Splunk Search

Discussions

Thread Info

Viewing all Indexes and sourcetypes in use.

We are in the midst of a migration from one server to the next, and need to see if there are queries running against ...

by Loves-to-Learn Lots in

Improve App & Search Performance

I'm currently looking at increasing the performance of our Splunk Search Head. I'm running a number of Apps at the re...

by Loves-to-Learn in

Can I read the dmc_forwarder_assets lookup using the rest api?

Can I read the dmc_forwarder_assets lookup using the rest api of the Monitoring Console?

by Motivator in

Finding common strings in a field brought back from search

I'm trying to run a search and find the most common strings in a field of the results. It seems like there is a way b...

by Observer in

How can I correlate a variable number of fields with a similar prefix in a single event?

We have a web api that orchestrates calls to other services. So for example we may have an incoming call to `/api`, w...

by Observer in

How to use the stored results in variables after stats command using by clause in calculation ?

Hi, I'm using the below query in order retrieve average and standard deviation for the respective days (mon,tue,we...

by Path Finder in

max successfull VPN users per day by monthly.

Initially I have query with successful VPN user logings.(usernames) Now I want to get the max(high) nubmber of users ...

by Path Finder in

Does the Mobile Access Server work with the Mobile Device Management (MDM) solution Microsoft Intune?

Mobile Access Server is an application typically accessed from the internet. Therefore, some customers require a MDM ...

by Explorer in

How to search the top messages in the last 24 hours and count those same messages in the same 24 hour period from the previous week?

I'm trying to create a search for the top 15 messages that occurred in the last 24 hours. Then take those top 15 mess...

by New Member in

parse query string parameters

Our logs will have urls logged in the below manner: /v1/customers/1/sites?includeContacts=True&showOnlyPrimarySites...

by Explorer in

Fundamentals 1 module 4 data load does not return any data (events) when searched on

I am taking the Fundaments 1 course loaded the module 4 data files and had the 239,625 events loaded as per the lab d...

by New Member in

Pass the hash query review

Hello everyoneI'm trying to build search for Pass the Hash.I've seen below article:https://blog.stealthbits.com/how-t...

by Engager in

User with name per most used application

I want to run a query on a server to display all users with their names per application. It is about finding out whic...

by New Member in

How can I replace Parenthesis in a URL field with Dots?

Hi, I have a DNS logs with Parenthesis + numbers instead of Dots in the URL filed. How can I replace them with ...

by Path Finder in

Replacing "No Results Found" with "0"

I have the below query: My Search query returns a value when it finds some result whereas when it doesn't find any...

by Explorer in

Create Dynamic URL for Splunk Search Dashboard URL

I am working on creating a simple UI environment and want to include links to related Splunk search result web dashbo...

by Engager in

What to use to a search a hash and return all info of all users that have a hit?

New to Splunk but understand regex and have a strong background in sed/awk/curl/bashI want to search a hash and retur...

by Explorer in

group certain URLs

I have a search that returns events with many different URLs index=test URL=* I want to ob...

by Engager in

how to count values from a filed and show count as column

i am running below query to get total count by date_mday. search query | eval ver=substr(av,1,4) | stats count(ver)...

by Explorer in

Compare two different rows and count values from search B

index=spb_uip_qa_automation splunkAutomationTag="Client_ReleaseChecklist_Staging_Platform_Desktop_Chrome_9.15.0.1568_...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Viewing all Indexes and sourcetypes in use.

Improve App & Search Performance

Can I read the dmc_forwarder_assets lookup using the rest api?

Finding common strings in a field brought back from search

How can I correlate a variable number of fields with a similar prefix in a single event?

How to use the stored results in variables after stats command using by clause in calculation ?

max successfull VPN users per day by monthly.

Does the Mobile Access Server work with the Mobile Device Management (MDM) solution Microsoft Intune?

How to search the top messages in the last 24 hours and count those same messages in the same 24 hour period from the previous week?

parse query string parameters

Fundamentals 1 module 4 data load does not return any data (events) when searched on

Pass the hash query review

User with name per most used application

How can I replace Parenthesis in a URL field with Dots?

Replacing "No Results Found" with "0"

Create Dynamic URL for Splunk Search Dashboard URL

What to use to a search a hash and return all info of all users that have a hit?

group certain URLs

how to count values from a filed and show count as column

Compare two different rows and count values from search B

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

Platform Newsletter Highlights | March 2023

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...