Splunk Search

Thread Info

Change search based on Token Value

Hi,I am kind of new to Splunk and have a problem with my search. I have a dashboard where I have an input field for a...

by Explorer in

Network topology

Hi everyone!Maybe someone faced such a problem: I want to build a Layer 2 network topology, I have enough data for ...

by Path Finder in

How can you adjust timezone in search? Convert UTC to AEST

Hi, I have a field value 2021-07-26T00:30:51.411 UTC which I got from | eval strftime(_time,"%Y-%m-%dT%H:%M:%S.%Q %Z"...

by Communicator in

Splunk query exclude keywords

Hi all i need some help with my splunk query… basically I need to exclude all jobs from output with job name ending...

by Engager in

How can i remove the particular user in table?

I have the below query: | inputlookup test.csv| eval epochtime=strptime(_time, "%a %b %d %H:%M:%S %Y")| eval desire...

by Engager in

Unable to search particular summary index field following Splunk upgrade from 7.0.0 to 8.1.4

Encountering a very odd issue where I have a daily summary index that has pretty simple key=value pairings for fields...

by Contributor in

How to rename dbxquery fields in dashboards?

I am converting many dashboards from using dbquery to dbxquery. I have a few hundred of these queries to convert, wit...

by Engager in

How can we optimize a query that consumes lots of cpu?

We have the following code that ran for one and a half hours last week and consumed lots of cpu. How can we optimize ...

by Motivator in

Search improvement

Hi - looking for a more efficient way to do this, if anyone has any tips: index=xyz sourcetype=abc NOT user_ema...

by Engager in

Log format for Splunk key=value

Hello guys, do you advice this log format: key=value instead of key="value" ? Thanks.

by Motivator in

Loop through single column list in Inputlookup csv and check if column values are found across multiple index events

Hello. I have an input lookup csv file with a single column named “Domain” that has a list of domain names in that co...

by New Member in

How to get the difference of columns from two different tables? (the number of rows in the column is different)

Hi! My task is as follows: I want to compare the increment of a certain type of errors: the average value of each typ...

by Loves-to-Learn Lots in

Transaction not grouping results with startswith and endswith filter

I am doing the labs for Fundamentals Part 2 and I am not understanding something I have to use the startswith and end...

by Engager in

Group widgets/panel in a dashboard with a common border

How to add group widgets/panel in a dashboard with a common border? Eg group1 : panel1, panel 2 - combined bor...

by Communicator in

specifying field in Field Extraction

in search, w/ rex command I can specify which field I want to apply the Regex as following example| rex field=event "...

by Loves-to-Learn in

Heavy forwarder and sysmon

Hello friends, Suppose I install Microsoft Sysmon on a Windows server. I then go install the Universal Forw...

by Path Finder in

Regex help

Hi, I have below sources, source = C:\Stats\user1\Tmpdata\Mappers\Consolesx\start.log source = C:\Stats\user2...

by Path Finder in

Help with Dashboarding

Hello, Here is the whole context and question: https://community.splunk.com/t5/Splunk-Search/Aggregate-query-help...

by Engager in

How do I implement multiple rename commands based on user input

I have a single algorithm with 2 methods. Each method produces the same type of data but with different fields names ...

by Path Finder in

Multiple Rows into one row with primary key

Hi, I have data that looks like this (as you can see user_id 9 has filled numerous rows). This is just a csv inges...

by Engager in

Dynamically Change panel background color based on returned value (no js possible)

Hi. First, I've been using this forum for a few months now as I'm new to Splunk. Thanks to all the contributors ...

by Explorer in

Combine two stacked bar charts side by side

Hi All, I have a use case to align two stacked graphs side by side. So, there are 4 columns with values for any pa...

by Observer in

Firewall logs

sourcetype=cp_log action!=Drop OR action!=Reject OR action!=dropped I am socked ,when i am searching with above q...

by Explorer in

how to set limit

Hello Experts, I am new to Splunk and trying to build basic queries in Splunk to build use cases. Currently I am wo...

by Explorer in

How can I display values of a common field occurring in two different event ID's?

There are various event codes like eventID = "123" , eventID ="456", eventID = "789" . There are some "appID" field...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

Change search based on Token Value

Network topology

How can you adjust timezone in search? Convert UTC to AEST

Splunk query exclude keywords

How can i remove the particular user in table?

Unable to search particular summary index field following Splunk upgrade from 7.0.0 to 8.1.4

How to rename dbxquery fields in dashboards?

How can we optimize a query that consumes lots of cpu?

Search improvement

Log format for Splunk key=value

Loop through single column list in Inputlookup csv and check if column values are found across multiple index events

How to get the difference of columns from two different tables? (the number of rows in the column is different)

Transaction not grouping results with startswith and endswith filter

Group widgets/panel in a dashboard with a common border

specifying field in Field Extraction

Heavy forwarder and sysmon

Regex help

Help with Dashboarding

How do I implement multiple rename commands based on user input

Multiple Rows into one row with primary key

Dynamically Change panel background color based on returned value (no js possible)

Combine two stacked bar charts side by side

Firewall logs

how to set limit

How can I display values of a common field occurring in two different event ID's?

Detecting Brute Force Account Takeover Fraud with Splunk

Buttercup Games: Further Dashboarding Techniques (Part 9)

Buttercup Games: Further Dashboarding Techniques (Part 8)

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...

Splunk Search

Are you a member of the Splunk Community?

Discussions