different Index

Extract fields from a list

Getting a list of unique IDs from a large data set efficiently

For loop within Lookup Table

How to filter the lookup output with the Where clause

find time gaps

Why cant i supply a field as value for mvfilter?

[search] Total Login Failures along with Failures per user

Long running searches

Transforming Commands

Is there a way to monitor servers through Splunk?

help on base search event limit

How to get the latest date from a lookup

how to format the output of a splunk query ?

How to remove a specific part of a string

REST command is not including all columns from CSV

Adding a field for the amount of minutes the failure rate is above a certain threshold

Joining 2 Multivalue fields to generate new field value combinations

Find values contained on another filed not exact match

Adding a field for the amount of minutes the failure rate is above a certain threshold

How to set color to result if output is less than equal to current date

multiple case statement not working

Why chart dc(ids) over _time by events is not working after updating plugins such as "/app/3117" and "/app/3137"??

Searching for active, inactive users.

Index Earliest and Latest events

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

Video | Tom’s Smartness Journey Continues

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...