Splunk Search

Discussions

Thread Info

Dashboard with /var/log/sudo.log, /var/log/secure and /var/log/audit/audit.log Events

Hello, I am working on dashboard for our Linux admins. They require being able to view all events from /var/log/sudo....

by Builder in

List of host from Syslog-ng server.

Hi Team I could see my license limit has reached for my syslog-ng. Can you please let me know how can I get a list...

by Path Finder in

how to group similar messages into one message and get count of them

Example: errormessages total user a not found. 7 user b not found...

by Explorer in

Reconciliation from 3 different sourcetypes

Hi All, I have an issue while trying to reconcile events from 3 different source types, the events from each source...

by Path Finder in

Join Two Events- Showing log on and log off activity and duration

I have a project that I am working on that will display when a user logs onto a server and logs out then calculates t...

by Explorer in

How to create a time chart with row data?

I have search that runs every day that populates a CSV that looks like this (I have more sources, but wanted to keep ...

by Communicator in

How do we extract multiple events from xml response from REST API call

Hello Spunkers, I am trying to ingest the data using REST APIs and as a response i do see xml response in below for...

by New Member in

Left join - find missing data from second index

Hello, I am quite new to Splunk and this is my first post. Hoping that I can get some help from this awesome communit...

by Explorer in

Bubble Chart

How do I display the below as a bubble chart? When I click the bubble chart for my search query its not working prope...

by Engager in

Understanding how to append to a lookup following an example

Currently going over the Splunk App for Windows Infrastructure and found a saved search that updates a lookup table t...

by Communicator in

How to find the perple who leave in the next day

We have a game and login log. I want to anyalize the people that login today and don't login tommorow, which is to an...

by Explorer in

Using Rex to pull out a file path , file name and extension from verbose message field

Hi all, I'm new to splunk searches and would appreciate some help to find out how to pull out the file path, fi...

by Explorer in

Adding lookups to App?

Ok not sure if in the right section. So I have been using Zeek for Splunk and TA_suricata and we are getting a lo...

by Loves-to-Learn Everything in

How to put 2 different time fraims in dashboard

Dears, please can you help? I have dashboard with several panels including graphs and reports. I would like creat...

by Path Finder in

Split results that are in same row

Currently I am running into an issue where if there is a person logs onto a server multiple times, it combines. Any i...

by Explorer in

Concurrent Active VPN Sessions on a Timechart

I'm struggling to find a working solution to show cumulative active VPN sessions on a timechart with 20m data points....

by Path Finder in

Splunk Statics Table - How to get the max of column and use it to evaluate each row

Splunk Statics Table - How to get the max of column and use it to evaluate each row Hello, looking for advice and r...

by Explorer in

Show triggered events from last 5 minutes from a 2 hour moving average

Good day,We are looking at a solution to alert us on abnormal traffic spike. We have leverage the standard deviation,...

by Explorer in

Sort issue

Hey all, I am having a file that has the following stuff: #9#10#4#1..#6For everything that is not #9 or #10, I a...

by Path Finder in

How to find events that match except with the fields reversed.

I am trying to figure out how to display all of the reverse matches in a list by each event. This would include showi...

by Engager in

SPL2 for onpremise

I stumbled upon the documentation for SPL2 for splunk cloud. Are there any plans for SPL2 for Splunk On-premise? ...

by Communicator in

Average of Seconds and Milliseconds using extracted values

I am trying to put together and average duration (calculated and logged by product) as well as count. however the log...

by Explorer in

How to automatically rerun failed alerts

Hi, I have 14 alerts that cover all the infrastructure, my company uses. I get my data from a data bus every 60 minu...

by Path Finder in

Regex help

hey all looking for some help pulling some digits via regex. I am looking to pull the numbers directly after Actual v...

by Path Finder in

# of events in the result and stats count by <field>

Hello all, We are new to Splunk , learning and working SLO/SLIs defined for the application. We are confused in th...

by Observer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Dashboard with /var/log/sudo.log, /var/log/secure and /var/log/audit/audit.log Events

List of host from Syslog-ng server.

how to group similar messages into one message and get count of them

Reconciliation from 3 different sourcetypes

Join Two Events- Showing log on and log off activity and duration

How to create a time chart with row data?

How do we extract multiple events from xml response from REST API call

Left join - find missing data from second index

Bubble Chart

Understanding how to append to a lookup following an example

How to find the perple who leave in the next day

Using Rex to pull out a file path , file name and extension from verbose message field

Adding lookups to App?

How to put 2 different time fraims in dashboard

Split results that are in same row

Concurrent Active VPN Sessions on a Timechart

Splunk Statics Table - How to get the max of column and use it to evaluate each row

Show triggered events from last 5 minutes from a 2 hour moving average

Sort issue

How to find events that match except with the fields reversed.

SPL2 for onpremise

Average of Seconds and Milliseconds using extracted values

How to automatically rerun failed alerts

Regex help

# of events in the result and stats count by <field>

Changes to Splunk Instructor-Led Training Completion Criteria

Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!

Preparing your Splunk Environment for OpenSSL3

Detection from Splunk logs for specific events, su...

How to check MQ reconnects after a connection is d...

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas