Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Help with regex

Hi, I have below in column default_message 1st regex : default_message= <14>shell: cmd by abcd: mkdir test ca...

by Communicator in

Why does my token in my search query not work?

I've created a dropdown input field that shows the user accounts that are locked out And this is the sea...

by Explorer in

How to create inventory that matches user to the devices they have logged into?

Hello All, I am looking for a solution to establish a kind of IT inventory, based on logins. Is there any worki...

by New Member in

how to use transaction to Group multiple events with field values in a specific order

hello , i have many logs like: "_time1 user=A eventid =45" "_time2 user=A eventid=46" "_time3 user=A eventid=48...

by New Member in

How to perform Rolling Percentiles (e.g. P90) over a time period?

I need help on doing cumulative percentiles, such as p90, over a period of time. This is different from rolling avera...

by Path Finder in

Compare value of row'1', column'1' with row'n', column'n' and if matched then diff=(Size_In_MB_new-Size_In_MB)

I want to compare (OWNER)(TABLE_NAME) to (OWNER_New)(TABLE_NAME_New). And once the value matched then want to find di...

by New Member in

SPLUNK architecture

Hi, I am very new to SPLUNK and inherited an environment without much documentation. Can anyone help with the followi...

by Explorer in

count Events per minute but only for same users

Hi Splunkers, some examples from our logs.. [Time:11:03:01] [Function:upload] [User:aaa][Time:11:03:10] [Functi...

by Explorer in

How to check whether splunk is receiving logs from particular IP

Hi Guys, Syslog is sent to forwarder IP through TCP 514 port. I am unable to receive those syslog in forwarder or ind...

by Communicator in

Stats StatusCode error Rate

Hi There, Need help to find the status code error rate where status code is >400. I have below Query to time c...

by Explorer in

Time duration filter

Hi All, Need help in getting the data for those Downtime > 15 mins. below is the query am using. ...

by Communicator in

How to query alerts by a specific personal domains?

Hello, I'm trying to put a query together to monitor/view emails being sent externally to a personal domain. i.e...

by Engager in

src_ip, with all dest_ips and dest_ports

The following search is not giving me what I want.. sourcetype="sidewinder" action="blocked" direction="internal" ...

by Contributor in

How to add final total count of results without adding another column?

I can't seem to figure out a way to add a bottom row for a total count of results (records) to the end of the results...

by Path Finder in

Timechart issue

I have created a dashboard panel that shows all the users with failed logins in the form of a timechart I'...

by Explorer in

How to create a search for date compare to get the exact output?

I am trying on date compare but i am unable to get the exact output The condition for Date Compare: if(Firs...

by Path Finder in

How to perform a field extraction on a field from a lookup table?

Hi, How to perform a field extraction on a field from a lookup table? I'm trying to add another field so the da...

by Explorer in

Self Join and override Values

Need some help with a query Sample Data: { id: “123”, start_time: “2020-08-01 15:00:00”, end_time: “2020-...

by Explorer in

Difference of values using single value with percentage

I would like to put together a graph with the difference of values as a percentage, so I can use the single value a...

by Path Finder in

Using subsearch result as a variable

Hello, This is my first post, so I apologize if I'm lacking in some sort of post etiquette or other guidelines. I'm...

by Loves-to-Learn Lots in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Help with regex

Why does my token in my search query not work?

How to create inventory that matches user to the devices they have logged into?

how to use transaction to Group multiple events with field values in a specific order

How to perform Rolling Percentiles (e.g. P90) over a time period?

Compare value of row'1', column'1' with row'n', column'n' and if matched then diff=(Size_In_MB_new-Size_In_MB)

SPLUNK architecture

count Events per minute but only for same users

How to check whether splunk is receiving logs from particular IP

Stats StatusCode error Rate

Time duration filter

How to query alerts by a specific personal domains?

src_ip, with all dest_ips and dest_ports

How to add final total count of results without adding another column?

Timechart issue

How to create a search for date compare to get the exact output?

How to perform a field extraction on a field from a lookup table?

Self Join and override Values

Difference of values using single value with percentage

Using subsearch result as a variable

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Ready, Set, SOAR: How Utility Apps Can Up Level Your Playbooks!

How to filter index from inputlook and avoid 10k s...

How to configure splunk HF to route the events whi...

Why are events duplicating when running | collect ...

Help with SNMP Modular Input- Why am I not seeing ...

email alerts