Splunk Search

Discussions

Thread Info

Multivalue-Field Filter

I receive a bunch of messages that all are assigned to a group by the groupID.I also have a dynamic set of a range as...

by Loves-to-Learn Everything in

alert when directory or subdirectory does not have file that created today

Hi I have file server that everyday backups of servers copy on that server on below path: /backup/files/ /backu...

by Motivator in

How can I perform a lookup of a value against Threat Intelligence datamodel to see if it is present or not?

Hi, I am using the Threat Intelligence datamodel in my Splunk ES environment. It is being populated with a Threat ...

by Path Finder in

Compare 2 Multivalue Fields

I am looking to run a search and filter out whitelisted exceptions in a lookup file. 2 of the fields could contain m...

by Engager in

Join with calculated earliest

Hi, I don't know if it is possible, but I would like to specify the time range of a join subsearch from a calculate...

by Explorer in

Need calculate a count of each "Su M Tu W Th F Sa" between two dates

Hello, i´m looking to get this result between each start /end time. hope you could help me  For example: ...

by Path Finder in

find top maximum transaction duration

HiI have log file like this: 2021-07-15 00:00:01,869 INFO APP.InEE-p1-1234567 [AppListener] Receive Message[A123]: ...

by Motivator in

Splunk query to display % failures

Need help with a Splunk query to display % failures % failures = A1/A2 *100 A1= Total number of events returned...

by Communicator in

calculate difference for each group

actionfeatureversionlocationcount?difference?Af1v1WA1200Af1v1OR11010Af1v1CA1155Bf1v1AZ1200Af1v2WA141Af1v2OR105Bf1v2AZ...

by Loves-to-Learn Lots in

Sum of duration problem

I created some of the columns using regex. So all of the codes for the regex needs to be included. I would like to fi...

by Path Finder in

Calculate Transaction Duration

Hi i have log file like this: 2021-07-15 00:00:01,869 INFO client.InEE-server1-1234567 [AppListener] Receive ...

by Motivator in

How to link multiple sourcetypes based on multiple fields

I have a few sourcetypes, looking something like this: sourcetype=weatherdate, location, temperature sourcetype=a...

by Engager in

Junk characters showing when I use stats with list command to get the logins and logout of a VPN

Dear Community Members , In splunk cloud instance :I am trying to get VPN login and logout for users in a single ta...

by Path Finder in

How to fix Splunk from incorrectly extracting hostname field in syslog events?

Hi there, we have an issue with hostname extraction from syslog events. Normaly the extraction works fine, but fo...

by Contributor in

Enrichment with sub-search in a certain time period by using index

Hi Folks, I am trying to enrich my search with subsearch in the same time bucket/bin. The search can be found below...

by Path Finder in

Mulit lookup with same event-field, lookup-destfield and event-destfield

Hi All I'm new on splunk and have following problem. We need data from a table depending on the value of a variab...

by New Member in

Rex syntax to define result data

Hello, I am looking to clean up the result data from a Splunk query.How do I remove all the text prior to the user na...

by New Member in

Splunk ES and Correlation searches

Hello Splunkers.I'm working on some of the usecases on ES and one of the request that I've got from my upper manageme...

by Path Finder in

Need to remove duplicate data

We have 3 different (Active,Closed,Resolved) records for same Incident and we need to retrieve only Active incident r...

by Explorer in

search different index

I have 3 different indexes and they asked me to search by document number. The structure of the logs is differe...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Multivalue-Field Filter

alert when directory or subdirectory does not have file that created today

How can I perform a lookup of a value against Threat Intelligence datamodel to see if it is present or not?

Compare 2 Multivalue Fields

Join with calculated earliest

Need calculate a count of each "Su M Tu W Th F Sa" between two dates

find top maximum transaction duration

Splunk query to display % failures

calculate difference for each group

Sum of duration problem

Calculate Transaction Duration

How to link multiple sourcetypes based on multiple fields

Junk characters showing when I use stats with list command to get the logins and logout of a VPN

How to fix Splunk from incorrectly extracting hostname field in syslog events?

Enrichment with sub-search in a certain time period by using index

Mulit lookup with same event-field, lookup-destfield and event-destfield

Rex syntax to define result data

Splunk ES and Correlation searches

Need to remove duplicate data

search different index

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

There's No Place Like Chrome and the Splunk Platform

Customer Experience | Join the Customer Advisory Board!

Using comparison function within mstats

Search to match high temp events, but ignore speci...

splunk search statement using keyword from input b...

Ex Cisco - run a report for all DFS users who logg...

Splunk query to list all the queries that time out