Splunk Search

Ask a Question

Discussions

Thread Info

Is there BOTSv3 writeup?

https://github.com/splunk/botsv3https://www.splunk.com/en_us/blog/security/botsv3-dataset-released.html I'm startin...

by Ultra Champion in

Extract Fields from JSON

Hi Everyone. Thanks in advance for any help. I am trying to extract some fields (Status, RecordsPurged) from a JSO...

by Path Finder in

stats count for different days in separate fields

Hi, I’m trying to get product count for yesterday and 7 days ago from yesterday in two separate fields, results ar...

by Explorer in

Cluster Command Max Cluster Size

Is there a way to set the maximum cluster size for the clusters generated by the "cluster" command?

by Path Finder in

Stats by custom string

I'd like to display stats based on a custom string within a log entry. Below is sample of the log entry. I'd like t...

by Explorer in

visited websites

Hello, I would like to set up statistics on the visited websites by the users. I would like to find all users who vis...

by Observer in

excluding from search results

Hello everyone, When a user visits a website, it can make hundreds of separate requests related to advertising. So ...

by Observer in

How to create an eval on random data string ?

Hi, My issue is : I want to create a field from random data string (always the same) which is not present in all lo...

by Builder in

How to remove spaces from the beginning and end of a field value?

I want to remove spaces from starting and ending of field I was trying to achieve this using ... | rex mode=sed...

by New Member in

Use Regex to extract data from _raw and rename the extracted field

Hello Splunkers, Please advise how to use regex to extract the below specific fields from _raw data and also add/r...

by Path Finder in

Table creation with desired fields

I have the query below, but i i dont want the services to like this.. how can i get the names of the services to ...

by Contributor in

Combine a field from a previous row based on other fields and create another field

Here's an example data in splunk (bookstore logs): time(ms)idstagepayload1020984aaaa-bbbb-cccccheckoutLord Of The R...

by Engager in

Saved Search vs. Open Search Server Error in Query

Good day Splunkers, Today doing an audit of my Alerts, I opened one in "Open Search" and immediately got "Server Er...

by Path Finder in

Clarification needed on eval split() function

For the following search command, what is the expected output? | makeresults | eval text_string = "I:red_he...

by Communicator in

Using lookup table & Append

I have two queries. First one has multiple fields: source, IP, comment & cIP and this is exported CSV as a output loo...

by Path Finder in

Match on 2 csv and index and return stats

Hello, GOAL: determine if application server has logged based on a list of application ID codes I have 2 csv loo...

by Observer in

Why am I getting error "Configuration initialization for {Path} took longer than expected when dispatching a search"?

The following error is displayed can't figure any solution need help. Configuration initialization for {Path} took...

by Explorer in

Cannot add fields from lookup file to events

Good Day, I am working with the following: Through an indexer I have Three fields of interest, Field A, Field B, ...

by Engager in

How to sort dynamic column names after timechart and transpose

Hi, I'm creating a report with the following search that runs each month covering the past 3 months of data. It w...

by Explorer in

Regex/Rex - Non Capture Groups

Hi all. New here. So I have been working with some data strings that contain varied asset numbers for computers...

by Observer in

Create a dashboard that displays a user name accounts that have received a password reset email.

I'm trying to create a dashboard that displays a user name accounts that have received a password reset email.

by Explorer in

What I did wrong here with makeresults command

Hello experts, I am trying to create a custom macro, from that it will returns a result depends on the argument I p...

by Path Finder in

Checking mvexpand Memory Usage

Hi All,We are trying to get the memory usage of mvexpand command so that we can set the max_mem_usage_mb in the limit...

by New Member in

Local Documentation: Is it possible to have a local copy of what is at docsCheckerBaseURL?

Is it possible to have a local copy of what is at docsCheckerBaseURL

by Engager in

How to use iplocation to search for instances of a specific city or region?

Hello, I am trying to use iplocation to search for instances of a specific city or region for example: * ...

by Loves-to-Learn in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Is there BOTSv3 writeup?

Extract Fields from JSON

stats count for different days in separate fields

Cluster Command Max Cluster Size

Stats by custom string

visited websites

excluding from search results

How to create an eval on random data string ?

How to remove spaces from the beginning and end of a field value?

Use Regex to extract data from _raw and rename the extracted field

Table creation with desired fields

Combine a field from a previous row based on other fields and create another field

Saved Search vs. Open Search Server Error in Query

Clarification needed on eval split() function

Using lookup table & Append

Match on 2 csv and index and return stats

Why am I getting error "Configuration initialization for {Path} took longer than expected when dispatching a search"?

Cannot add fields from lookup file to events

How to sort dynamic column names after timechart and transpose

Regex/Rex - Non Capture Groups

Create a dashboard that displays a user name accounts that have received a password reset email.

What I did wrong here with makeresults command

Checking mvexpand Memory Usage

Local Documentation: Is it possible to have a local copy of what is at docsCheckerBaseURL?

How to use iplocation to search for instances of a specific city or region?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...