Splunk Search

Discussions

Thread Info

How to restrict one group to see only 1 log file in Splunk

I have the following from a client: I was about to make is for a new AD group “Splunk_CAPS_CAS_Payments” so that they...

by Path Finder in

how to add a new column to existing inputlookup

Hi Experts, Hi have existing inputlookup file like test.csv which contains 3 fields like host source sourcetype, i...

by Path Finder in

How to do log analysis using splunk

I am working on approach to upload logs to splunk,I have set of queries to query in logs and extract the values.How t...

by New Member in

Extract an value from logged sentence

Hi, I'm trying to make a Splunk panel display a value from a log that gets added to every 4 minutes. I need to be abl...

by Explorer in

regex only first occurrance

logs source=/api/docker/docker-snapshot-demo/v2/pdap/pdap-validator-router/manifests/1.0.aws source=/api/docker/docke...

by New Member in

Get fields associated with the earliest event in a search

Hi all, I am still a Splunk novice but I am looking for some help using the earliest command. I am calculating a ...

by Explorer in

Splunk Regular Expression

Hello, Attached here the list of roles we have. But my regular expression is showing results of only RSI -...

by New Member in

Workflow actions ranking order

Hello Experts, We are having list of workflow actions in field menu and event menu which are sorted alphabetically. M...

by Explorer in

match dates between an appencol and inputlookup

I have a search from an input looup and i have appended search results from an index so i can overlay some results bu...

by Communicator in

hosts event log lost behind a splunk forwarder

Hello, We have had a forwarder that has its disk full several times in a weekend, So some hosts were not able to s...

by Explorer in

Double value in field

I am searching windows event log. Aftre result search complete, Account_Domain contains following value "- ABC"...

by Explorer in

Relating data with time

Hi, I would like to view today and yesterday data in the same chart for the required time range. How can that be d...

by Explorer in

Why results are not same when the query is executed for a large time range

I have a query which is using streamstats, eventstats, stats, and transaction (trying to achieve brute force attack l...

by Explorer in

Using a "numeric" type rather than a "string" type is recommended to avoid indexing inefficiencies.

got this error on the search head, Please help us to resolve this .Thanks Search peer xxxxxx has the followin...

by Path Finder in

Need to run the below query for a month

Need to run the below query for a month If i run the below query i will get results for the yesterday AVG count. ...

by Loves-to-Learn in

how to group events based on specific conditions.

Hi, I want to group few events based on the success and failure action for a particular user and dest as below. Ki...

by Explorer in

How Report Any Host That Hasn't Had an Event From Source="/var*" in "X" Minutes

Greetings, I want to report on any Linux system that hasn't had an event in /var* for 30 minutes. I was going to u...

by Path Finder in

extract field from url skipping the ids

i have urls that include numeric ids in the path: /api/clients/11111/interactions/api/clients/22222/interactions/a...

by Engager in

Using untable function and perform the join with two fields

Hello Everyone, I need help with two questions. Please consider below scenario: index=foo source="A" OR source=...

by Engager in

Timechart the daily sum of the last value of a field for each unique value of another field

Hello, I have events in the following format (ordered from oldest to newest  buyer=1 open_cases=3 buyer=1 o...

by Engager in

Query to get top 5 failures

I have events being sent to Splunk which will have the following fields MsgID, Status(Failure/Success) I need to get ...

by Observer in

aws cloudwatch-log-processor isnt sending the correct time

the default value is "item.timestamp", this send splunk the timestamp of the cloudwatch log, and not the eventTime. i...

by New Member in

How to add certain character to a search result (Number)?

I want to reformat any number of my search result to kWh ; as you see in pictures below for example 15 to 15 kWh.

by New Member in

Why is my SPL number of results different when appended?

Hello I have this SPL which returns like 40 000 records when run alone however when it's appended to another SPL whic...

by Explorer in

Extract new fields from the existing field

Hi, I have this log line: May 13 08:01:56 192.168.10.10 system_service: 192.168.10.10 05/13/2020:07:01:56 GMT : G...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to restrict one group to see only 1 log file in Splunk

how to add a new column to existing inputlookup

How to do log analysis using splunk

Extract an value from logged sentence

regex only first occurrance

Get fields associated with the earliest event in a search

Splunk Regular Expression

Workflow actions ranking order

match dates between an appencol and inputlookup

hosts event log lost behind a splunk forwarder

Double value in field

Relating data with time

Why results are not same when the query is executed for a large time range

Using a "numeric" type rather than a "string" type is recommended to avoid indexing inefficiencies.

Need to run the below query for a month

how to group events based on specific conditions.

How Report Any Host That Hasn't Had an Event From Source="/var*" in "X" Minutes

extract field from url skipping the ids

Using untable function and perform the join with two fields

Timechart the daily sum of the last value of a field for each unique value of another field

Query to get top 5 failures

aws cloudwatch-log-processor isnt sending the correct time

How to add certain character to a search result (Number)?

Why is my SPL number of results different when appended?

Extract new fields from the existing field

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

Preparing your Splunk Environment for OpenSSL3

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

How to get alert result through API?

How to check MQ reconnects after a connection is d...

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas