Splunk Search

Thread Info

AWS Alerts

Hi I am new to Splunk , it seems the Cloudtrail Alert are not working. Need some help how to fix the issue ...

by Path Finder in

field with exclusively one value

here is how my base search output looks: nameversionbrowserrunTimecall1alphachrome75call1betachrome48call2alphafire...

by Explorer in

I need to get a kvstore lookup from my ES search head to another search head... REST API in SPL?

I am creating a dashboard that unfortunately badly needs a kvstore lookup that lives on the ES search head. I know I ...

by Builder in

Searching for a specific Expression

Splunkers I am new to the community and learning the Art of splunk! I am searching raw data from a syslog server, ...

by Explorer in

run script on remote machine

I am looking at running script which is stored on my local machine and I want to run that script on a remote machine....

by Path Finder in

dlink log extraction

Hello, we are trying to parse logs from a dlink DXS-3600 but we are not able to find the correct format, we have tr...

by Explorer in

Get top 3 IP's for each user in top 10 list

I have a list of top 10 users, but I also want the top 3 IP addresses used by those users in a table. Some users will...

by Path Finder in

I want to continuously rerun an alert that fails until it is successful

I have something like 20+ alerts that give my team telemetric data on our ESX and Storage clusters. We collect our me...

by Path Finder in

Count values of grouped key

I have logs like this: user=userA ip=1.1.1.1 ...user=userA ip=1.1.1.2 ...user=userB ip=1.1.2.1 ...user=userB ip=1.1...

by Engager in

subsearch results truncated as the number of entries in the lookup exceeded 10000

Hi all,Using Splunk cloud I'm trying to look up the time difference between when a message is received from a sender ...

by New Member in

Earliest entry for each host

Hello, In my lookup I have the following data: _time='2020-10-21 15:00' usage='1' host='A'_time='2020-10-26 15:00...

by Explorer in

Is there a way to save the results for parts of a search so when I modify the tail end, I don't have to run the whole search?

I am executing the following search and it is taking a long time to execute. Is there a way to save the results of pa...

by Path Finder in

Issues with time parameter in Collect command

Hi All, I am populating the summary index from yesterdays data via tstats count on a Data model and inspite of adding...

by Path Finder in

Search if an URL contains a user field

Hi all, I made a search where I use a regular expression to extract the username from the email address because we ...

by Communicator in

Search for Example Events by Field

Hi, I'm trying to search for an example event of different types by field so that I can see the detail of different t...

by Path Finder in

How to calculate values in two fields ?

hi, My issue is I have a table like that : field 1field 2 10212210 I want to create an third column that cr...

by Builder in

Join two tables and retrieve latest record from the second table

Hi Team, I have a requirement that i'm writing a join query.Query-1 returns id ,time 55600072020-09-27 12:30:1...

by Explorer in

Counting events start\end in same event

I have data coming from an Avaya phone system that provides me the end time of the event and the duration, I am creat...

by Loves-to-Learn in

separately calculated stats side by side in a table

I am building a table displayed in a splunk dashboard that needs a complicated query and I was hoping to get a quick ...

by Engager in

Creating a Splunk Alert Rule for Anomoly's detected

Hello, I am trying to create a splunk alert to trigger when it detects an anomaly in the firewall logs based on...

by Loves-to-Learn in

Field extraction needed

Hi, I have data in XML format. Out of many fields that I have extracted, there is another field name pluginText whi...

by Builder in

Volume end of each day

Hi community, using Splunk for a ~month now and need some help, If done correctly, I have the realtime volume/d...

by Explorer in

Why does this chart work, but this table doesn't?

I would like to apply a formula to each of the values in the field "stocks." I have been able to show this in a char...

by Path Finder in

Whitelist traffic using lookup table

Hi all i would like to ask how we can use a lookup table to whitelist a set of src and dest. sample traffic ...

by Engager in

source count vs summary index count not match

Hi All, have this dilemma where source counts does not match the count inserted in summary index. sample query that...

by Observer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

AWS Alerts

field with exclusively one value

I need to get a kvstore lookup from my ES search head to another search head... REST API in SPL?

Searching for a specific Expression

run script on remote machine

dlink log extraction

Get top 3 IP's for each user in top 10 list

I want to continuously rerun an alert that fails until it is successful

Count values of grouped key

subsearch results truncated as the number of entries in the lookup exceeded 10000

Earliest entry for each host

Is there a way to save the results for parts of a search so when I modify the tail end, I don't have to run the whole search?

Issues with time parameter in Collect command

Search if an URL contains a user field

Search for Example Events by Field

How to calculate values in two fields ?

Join two tables and retrieve latest record from the second table

Counting events start\end in same event

separately calculated stats side by side in a table

Creating a Splunk Alert Rule for Anomoly's detected

Field extraction needed

Volume end of each day

Why does this chart work, but this table doesn't?

Whitelist traffic using lookup table

source count vs summary index count not match

Enterprise Security Content Update (ESCU) | New Releases

Join the Splunk Developer Program Hackathon: Splunk Build-a-thon!

Announcing the Expansion of the Splunk Academic Alliance Program

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...