Splunk Search

Discussions

Thread Info

SOURCE_Key Extraction

I Have used the below two events to test the SOURCE_KEY = <132>1 2023-12-24T09:48:05+00:00 DCSECIDKOASV02 ike...

by Path Finder in

How to convert CSV lookup to DBXlookup?

How to convert CSV lookup to DBXlookup?The lookup using CSV worked just fine.The CSV was moved to the database and wh...

by Motivator in

streamstats | reset_after condition not applied within the scope of each user (field)

Hi Team, What I'm trying to achieve: Find the consecutive failure events followed by a success event. | m...

by Explorer in

Modification of query for detecting Successful Logins following Password Spray Attacks in Auth0 Logs

Hello, I need some help with adjusting an alert for detecting a password spray attack using Auth0 logs in Splunk. W...

by Loves-to-Learn in

Retrieve service depandancy with splunk entreprise

hello i'm beginner in splunk. Currently, i'm working with splunk entreprise i want to retrieve microservices depandan...

by New Member in

Join with different field names

I have an inputlookup called adexport.csv thats big... trying to join and match two fields in the lookup UserName a...

by Path Finder in

How to combine two searches with common value into one table

I need help regarding a join from events based on different sourcetype (same index) that are related by the same valu...

by Explorer in

Working with where clause

Hello, I'm fairly new to splunk, trying to search using where clause and filter the results. The query is running...

by Explorer in

Transaction Order Out of Sequence Identification

Hi All, We have an application that gets events in from an external party but occasionally we see out of sequence e...

by Path Finder in

Stats for number of days a user was active in time period

I am trying to get a table showing the number of days a user was active in the given time period. I currently have a...

by Engager in

Is it possible to export entire dashboard panel contents to Javascript?

As the title suggests I have a dashboard with various panels and wondering if it's possible to export a single panel ...

by Path Finder in

Replace Eval Function using Regex

When using regex how can I take a field formatted as "0012-4250" and only show the 1st and lat 3 digits? I tried the ...

by Path Finder in

extract fields

I am trying to get DeviceName and DeviceToken to var from 365 logfirst I use eval Device =mvindex('ModifiedProperties...

by Explorer in

SOLVED - Splunk Search Command, Regex, and OR Operator

Greetings all, I'm trying to search inside a lookup table and I need to use a search command follow by an OR and re...

by Path Finder in

Time difference between 2 results, grouped by day

I have a search that returns two results per day (a job's log entry of when it started and when it ended). I want to ...

by New Member in

New User Looking for help comparing values

Hi All! First post, super new user to Splunk. Have a search that i modified from a one a team member previously creat...

by Engager in

Total time taken to execute a log

I am writing a query which will give total time taken by a log/event for execution in milliseconds : index=xyz clus...

by Loves-to-Learn in

instr in Splunk ?

Below is one of my fields. Quite complex, I know It could be divided to more atomic values .. but it is not [Au...

by Path Finder in

Need help in listing the time gaps in a multi-value field

Hi, I need help in extracting the time gaps in a multi-value field represented as Date. My data output looks like t...

by Path Finder in

Removing FQDN from field values

Removing FQDN from field values Hi all, can anyone help me with framing the SPL query for the below requirement. ...

by Explorer in

Query to check all apps in lookup that haven't had an event in the last 90 days.

I have a lookup that has saved all apps installed on our deployment server. I need a query that checks all apps in th...

by Engager in

How to use aggregates to filter data and join the result to another search?

Hello, I have an index with events, where events belong to a transaction (transaction_id). I am interested in trans...

by Loves-to-Learn in

Ignore time zone in searches

Hi, is there a way of ignoring the time zone in the searches? Currently, Splunk will reinterpret the difference in ti...

by Builder in

Find an error in 1st system and then find errors close in time in a 2nd system

"Find event in one search, get related events by time in another search"Found some related questions but could not fo...

by Explorer in

Anomalydetection

Hello Splunk team, I was troubleshooting one query with anomalydetection command (https://docs.splunk.com/Documentati...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

SOURCE_Key Extraction

How to convert CSV lookup to DBXlookup?

streamstats | reset_after condition not applied within the scope of each user (field)

Modification of query for detecting Successful Logins following Password Spray Attacks in Auth0 Logs

Retrieve service depandancy with splunk entreprise

Join with different field names

How to combine two searches with common value into one table

Working with where clause

Transaction Order Out of Sequence Identification

Stats for number of days a user was active in time period

Is it possible to export entire dashboard panel contents to Javascript?

Replace Eval Function using Regex

extract fields

SOLVED - Splunk Search Command, Regex, and OR Operator

Time difference between 2 results, grouped by day

New User Looking for help comparing values

Total time taken to execute a log

instr in Splunk ?

Need help in listing the time gaps in a multi-value field

Removing FQDN from field values

Query to check all apps in lookup that haven't had an event in the last 90 days.

How to use aggregates to filter data and join the result to another search?

Ignore time zone in searches

Find an error in 1st system and then find errors close in time in a 2nd system

Anomalydetection

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions