Splunk Search

Discussions

Thread Info

How to dedup multivalued fields?

Some of the data coming in from one of our indexes is doing the following( It appears data is repeating for each fiel...

by Communicator in

Calculate the average of 99th percentile

Hi, I am working on a query where I need to calculate the average of 99th percentile values over a 5 minute period of...

by Path Finder in

earliest and latest information in custom python search command

I was not able to find in the doc a way to get earliest and latest information from the datetimepicker to use in my g...

by Builder in

How do i use eval to calculate two fields?

What I am trying to accomplish with the command is to find the events with the EventCode "4624" and Logon_Type "10" o...

by Engager in

Search for instances of 'test' but not 'testn'

I would like to see instances with the source 'test*' - that is everything that starts with 'test' but eliminate 'tes...

by Explorer in

Subtring from url field and then group using the url

I have a field "BackendURL" which contains different url's. for eg : http://abc.com/emp?name=jim&no=101 http://...

by Explorer in

inputlookup excluding index

I am trying to write a query that will ignore events in certain indexes (these indexes change over time). I have a ...

by Path Finder in

Get a list of ID by date and compare with lookup file and get result not in search

Hi everyone I have a lookupfile that contains a name and an ID Brokers.csv Name ID Broker1 101 Broker2 10...

by Explorer in

Using field values from a lookup to modify other field values

Hey everyone,above you can see an example of what I can expect in my work environment..My goal is to modify the value...

by Contributor in

How to display date values based on picker and sort it based on the value being pick

Hi - i'm working on a simple dashboard where user will pick a certain date in a multipicker. Once date is being picke...

by Loves-to-Learn Lots in

How to create a trigger alert with condition that relies on an other alert?

Hello splunkers, I don't now if my title makes sense but here is the situation : I have an alert called buy sig...

by Explorer in

help on where not condition which works randomly

hi As you can see at the end of my search, I use a where condition But sometimes, even if the condition is true (...

by Motivator in

Geographical distance calculation in Splunk Cloud (replacing haversine)

Hi all, We are currently migrating from Splunk on-premise to the Cloud. One of the apps we heavily use is haver...

by New Member in

Help with REGEX

Hello, I need a regex to extract the GUID from non-standard UPN results that show up in this format: ex095838d@mydoma...

by Path Finder in

How to create a search with 2 columns in lookup?

I would like to do a search using 2 columns in a lookup table where the row is AND'd. Something like Col1Col2A1B2...

by Engager in

Splunk add-on for AWS: In a generic S3 input, can a key-prefix contain a wildcard?

Trying to use a key-prefix when setting up a Generic S3 input that utilizes a wildcard in the path, but it doesn't lo...

by Explorer in

List almost-duplicates (in a variable?)

Hello. I have a search that results in, amongst other things, fields that are ALMOST duplicates. Example: Bob: Ta...

by Engager in

Transaction Startswith Endswith Not Grabbing Events Even Though Individual Searches Find Events

Hello, I'm trying to create a search that grabs an authentication failure event followed by a an authentication suc...

by Engager in

Azure AD UPN results regex translation

Mods please delete this duplicate post.

by Path Finder in

How to find out the list of dashboards triggering more than 5 searches

I would like to find out dashboards which are not optimized and each panel is triggering the independent search and c...

by Explorer in

splunk regex & xml

question is two fold question 1 -here is sample log |>messageType|2020-02-2 14:01:55.995|094a786b-4d07-498c-9c26-...

by Explorer in

If I add one field which all my result should have, will it reduce or rise the SearchTime?

As the title said, if we have a field: "sourcetype=log4j" for all result, Should I add it to the search or remove it ...

by Engager in

Splunk query for viewing 0365 management activity by the sender of malicious account to recipients

Goodmorning guys much help needed. I have been receiving a lot of phishing attempts to recipients emails. I am lookin...

by Observer in

regex for uri ignoring query params and path params.

I am trying to find the top api url's that were consumed by our clients. Our uri in logs are of below format. 1. ht...

by Loves-to-Learn Lots in

how to get the user retention rate per month in last 1 year.

Hi team, I have a stats requirement to get he user retention rate that visit a module per month in last 1 year. ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to dedup multivalued fields?

Calculate the average of 99th percentile

earliest and latest information in custom python search command

How do i use eval to calculate two fields?

Search for instances of 'test' but not 'testn'

Subtring from url field and then group using the url

inputlookup excluding index

Get a list of ID by date and compare with lookup file and get result not in search

Using field values from a lookup to modify other field values

How to display date values based on picker and sort it based on the value being pick

How to create a trigger alert with condition that relies on an other alert?

help on where not condition which works randomly

Geographical distance calculation in Splunk Cloud (replacing haversine)

Help with REGEX

How to create a search with 2 columns in lookup?

Splunk add-on for AWS: In a generic S3 input, can a key-prefix contain a wildcard?

List almost-duplicates (in a variable?)

Transaction Startswith Endswith Not Grabbing Events Even Though Individual Searches Find Events

Azure AD UPN results regex translation

How to find out the list of dashboards triggering more than 5 searches

splunk regex & xml

If I add one field which all my result should have, will it reduce or rise the SearchTime?

Splunk query for viewing 0365 management activity by the sender of malicious account to recipients

regex for uri ignoring query params and path params.

how to get the user retention rate per month in last 1 year.

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6