Splunk Search

Thread Info

tstats search fails when attempting cidr match on IPv6 subnets

Attempting to run a tstats search that excludes a collection of IPv6 ranges from the results as follows: | tsta...

by Path Finder in

How to create a condition on one event based on the values of another event

Hi all, I have a situation like the following: I have some events with a start and end time that tell me when...

by Explorer in

How to pass earliest/latest and time input to the search as the same token to the searches in the dashboard?

I have created a time input and also two text boxes to pass earliest and latest values to the searches. When I sele...

by Explorer in

Extracting information nested in a JSON-like format

Hello,I'm designing some searches from O365 logs that have a complicated field called "Data", depending on the worklo...

by Loves-to-Learn in

StreamingCommand block when input contains non-ascii character

Environment: splunk8.0 python3 splunk python SDK 1.6.11 When I write a customized command with python: #!/usr/b...

by Engager in

lookup returns multivalue on match of single field?

Hi, Strange behavior with Automatic lookup (same with manual lookup). I have csv file that contains codes, exampl...

by Communicator in

Dynamic search for multi sources

Hi All, I need some help in searching,so I have 1 index but it has multiple sources, Index = Index1 and within ...

by Explorer in

need search with if condition

Am getting data in this format now.but i need to show only those row where sum of all column values are > 500am t...

by Path Finder in

Port flapping MAC search

Hi team! Couldn't find any info about it....but how make a proper search string to see what MAC address was on flap...

by New Member in

How to Keep Fields from Becoming Multivalued

Hello, I have events like this: 2021-06-07 17:53:01 UserId:123 Session complete2021-06-07 17:25:01 UserId:123 Sta...

by Path Finder in

How to Get An Event from Within a Transaction

Hello, I am trying to get an event inside of a transaction to use for duration calculation. My events currently loo...

by Path Finder in

Why custom search command not working without being prefixed by dedup

Hi, I created a custom StreamingCommand which makes REST API calls to get user details, based on a userid. If com...

by Observer in

Transaction global status

Hi, I have some events like : --------------------------------- TXID;RECEIVER;STATUSAA11;RCV00001;OKAA11;RCV000...

by Explorer in

limits.conf, non-global settings local to specific App

All, Hopefully a straightforward question.Is it possible to increase the following setting in a .../appname/local/lim...

by Path Finder in

Filtering PaloAlto events

Dear Splunkers, can you please help with the following problem: We use single instance and PaloAlto logs are sent t...

by Path Finder in

Help with Splunk search to join two searches with common field

I am trying to join two searches with a common field Event1: Jun 7 14:55:37 v3**v sudo: pam_sss(sudo:auth): auth...

by Builder in

How do I "merge" events?

Hello, I have to parse this very custom LOG, and i'm having trouble figuring out how to do this: I have two differ...

by Communicator in

Subsearch produced 221180 results, truncating to maxout 10000.

Hi All, i have 221180 ips in csv(deattackerv1.csv) with only one field "ip" .. where i want to check if we have an...

by Engager in

Splunk search removing ../ automatically

I am currently working on a log and filtering data. Splunk has identified uri_query as a field. I have come acros...

by Engager in

How to get a ratio of two fields based on condition?

Following is the data I have: Time (DD/MM/YYYY 00:00:00)Delay_class (String value, example "B. > 15 MIN" or "A. < 1...

by Engager in

Comparing a pair of unique fields with a common denominator

I'm trying to create a dashboard that shows the count of new vulnerabilities between this month and last month, using...

by Explorer in

How to determine right value for Outlier Tolerance Threshold command in Smart Outlier Detection Assistant in MLTK app ?

I am developing a use case to detect outliers on logons for a specific app using Smart Outlier Detection Assistant in...

by Contributor in

How to change base search with token?

Hello, I have several different type of searches and made all of those as base search. And now I want to make...

by Path Finder in

Lookup from CSV and output another column

Hello, I am comparing a host.csv file with two columns "IP" and "DNS" I want to compare the IP column to my base se...

by Explorer in

How to cancel |dbxquery sql query?

Hi, We are using Splunk DB Connect on search heads to run "|dbxquery" command with SQL queries to Snowflake DB. S...

by Builder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

tstats search fails when attempting cidr match on IPv6 subnets

How to create a condition on one event based on the values of another event

How to pass earliest/latest and time input to the search as the same token to the searches in the dashboard?

Extracting information nested in a JSON-like format

StreamingCommand block when input contains non-ascii character

lookup returns multivalue on match of single field?

Dynamic search for multi sources

need search with if condition

Port flapping MAC search

How to Keep Fields from Becoming Multivalued

How to Get An Event from Within a Transaction

Why custom search command not working without being prefixed by dedup

Transaction global status

limits.conf, non-global settings local to specific App

Filtering PaloAlto events

Help with Splunk search to join two searches with common field

How do I "merge" events?

Subsearch produced 221180 results, truncating to maxout 10000.

Splunk search removing ../ automatically

How to get a ratio of two fields based on condition?

Comparing a pair of unique fields with a common denominator

How to determine right value for Outlier Tolerance Threshold command in Smart Outlier Detection Assistant in MLTK app ?

How to change base search with token?

Lookup from CSV and output another column

How to cancel |dbxquery sql query?

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...