Splunk Search

Discussions

Thread Info

How to group by src_ip and getting the same source and destination IPs repeated or duplicate entries?

Hi, I am working on use case which has following requirements 1. high number of connections to external DNS IP...

by Observer in

How to do stats count based on condition?

index="*dockerlogs*" source="*gps-request-processor-test*" OR source="*gps-external-processor-test*" OR source="*gps-...

by Explorer in

How can I apply mvdedup to field dst.port only if numbers of dst ports = field COUNT?

Hello everyone! I have basic search index=main| stats list(src.port), list(dst.port) count(src.ip) as COUNT by ...

by Contributor in

How can I turn a single value number into a percentage?

So I'm trying to turn a single value number into a percentage but the code just returns a number still. Here's my ...

by Path Finder in

How to find Delta between 2 sets of events?

Hello, I have use cases to find the Delta between 2 sets of events. We get events once a day, our objective is to ...

by Motivator in

How to splunk search to get time only from date time?

hi All, can you help with splunk search to get time only from date time. example as 2022/11/28 17:00:00 want to...

by Path Finder in

How to get the latest status of the workflow?

Hello Splunkers, Workflows are monitored through splunk. Workflows has different stages like running , paused, can...

by Observer in

How to show distinct count?

index=XX sourcetype=YY source=*/log/abc.log| dedup _time, bppm_message, bppm_nodename sortby -_indextime| rex field=b...

by Path Finder in

How to retrieve data form keys value?

i have a table who contain multiple keys and value one of them keys{"body"} value are below: "body": "{\n \"Type\"...

by Explorer in

How to sum status like 201, 202 error status become 2xx.?

I want to get a search for get sum status error of http_user_agent like second dashboard. I do not know how to sum st...

by Explorer in

Comparing two different fields in separate events?

Hi Splunkers I am looking to get some help in spl for following use case | makeresults count=4 | strea...

by New Member in

How to make my search fast when searching field names?

Hi Dears, When I search only IPs without field names in Firewall indexes search is fast, like: index="EX" "X.X....

by Explorer in

Splunk search for between 2 sourcetypes where field 1 of source1 matches with field 2 of source 2?

I have 2 sourcetype sourcetype="source1" and sourcetype="source2" This is how sample data looks: source1: CI...

by Explorer in

Where are the failures of sendemail logged in?

Does anybody know where the failures of sendemail are being logged? I wonder about cases where the e-mail address no ...

by Motivator in

Is there a better way to search for internal hard drive serial numbers?

Hello Splunk Community. I am trying to use Splunk to search for the serial number of the installed hard drive(s). ...

by New Member in

How to get sparkline to show a straight line?

I'm trying to get sparklines with the stats command and I'm getting straight lines in Sparkline instead of dips and r...

by New Member in

How to use dbinspect to monitor a specific index and get the following information?

Hi, I would like to monitor a specific index and get the following information:source - nameoldest searchable even...

by Explorer in

How to put 4 field in table view but some field have long sentence so the table view was in organize?

I use mvzip command index=main sourcetype="ms.356" | eval nested_payload=mvzip(mvzip(flaw, solution),answer) ...

by Path Finder in

How to convert specific columns to rows in Search SPL?

Hi Friends, I want to convert 2 specific columns to rows and remaining columns should be present. This is my cu...

by Path Finder in

How to merge and map two splunk multi value fields and creating a seperate field?

Hi All, We have below data extracted in splunk and the ask is , in the "Node" field we need to make first two value...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to group by src_ip and getting the same source and destination IPs repeated or duplicate entries?

How to do stats count based on condition?

How can I apply mvdedup to field dst.port only if numbers of dst ports = field COUNT?

How can I turn a single value number into a percentage?

How to find Delta between 2 sets of events?

How to splunk search to get time only from date time?

How to get the latest status of the workflow?

How to show distinct count?

How to retrieve data form keys value?

How to sum status like 201, 202 error status become 2xx.?

Comparing two different fields in separate events?

How to make my search fast when searching field names?

Splunk search for between 2 sourcetypes where field 1 of source1 matches with field 2 of source 2?

Where are the failures of sendemail logged in?

Is there a better way to search for internal hard drive serial numbers?

How to get sparkline to show a straight line?

How to use dbinspect to monitor a specific index and get the following information?

How to put 4 field in table view but some field have long sentence so the table view was in organize?

How to convert specific columns to rows in Search SPL?

How to merge and map two splunk multi value fields and creating a seperate field?

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...