Splunk Search

Discussions

Thread Info

How to get a report on time range windows from _audit logs?

I need to get a report of search windows used in historical search activity. For example, we need to determine how fa...

by New Member in

Last 6 months search using new date field

Hello, I am trying to use another field (LAST_FIXED_DATE) as _time in my log search. LAST_FIXED_DATE got dates fro...

by Path Finder in

weekend and weekday calculations

i have data on daily basis. Date Number day of the week 2019-05-02 52.55 thursday 2019-05-03 327.57 friday 2019-05...

by Path Finder in

regex help

{"device":"abcd","host":"1.2.3.4"} {"device":"efgh [ = ILO = ]","host":"2.3.4.5"} {"device":"qrst - [ab cd ef]","host...

by Communicator in

Splunk use case to manage end-to-end access ticket support

Hello One of our partners got a request from its customer who wishes to manage end-to-end access Ticket support f...

by Splunk Employee in

Search for creating a Rolling Report for Daily Raised and Closed Incident Count

Hi There, I have got a live feed from DBConnect for incidents data in below format: dateRaised, IncID, Location...

by Communicator in

How to calculate difference between two rows of a table if another field on row is same for both?

Hello Everyone, I have a table like this: DVN. Region Name Count 201 SAM Shapes 20010 201 SAM Points 24218 202 SAM Sh...

by Engager in

How to change permissions of lookup files??

I have created my lookup file and currently its set to Private. I want to change its permission so that all other use...

by Explorer in

trying to timechart stats

I am trying splunk unique visitors from my Akamai Logs. Akamai determine a unique visitor by combining client ip ...

by New Member in

How to filter search results to group by one of the fields?

Hello, I have created the following search to show fieldsummary on 4 fields: devicename, ip, platform, and market as ...

by Explorer in

_time and date_hour don't match

Yes, I have already checked my user time zone setting. My TZ setting and all my involved servers, forwarder and Splun...

by Explorer in

How to combine two searches to compare and find values present in one but not other

Hello , I have data from 2 diff source with same fields as shown below : index= sourcetype= source= test.txt devic...

by Path Finder in

cant query data from 2 sources at the same time

My set is up 2 sources imported from csv test1.csv test2.csv now both files have fields with dates in them ...

by New Member in

How to save search query in a file in Splunk Dashboard

Hi , I have a requirement where I want to save the search query after the query has run to a file. Basically i wa...

by Path Finder in

How to calculate Average and Peak day for last 3 months

Hi, Is there a simple query to calculate the average and peak day count for last 3 months? For example let's say 3 mo...

by Explorer in

Transaction on unique field reduces events?

Hello, I don't understand the following behaviour and am looking for a solution. The following example is somewhat si...

by Engager in

Join 2 lookups match fields

Hello, I am looking to join 2 lookups and match the field "AccountName" from lookup1 with user field in lookup 2. ...

by Communicator in

How to get specified events from 2 indices.

SITUATION:- I use indices "A" and "B" to come to answer the same question but for different environments.- Each index...

by Communicator in

List of users who searched data of an index

How to get users(SAML authenticated) list who searched for data under particular index(_internal) in the last 24hrs.

by Loves-to-Learn in

Primary search is suppressing results to secondary search .

Hi Experts, I am trying to find a string pattern "a word" in the primary search from source="123.log" and then fro...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to get a report on time range windows from _audit logs?

Last 6 months search using new date field

weekend and weekday calculations

regex help

Splunk use case to manage end-to-end access ticket support

Search for creating a Rolling Report for Daily Raised and Closed Incident Count

How to calculate difference between two rows of a table if another field on row is same for both?

How to change permissions of lookup files??

trying to timechart stats

How to filter search results to group by one of the fields?

_time and date_hour don't match

How to combine two searches to compare and find values present in one but not other

cant query data from 2 sources at the same time

How to save search query in a file in Splunk Dashboard

How to calculate Average and Peak day for last 3 months

Transaction on unique field reduces events?

Join 2 lookups match fields

How to get specified events from 2 indices.

List of users who searched data of an index

Primary search is suppressing results to secondary search .

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

Streamline Data Ingestion With Deployment Server Essentials

Remediate Threats Faster and Simplify Investigations With Splunk Enterprise Security ...

AD servers with indexing delays when evt_resolve_a...

Using comparison function within mstats

splunk search statement using keyword from input b...

Ex Cisco - run a report for all DFS users who logg...

Splunk query to list all the queries that time out