Splunk Search

Discussions

Thread Info

How can I fetch user_agent info and OS from AWS-WAF logs

I tried many ways to fetch the Web Browser, Version and OS info from the below format, i was unable to could you plea...

by New Member in

Connectivity Search

I have an issue with the connectivity between the heavy forwarder and the deployment server. What is a search that I ...

by New Member in

Display the lowest duration for all models

SerialNumberDuration111A200111A500222230033331003333250 How can I display only the lowest duration for each...

by Path Finder in

MLTK alerts and training set

Hi, I have built a ML model for detecting Categorial outliers. Base search for the model is given as last 30 days[t...

by Path Finder in

Does DensityFunction use partial_fit ?

Hi,I am using MLTK's DensityFunction on my datamodel fields, I want to use Partial_Fit=true.But Im getting below erro...

by Explorer in

Event correlation between two index

I want to correlate events between two index Index=A Index = B There are multiple user field(user, src_user, ds...

by Loves-to-Learn Lots in

Combine data from 2 indexes

Hi,I am trying to combine data from 2 indexen, but i find it hard to do.I tried several stats values command, but tha...

by Path Finder in

ı want time values comes from subsearch to main search for every record

ı want time values comes from subsearch to main search for every record, for example my vpn session table have a star...

by Path Finder in

Is it possible to access _internal index of a search peer?

Not sure that I've picked the correct location - moderators, please move. I found that I cannot normally run a sear...

by Builder in

Basic use of tstats and a lookup

Here is a basic tstats search I use to check network traffic. | tstats summariesonly=t fillnull_value="...

by Explorer in

stats,streamstats command question

I'm going to check the permission and rejection of the scan attack per hour.At this point, what I wrote...Which is ap...

by Path Finder in

List events in csv not found in index

Hi, I have finally got my search to work that compares data between index and lookup (csv) file that contains a...

by Explorer in

Splunk running total

Hey Splunk gang, I have a dashboard that I am creating and it will ingest a file every 5 minutes. I need to creat...

by Engager in

Removing fields vs. search performance

I'm watching the Fundamentals 2 course (finally XD) and I've come across the search ending with something like: | sor...

by SplunkTrust in

I need to create a Dashboard that has a text component panel. Font size of the text will change based on count value

Hello, I have a simple dashboard that has 2 panels: 1)Types of dashboards (single value component defining co...

by Explorer in

Searching for exact term

I want to try a search for "9.com"However the results return 89.com,five9.com,guru99.com How to execute this. P...

by New Member in

How to Schedule a PDF Delivery in Splunk ? The option is greyed out.

Hi. I have a Splunk dashboard, and there is a requirement to send the dashboard as a pdf report everyday. I can see...

by Explorer in

Query for Consecutive count for missed time range

[Updated] HI All, @ITWhisperer Please help me on this I have data like below - HostNameLastConnectedA...

by Motivator in

Transaction not grouping subsequent filter strings

I am trying to find the occurrence whenever the state changes due to the error. Below are my sample events: 2021/08...

by Path Finder in

Make line chart from 2 multivalue fields

Hi, I have 2 multivalue fields I want to make a simple line chart out of them. Each event looks like this x: [0.1,0.2...

by Loves-to-Learn in

PROPS Conf with Header

Hello, I have some issues to create PROPS Conf file for following sample data events. It's a text file with header in...

by Motivator in

create dashboard from text log file

Dear All, I am new to splunk, I want to extract data from one of the log file and like to create the dashboard visu...

by New Member in

Check events in time

index="fw" app="ping"| bin _time span=10m| stats count by client_ip,dest_ip| stats list(dest_ip) AS dest_ip , list(co...

by Path Finder in

Time format

I have time field which have values such as 9AM-10PM, 10:00AM-11:00PM, I want to change 9AM-10PM to 9:00AM-10:00 PM, ...

by Path Finder in

Email user if windows session is X days old

I am trying to set up an alert in Splunk that will email a user whenever their Windows session is X days old. It woul...

by Loves-to-Learn Lots in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How can I fetch user_agent info and OS from AWS-WAF logs

Connectivity Search

Display the lowest duration for all models

MLTK alerts and training set

Does DensityFunction use partial_fit ?

Event correlation between two index

Combine data from 2 indexes

ı want time values comes from subsearch to main search for every record

Is it possible to access _internal index of a search peer?

Basic use of tstats and a lookup

stats,streamstats command question

List events in csv not found in index

Splunk running total

Removing fields vs. search performance

I need to create a Dashboard that has a text component panel. Font size of the text will change based on count value

Searching for exact term

How to Schedule a PDF Delivery in Splunk ? The option is greyed out.

Query for Consecutive count for missed time range

Transaction not grouping subsequent filter strings

Make line chart from 2 multivalue fields

PROPS Conf with Header

create dashboard from text log file

Check events in time

Time format

Email user if windows session is X days old

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...