Splunk Search

Ask a Question

Discussions

Thread Info

Search time field extractions with backslash not showing up

Hello Splunk Wizards, I know there are plenty of people who've had similar issues, but I haven't been able to use t...

by Explorer in

No Event Code 1024 appear

Hello everyone, I have the following inputs.conf file which is actually working for the first 2 stanza, but not for...

by Path Finder in

map command with functions

I'm trying to use the map command and it seems to fail when I try using some functions within the subsearch (specific...

by Engager in

detecting SMB traffic

Hello, I am new to Splunk and I am looking for a way to write a rule to detect SMB traffic. Thanks

by New Member in

search is returning distinct values

Hi Experts, |search filed1=Enabled OR "Enabled" OR "Disabled" OR DisabledThe above search is returning four rows.If...

by Explorer in

Matching events with same values across different fields

HI All I have IP flow based information being ingested into Splunk, which consists of source_ip, source_port, desti...

by Engager in

XML field extraction

Hi all, I have a xml file as below. <?xml version="1.0" encoding="UTF-8"?> <suite name="abc" timestamp="20.08...

by Communicator in

Splunk: Return One or True from a search, use that result in another search

Dear Splunk community, In Splunk, I am looking for logs that say "started with profile: [profile name]" and retriev...

by Communicator in

How to add tooltip for radio buttons?

Hi, I have a radio button with 3 choice values. When any of the radio button is clicked or hovered it should show m...

by Builder in

Stats vs StreamStats to detect failed logins with 5 mins time frame

All, I have a simple requirement to list failed login attempts from same src_ip in a span of 5 mins. i have seen 2 o...

by Builder in

Does not load automatic lookup

I have configured an automatic lookup, however when I try to do a search it gives a message " Could not load lookup...

by New Member in

Read error when exporting to CSV file

Hey all, I hope this is the correct board for this question, but I am having an issue when I try to export a search...

by Engager in

Filter events based on the time range(day of week) on a lookup table

Hi, I am trying to filter events based on a lookup table with a time range. My lookup table looks like this: start...

by Loves-to-Learn in

Block all incoming HTTP traffic where the source IP comes from a specific city

by New Member in

TERM(): How does it work under the covers ?

Hi, I have a query which I am not sure why its not working, Assume I have the following JSON record, which has be...

by Path Finder in

Search for users having a type of connection based on sessionID

Hello,I'm trying to debug an issue with an FTP service. I'd like to know that which users are using 'active data conn...

by Explorer in

using a search macro inside mvmap, missing )

Hi Community - I'm trying to extend the Levenshtein distance query in this tutorial: https://www.splunk.com/en_us/blo...

by Engager in

search log on list of server ip without using csv.file

hello, I have list of 20 server IP, I'm not administrator of Splunk, I need to find look match where source or dest...

by Loves-to-Learn in

help to write the request correctly

Hello guys!! help to write the request correctly. otherwise I don't understand how to do it right file.csv user...

by Communicator in

Unique host list but only when the # of hosts is < some #. To be used for alert content (inline table)

index=anIndex sourcetype=aSourceType ("*Starting application:*" AND (host="aHostName*")) | stats values(host) AS Serv...

by Contributor in

Creating Custom Accelerated Data Models

LOOK FOR BOLD for quick overview: I want to control the index-time extraction for events linked to an accelerated d...

by Explorer in

universal rex for extract intersting fields like (url, uri, user, email, ip, etc)

Hi is there any universal or general rex to extract every known intersting fields like (url, uri, user, email, ip,...

by Motivator in

Splunk query doesnt show results in dashboard panel but displays results when using search tab

Hi, I am having difficulty in showing up results from splunk query in dashboard panel where it always says 'No result...

by Engager in

How to get count of unique values by group?

Hi I am working on query to retrieve count of unique host IPs by user and country. The country has to be grouped i...

by Explorer in

use map with city name

Hi I have field that call city name is it possible without latitude or longitude, use map to show data on map just ...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Search time field extractions with backslash not showing up

No Event Code 1024 appear

map command with functions

detecting SMB traffic

search is returning distinct values

Matching events with same values across different fields

XML field extraction

Splunk: Return One or True from a search, use that result in another search

How to add tooltip for radio buttons?

Stats vs StreamStats to detect failed logins with 5 mins time frame

Does not load automatic lookup

Read error when exporting to CSV file

Filter events based on the time range(day of week) on a lookup table

Block all incoming HTTP traffic where the source IP comes from a specific city

TERM(): How does it work under the covers ?

Search for users having a type of connection based on sessionID

using a search macro inside mvmap, missing )

search log on list of server ip without using csv.file

help to write the request correctly

Unique host list but only when the # of hosts is < some #. To be used for alert content (inline table)

Creating Custom Accelerated Data Models

universal rex for extract intersting fields like (url, uri, user, email, ip, etc)

Splunk query doesnt show results in dashboard panel but displays results when using search tab

How to get count of unique values by group?

use map with city name

Advanced Splunk Data Management Strategies

Uncovering Multi-Account Fraud with Splunk Banking Analytics

Secure Your Future: A Deep Dive into the Compliance and Security Enhancements for the ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...