Splunk Search

Discussions

Thread Info

earliest and latest HH:MM across multiple days

I want to set dynamic SLA's for File Processing. In order to do this I need to: 1. get the earliest HH:MM:SS the j...

by Explorer in

How do i search for IPv6 addresses from my src_ip field.

I'm trying to do a search that finds IPv6 addresses. Currently our field src_ip has both IPv4 and IPv6 in it. How can...

by Path Finder in

How to use stats instead of transaction command ?

log1 : user_id , status=interrupt, log2 : user_id, status = success Hi All, I want to find user_ids that failed...

by Explorer in

Combine two searches

Hi, I have 2 sample logs and I need to combine them into 1 query to grab the "Accesses" values, Due to the l...

by Loves-to-Learn Lots in

Help with Boolean query

Below is an example of what I want to accomplish: If x="example" and y="success", return true for this segment....

by Path Finder in

Searching data that is not indexed

We have data which is not being indexed that needs to be searched. I've been told by our Splunk admin team that the d...

by Explorer in

Exclude Source IP and Destination IP from results if they belong to same private ip range

Hi There, How do i Exclude Source IP and Destination IP from results if they belong to same private ip range? For e...

by Communicator in

SPL Query to filter the ip used less than 20+users

Hi Team, I have a dashboard where existing results showing Event date, Event title, email id, Logon IP, Logon Locat...

by Path Finder in

Count of all query present in lookup file

I've created a lookup file with 2 columns like this, basically a lookup file containing list of search queries. ...

by Explorer in

split filed into multiple filed

I would like to break "X" field into multiple field based on available value. "X" contain data in following format. ...

by Explorer in

regex extraction

Hi from this log: 23:52:52.758 alex appinfo: Terminating due to signal: 1 How can I extract these item wit...

by Motivator in

map command alternative

Hi Everyone, I had been using map command on a set of few tens of entries . Basically it gets Busername field and ...

by New Member in

I see error in Low Level HTTP request failure err=failed method=POST in search head cluster

I have see below error messages in my search head cluster members .i am using 8.2v.can i get some resolution for this...

by Path Finder in

Search filter returning odd results

Hey everyone! Hope you are doing alright and my question is in the right place here. For a few days, i am se...

by Loves-to-Learn Lots in

Splunk Query

Hi @gcusello , Can you please help me to design a Splunk query to show whether a particular user has been comin...

by Path Finder in

Spliting single filed into multiple fields based on different delimiters

Hi, I have the following value in a field which needs to be split into multiple fields, Classname: abc.TestAut...

by Explorer in

Blind mask with eval

Hi, I would like to count how many times "Booking failed with 1 source conflict and 1 destination conflict" messag...

by Explorer in

How to find the number of fields that consists "Passed" and also the Total number of fields available.

This is my sample data. i need the total "passed" These are the Headers, Node Name _time, Anti-Spoofing, Rule Ban...

by Communicator in

Why is `trigger_time` different for every _audit search query?

I am running following search query to obtain history of triggered alerts (time, name, severity), manually: ...

by Path Finder in

How do I split a SQL statement's query fields and relate each field with the app name?

I have a search result like below: { [-] dt: 2021-06-24T22:46:40.7013297Z flds: [ [-] { [-] fn: usern...

by Explorer in

How to display two timecharts on one chart

trying to display two timecharts together, to make it easy to spot the time when no response received for the request...

by Explorer in

How to show timechart and timewrap of business hours

I am trying to compare count of events with previous days within business hours, here is my query index...

by Path Finder in

how to extract the required data from the _raw field in splunk..

This is my _raw data consists 06/24/2021 17:26:17 +0530, info_search_time=1624535777.471, Dns Rule=Passed, HOSTNAME...

by Communicator in

Plot error % as timeseries

How to plot http error % as timeseries? (when I add _time or timeseries count Iam getting DAG: Execution exception (s...

by New Member in

Timechart by field in tabular format

There are 100s of APIs in my application. I'm logging exception for an API. I can get stats to get total no of excep...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

earliest and latest HH:MM across multiple days

How do i search for IPv6 addresses from my src_ip field.

How to use stats instead of transaction command ?

Combine two searches

Help with Boolean query

Searching data that is not indexed

Exclude Source IP and Destination IP from results if they belong to same private ip range

SPL Query to filter the ip used less than 20+users

Count of all query present in lookup file

split filed into multiple filed

regex extraction

map command alternative

I see error in Low Level HTTP request failure err=failed method=POST in search head cluster

Search filter returning odd results

Splunk Query

Spliting single filed into multiple fields based on different delimiters

Blind mask with eval

How to find the number of fields that consists "Passed" and also the Total number of fields available.

Why is `trigger_time` different for every _audit search query?

How do I split a SQL statement's query fields and relate each field with the app name?

How to display two timecharts on one chart

How to show timechart and timewrap of business hours

how to extract the required data from the _raw field in splunk..

Plot error % as timeseries

Timechart by field in tabular format

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

Logs to Metrics

Developer Spotlight with Paul Stout

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown