Splunk Search

Discussions

Thread Info

Calculate difference between 2 time fields using strptime

As an example, I am getting weather data where in each json even I have the sunrise and sunset time for that day. The...

by Communicator in

How to create a real-time map of attacks by Source IP?

I would like to create a live map similar to the one at Norse: http://map.norsecorp.com. Below is the search that ...

by Explorer in

Find percentage between two fields whose name will fall into a naming convention

I have a set of fixed fields that define a maximum threshold with the naming convention of "resources_available_[[con...

by Contributor in

How to use rex to get matching number?

I tried to use | rex "^Version\s(?P(\\d{2}))$ to extract version number - it should only be 2 digit number. But 12.1....

by Path Finder in

How to add link per rows?

I first encountered the plank system. Need any help. Have a table with multiple rows. Is it possible to assign a l...

by New Member in

Why is the stats count showing higher count for date_ then other fields?

I have a report that provides a summary of key activity by IP. I wanted to cross check that information against th...

by Path Finder in

How do I combine two unrelated inputlookups in the same search?

Say I have one lookup which has various fields like host, source and other stuff. And another lookup which has fields...

by Explorer in

Why are several JSON fields getting extracted more than once at search-time?

At search-time, several fields get extracted more than once, even if they only exist once in the event. I know I can ...

by Communicator in

combining stats question, can I do this as one search instead of appending 2?

BASE_SEARCH | rex field=dest_host "^(?<hostname>([a-z0-9\.\-]*\.)?(?<Domain>[a-z0-9\-]{2,}(?=\.[a-z\.]{3,})\.(?<tld>...

by Path Finder in

Timechart with no data gives "No results found"

I want to show the number of bad errors each minute over an hour time period to show as an embedded report. I am u...

by SplunkTrust in

Match values under 2 different fields

Need help. Appreciate in advance. I have 2 lookup csv. I need to match each value under "numberX" field against th...

by New Member in

SPL to find users NOT in ldapsearch subsearch results

Looking for how to query for users that are logging in via Remote Desktop which are not in a certain OU in Active Dir...

by Contributor in

Timechart last month to prior month comparison with trend

Hi, I am trying to compare the number of events from last month to the prior month. So January and February and displ...

by Path Finder in

How to inputlookup a csv file which contains only the hostnames and get the field values of A,b and C?

I have a lookup file which contains a list of hostnames under the field Host like below Host abd addf fdfs Now...

by Builder in

Map/Join Search query with lookup, when field in null

Hello, I am trying to Join/map Search query result with lookup table. I am close to perfect query, Just not be abl...

by Builder in

Why am I getting "Error in '| metadata' " when trying to get the earliest event in a particular index?

I am attempting to determine the earliest event in a particular index by executing the following search over All Time...

by Builder in

Issue combining 2 sourcetypes into 1 table

I am using the following search: index=nessus sourcetype="nessus:plugin" OR sourcetype="nessus:scan" each time ...

by Explorer in

Sorting Multi value Field

Hi , I have to sort 2 multivalue fields and need to compare. Please provide me some example. Thanks Sathish R

by Contributor in

Average of the total count

Hello all, How can I get the average of the output as below? Calculation is 40 + 20 + 50 / 3 = 36.6 REQUEST...

by Path Finder in

How to remove "Other" option from Time Range Picker

I have "Other" as a drop-down option in my Time Range Picker. I have separate times.conf file for my application in ...

by Path Finder in

Splunk Search

Discussions

Calculate difference between 2 time fields using strptime

How to create a real-time map of attacks by Source IP?

Find percentage between two fields whose name will fall into a naming convention

How to use rex to get matching number?

How to add link per rows?

Why is the stats count showing higher count for date_ then other fields?

How do I combine two unrelated inputlookups in the same search?

Why are several JSON fields getting extracted more than once at search-time?

combining stats question, can I do this as one search instead of appending 2?

Timechart with no data gives "No results found"

Match values under 2 different fields

SPL to find users NOT in ldapsearch subsearch results

Timechart last month to prior month comparison with trend

How to inputlookup a csv file which contains only the hostnames and get the field values of A,b and C?

Map/Join Search query with lookup, when field in null

Why am I getting "Error in '| metadata' " when trying to get the earliest event in a particular index?

Issue combining 2 sourcetypes into 1 table

Sorting Multi value Field

Average of the total count

How to remove "Other" option from Time Range Picker

Best of Community @.conf20
Humans That Splunk: Meet Abhishek...
Humans That Splunk: Meet Guiseppe...

Visit our Community Blog >

Field failing to extract (ServiceNow)

Strategy to search entire estate for unique server...

Assistance with Map using Map to perform a search ...

_timeの修正後の値で検索を行う

Search running slowly