Splunk Search

Ask a Question

Discussions

Thread Info

Dynamic search for multi sources

Hi All, I need some help in searching,so I have 1 index but it has multiple sources, Index = Index1 and within ...

by Explorer in

need search with if condition

Am getting data in this format now.but i need to show only those row where sum of all column values are > 500am t...

by Path Finder in

Port flapping MAC search

Hi team! Couldn't find any info about it....but how make a proper search string to see what MAC address was on flap...

by New Member in

How to Keep Fields from Becoming Multivalued

Hello, I have events like this: 2021-06-07 17:53:01 UserId:123 Session complete2021-06-07 17:25:01 UserId:123 Sta...

by Path Finder in

How to Get An Event from Within a Transaction

Hello, I am trying to get an event inside of a transaction to use for duration calculation. My events currently loo...

by Path Finder in

Why custom search command not working without being prefixed by dedup

Hi, I created a custom StreamingCommand which makes REST API calls to get user details, based on a userid. If com...

by Observer in

Transaction global status

Hi, I have some events like : --------------------------------- TXID;RECEIVER;STATUSAA11;RCV00001;OKAA11;RCV000...

by Explorer in

limits.conf, non-global settings local to specific App

All, Hopefully a straightforward question.Is it possible to increase the following setting in a .../appname/local/lim...

by Path Finder in

Filtering PaloAlto events

Dear Splunkers, can you please help with the following problem: We use single instance and PaloAlto logs are sent t...

by Path Finder in

Help with Splunk search to join two searches with common field

I am trying to join two searches with a common field Event1: Jun 7 14:55:37 v3**v sudo: pam_sss(sudo:auth): auth...

by Builder in

How do I "merge" events?

Hello, I have to parse this very custom LOG, and i'm having trouble figuring out how to do this: I have two differ...

by Communicator in

Subsearch produced 221180 results, truncating to maxout 10000.

Hi All, i have 221180 ips in csv(deattackerv1.csv) with only one field "ip" .. where i want to check if we have an...

by Engager in

Splunk search removing ../ automatically

I am currently working on a log and filtering data. Splunk has identified uri_query as a field. I have come acros...

by Engager in

How to get a ratio of two fields based on condition?

Following is the data I have: Time (DD/MM/YYYY 00:00:00)Delay_class (String value, example "B. > 15 MIN" or "A. < 1...

by Engager in

Comparing a pair of unique fields with a common denominator

I'm trying to create a dashboard that shows the count of new vulnerabilities between this month and last month, using...

by Explorer in

How to determine right value for Outlier Tolerance Threshold command in Smart Outlier Detection Assistant in MLTK app ?

I am developing a use case to detect outliers on logons for a specific app using Smart Outlier Detection Assistant in...

by Contributor in

How to change base search with token?

Hello, I have several different type of searches and made all of those as base search. And now I want to make...

by Path Finder in

Lookup from CSV and output another column

Hello, I am comparing a host.csv file with two columns "IP" and "DNS" I want to compare the IP column to my base se...

by Explorer in

How to cancel |dbxquery sql query?

Hi, We are using Splunk DB Connect on search heads to run "|dbxquery" command with SQL queries to Snowflake DB. S...

by Builder in

Convert long table to confusion matrix

I am looking to create a confusion matrix out of a tabled query of the form [query] | table unchanged true pred W...

by Engager in

Set difference of a table field in Splunk

From a search I composed a table, let's call it T1, formed by two columns table name, sourcetype Now I need to crea...

by New Member in

rename boolean value in a pie chart

I have a boolean field which I get from the search, now when I do a stats count by boolean_field, the pie chart will ...

by Path Finder in

Splunk Search Query Help

Hello All, Could you please suggest to me whether this option is good or is there any optimized search query? query...

by Loves-to-Learn in

Combining/appending multiple makeresults

I am providing data from one input in the dashboard, and want to search provided input strings in different fields wh...

by Path Finder in

Select multiple lines into a new filed

Hello! So I'm new to Splunk, and I have a very long event but I'm only interested in the below two lines (there are...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Dynamic search for multi sources

need search with if condition

Port flapping MAC search

How to Keep Fields from Becoming Multivalued

How to Get An Event from Within a Transaction

Why custom search command not working without being prefixed by dedup

Transaction global status

limits.conf, non-global settings local to specific App

Filtering PaloAlto events

Help with Splunk search to join two searches with common field

How do I "merge" events?

Subsearch produced 221180 results, truncating to maxout 10000.

Splunk search removing ../ automatically

How to get a ratio of two fields based on condition?

Comparing a pair of unique fields with a common denominator

How to determine right value for Outlier Tolerance Threshold command in Smart Outlier Detection Assistant in MLTK app ?

How to change base search with token?

Lookup from CSV and output another column

How to cancel |dbxquery sql query?

Convert long table to confusion matrix

Set difference of a table field in Splunk

rename boolean value in a pie chart

Splunk Search Query Help

Combining/appending multiple makeresults

Select multiple lines into a new filed

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

StateSpaceForecast holdback and forecast_k for eva...

ITSI thresholds: adaptive vs static