Splunk Search

Ask a Question

Discussions

Thread Info

Password spraying search

Hi, I am attempting to create a search for a password spraying attempt. I need the IP address and Hostname made...

by Explorer in

Looking for a result each day in the week

Hello In my base search I'm looking for stores with the minimum count of 1 for 4 differend kind of errors. I count ...

by Explorer in

List of realtime searches showing deleted reports/alerts

Hi, I have the following SPL as a dashboard panel which shows realtime searches. This is so I can contact the owners ...

by Path Finder in

how to remove a portion of string

Hi all, my data as below: 11111_aaaa/ppppaaaa 1110_bb/kjm I want to remove anything after /, like this 1111...

by Engager in

Splunklib API retrieve inputlookup

Hi all, have been using the splunklib package in Python to connect to the Splunk API for some time now, and it work...

by Explorer in

How does OR work with strings?

Hello, I noticed that ... WHERE somefield = string1 OR string2 works the same way as ... WHERE s...

by Communicator in

Use two stats function with different group by

how to get this two stats result in one query (earliest=-24h@h index="s_data_sum" (type="c" OR type="s") (sourcetyp...

by Loves-to-Learn Lots in

How to search for failed login attempts?

I hate to say it, but I am a Splunk-newb. I plan on taking a Splunk course, but for now, I am just trying to get my f...

by Explorer in

Compare Multivalue Fields With Lookup

Greetings Splunkers,I've been banging my head against the keyboard to try and resolve this comparison issue, I know t...

by Communicator in

How do you evaluate the difference between 2 multivalue fields?

Hi, Let's say we have 2 multivalue fields Field1={a,b,c,d} Field2={a,b,c,d,e} Is it possible to evaluate th...

by Motivator in

how to compare two events in one search to highlight what's changed

Hi, I am trying to compare the between two events (json format), say, I can pipe with "head 2" to output only two eve...

by Engager in

Uses Transform Field Extraction-Delimiter

Hello, I was using Transform type Field Extraction, I have an issue to select my Delimiter and facing some errors (...

by Motivator in

Check if time is within last 3 hrs

Hi all, I am looking to check if there has been a event within the last 3 hrs for three different categories. If an...

by Path Finder in

Splunk search - How to search the fields1 values contains in field2

Hi All, Hope you guys are doing fine.I do have few doubts with relates to field comparison. Please find the below sam...

by Communicator in

Edit data In Splunk

I have a data in Splunk like index="main" FnameCountryfname1USAfname1USAfname3USA I want to add and change ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Password spraying search

Looking for a result each day in the week

List of realtime searches showing deleted reports/alerts

how to remove a portion of string

Splunklib API retrieve inputlookup

How does OR work with strings?

Use two stats function with different group by

How to search for failed login attempts?

Compare Multivalue Fields With Lookup

How do you evaluate the difference between 2 multivalue fields?

how to compare two events in one search to highlight what's changed

Uses Transform Field Extraction-Delimiter

Check if time is within last 3 hrs

Splunk search - How to search the fields1 values contains in field2

Edit data In Splunk

Observability Unveiled: Navigating OpenTelemetry's Framework and Deployment Options

Observability | How to Think About Instrumentation Overhead (White Paper)

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

How to find events between time ranges for a servi...

How to combine rows based on parent-child relation...

Outputlookup to a kvstore does not write results

How do I limit a search to everything except the t...

StatsBuffer::read: Row is too large for StatsBuffe...