Splunk Search

Ask a Question

Discussions

Thread Info

Search eval strftime result of current day across lookup.

I'm using the following to eval current_day: | inputlookup Files_And_Thresholds| eval current_day=lower(strftime(re...

by Explorer in

report acceleration

Hi, I have the bellow search: I am trying to use acceleration reporting however because the event stats I can't, ...

by Communicator in

Summary stats from distinct (overflowing) counters.

Hello. I have a set of hosts which send some stats. In my case these are rsyslog impstats statistics but it can be ...

by SplunkTrust in

How to group together rows with similar names into a single row

This is the table. How can I group together similar names into one entry and the count is added for both of them. For...

by Explorer in

want the current day of the week with now() then i want to use value to compare data for past 4 weeks for same DOW

Need help : I have a splunk query where i want to evaluate today (day of week) using now() and then use it to c...

by Engager in

Can any one help me to write splunk query which gives volume($ amount) or calculate each source ingesting data

I am looking for a splunk query which can calculate each sourcetype ingesting data in splunk. you can take below samp...

by New Member in

How to split multiple lines of data into a single individual line in splunk using \n?

As i mentioned below prod column has multiple values and i want to split it based on \n next line command and get the...

by Builder in

TAXII files being downloaded but not processed by Enterprise Security

Hi Splunkers. We are having an issue whereby a TAXII feed has stopped being incorporated into the Enterprise Securi...

by Path Finder in

Nested JSON (Returns Empty)

Hi All,Have a search that is not returning what I would like. Need to unest some JSON but having issues.Here is an ex...

by Path Finder in

Using dedub on same results within 1 minute range

Hi I'm trying to find user that login on Non-working hour between 4pm-4am by looking at eventcode=4624.I need to ex...

by Loves-to-Learn in

Consolidation From Different Sources

Hey Everyone! I'm in need of some help, advice, Ouija board (lol)...whatever can do the trick. I am wanting to know...

by Engager in

Similar events within 1s of each other?

I have logs like of this form: [2021-08-19T13:59:05.607] [INFO] collect - [4a2b9170-0130-11ec-95b3-17c017e0ec5d] {"...

by Engager in

search filed values from sourcetype1 to another sourcetype2

Hi,I need help in searching field value from the first search to another search with deferent sourcetype and combine ...

by Explorer in

Combining Separate Searches

Hello, I am attempting to combine 2 reports (1 is a normal stats search return and the other is a pie chart using t...

by Engager in

Splunk search - is it possible to automatically expand a result property wrap?

Hi,In my query: index="my_local" | sort -DateI get a list of items, and if I look at one item (and lick "show as ra...

by Explorer in

PROPS CONF-Text file with header

Hello, I have some issues to create PROPS Conf file for following sample data events. It's a text file with header in...

by Motivator in

Password spraying search

Hi, I am attempting to create a search for a password spraying attempt. I need the IP address and Hostname made...

by Explorer in

Looking for a result each day in the week

Hello In my base search I'm looking for stores with the minimum count of 1 for 4 differend kind of errors. I count ...

by Explorer in

List of realtime searches showing deleted reports/alerts

Hi, I have the following SPL as a dashboard panel which shows realtime searches. This is so I can contact the owners ...

by Path Finder in

how to remove a portion of string

Hi all, my data as below: 11111_aaaa/ppppaaaa 1110_bb/kjm I want to remove anything after /, like this 1111...

by Engager in

Splunklib API retrieve inputlookup

Hi all, have been using the splunklib package in Python to connect to the Splunk API for some time now, and it work...

by Explorer in

How does OR work with strings?

Hello, I noticed that ... WHERE somefield = string1 OR string2 works the same way as ... WHERE s...

by Communicator in

Use two stats function with different group by

how to get this two stats result in one query (earliest=-24h@h index="s_data_sum" (type="c" OR type="s") (sourcetyp...

by Loves-to-Learn Lots in

How to search for failed login attempts?

I hate to say it, but I am a Splunk-newb. I plan on taking a Splunk course, but for now, I am just trying to get my f...

by Explorer in

Compare Multivalue Fields With Lookup

Greetings Splunkers,I've been banging my head against the keyboard to try and resolve this comparison issue, I know t...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Search eval strftime result of current day across lookup.

report acceleration

Summary stats from distinct (overflowing) counters.

How to group together rows with similar names into a single row

want the current day of the week with now() then i want to use value to compare data for past 4 weeks for same DOW

Can any one help me to write splunk query which gives volume($ amount) or calculate each source ingesting data

How to split multiple lines of data into a single individual line in splunk using \n?

TAXII files being downloaded but not processed by Enterprise Security

Nested JSON (Returns Empty)

Using dedub on same results within 1 minute range

Consolidation From Different Sources

Similar events within 1s of each other?

search filed values from sourcetype1 to another sourcetype2

Combining Separate Searches

Splunk search - is it possible to automatically expand a result property wrap?

PROPS CONF-Text file with header

Password spraying search

Looking for a result each day in the week

List of realtime searches showing deleted reports/alerts

how to remove a portion of string

Splunklib API retrieve inputlookup

How does OR work with strings?

Use two stats function with different group by

How to search for failed login attempts?

Compare Multivalue Fields With Lookup

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions