Splunk Search

Discussions

Thread Info

How to retrieve results for event only if its field does not match that of another event

Hello, I am trying to get only the events from my logs that have started a task (in this case, going to a room) and...

by Path Finder in

How can I find out which props/transforms does the Message field extraction?

The Message field of wineventlog is being handled by the default configurations or of the TA and I would like to chan...

by Motivator in

metric stats

Hello, I'm still very new to splunk and I could use some help. I hope this question is not too general. I would lik...

by Path Finder in

How to use a Lookup table or an Imported CSV file to perform a search

Hello Everyone and welcome is there a way to import a csv file to then use it a search parameter to search for even...

by Communicator in

Field calculation for flow of events

Dear Splunkers, I have a flow of events and need to perform alarm when some value, e.g. metricValue is greater than t...

by Explorer in

User agent browser type display issue

Hi team I tried the below spl eval command index=aws Website="*"| stats count(eval(match(User_Agent, "Fi...

by Path Finder in

count time between each period time

Hello dear community,I have a splunk search where I look for all the events that occur over a specific period of time...

by Path Finder in

Using custom metrices indexes.

How to use metrics index to store metrics data from events on SH?Does is it possible to have multiple values and mul...

by Loves-to-Learn in

Display ticket status and count

Need help with a query please:I have ticket data where the life cycle is Assigned, Work in Progress, Fixed, Closed an...

by Engager in

How to color the Scheduled Report table results in mail ?

I have one scheduled report which will provide below table results in email. Requirement is to color the 'Validation ...

by Communicator in

How to return alternative subsearch results if a first subsearch returns empty string

In general terms, I've been trying to create a search that can perform a subsearch using a few fields that are presen...

by New Member in

In order to events occured from past 3 mon till now

by Loves-to-Learn Everything in

timechart of events first appearance

I am trying to find events based on when they were initially logged and grouped by some column. For example, from th...

by Explorer in

Create alert based on success rate per a group

Hi all, I need to create an alert based on a success rate less than a specific value. My data is as follows: stor...

by Explorer in

File Comparision

I have a file which is being indexed(say today) and then again indexed after updating(say tomorrow). I have to compar...

by Path Finder in

Expire Rows in a Lookup After 30 Days

Hi Splunkheads, Need some advice here. I have built a simple lookup table and simple search for known bad ip addre...

by Explorer in

Why is a power user unable to search a particular index?

I have admin user and power user (role=power), when i search a particular index (iis_web) it does not return the outp...

by Communicator in

bin by date that is not the time field

Hi, So I have a goal to count user visits, but the log polls too frequently, so we are going to define a visit by o...

by Communicator in

Breakdown the Totals

I want to add more columns that will show the sessions. Such as sudo su ssh etc. Currently I have this: index="na...

by Observer in

Different search results quetion

Hello all, Running the following search (direct count) at different times of the day for the same time period I rec...

by Loves-to-Learn in

Rex

Hello!! I have a field value that looks like: abcd124567-1609173498 I only want to remove abcd-1609173498 and h...

by New Member in

How to combine multiple rows in a field to one row in the same field?

I have a data set as seen below. exec arguments /bin/sh sh -...

by Path Finder in

Dynamic date comparison

I am creating a search that detects compliance received from palo alto signatures we are receving 4 sets of dates: ...

by Explorer in

Using fillnull_value or fillnull value with Tstats

I am trying to fill the null values and using a datamodel. I want to use tstats and fill null values will "Null" usin...

by Loves-to-Learn Lots in

Detailed search for the triggered alerts in Splunk

Hi team, I'm trying to build a search which will search for the alerts which have been triggered for a hosts during...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to retrieve results for event only if its field does not match that of another event

How can I find out which props/transforms does the Message field extraction?

metric stats

How to use a Lookup table or an Imported CSV file to perform a search

Field calculation for flow of events

User agent browser type display issue

count time between each period time

Using custom metrices indexes.

Display ticket status and count

How to color the Scheduled Report table results in mail ?

How to return alternative subsearch results if a first subsearch returns empty string

In order to events occured from past 3 mon till now

timechart of events first appearance

Create alert based on success rate per a group

File Comparision

Expire Rows in a Lookup After 30 Days

Why is a power user unable to search a particular index?

bin by date that is not the time field

Breakdown the Totals

Different search results quetion

Rex

How to combine multiple rows in a field to one row in the same field?

Dynamic date comparison

Using fillnull_value or fillnull value with Tstats

Detailed search for the triggered alerts in Splunk

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

AppDynamics is now part of Splunk Ideas

Advanced Splunk Data Management Strategies

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...