Splunk Search

Ask a Question

Discussions

Thread Info

SPL Help for below scenerio

search 1...|table src_ip search 2: tag=authentication user!=*$ src_ip=xx.xx.xx.xx | head 1 | table user src_ip fr...

by Explorer in

Convert Number of days into years

Hello Everyone!! I have a sample data as below Analyst Span A 1049d 00h 00m B 430d 01h 00m C 225d 05h 00m I wou...

by Engager in

What would you say is a normal amount of threads for a a Splunk Universal forwarder to have?

All, Member of our management team is concerned about a Splunk Forwarder with a number of processes and threads. ...

by Builder in

Allowing More Fields to be Shown in a Search

Quick background: I'm looking for SSO logins by users that have authenticated via NTLM. Issue: I copied a snippe...

by Communicator in

Duplicates events in search

Hi all, I am finding duplicate events during search operation. I am bit confused on where the issue is lies and ho...

by Explorer in

Calculate the average of some field per some time period per some other field(s)

Query index::dlp | bucket _time span=1d | stats count(EVENT_DESCRIPTION) AS "Count" BY _time,User_Name,...

by Path Finder in

drop null value

I have below query index=f5 partition="/Common/-" | rex "Username\s+'(? (.*))'" | eval Username=coalesce(User...

by Path Finder in

Change maxresulttows for outputlookup?

When running an inline search the results limit is high as we have in limits.conf the following. [searchresults] m...

by Ultra Champion in

Help with RegEx - Select only XML nodes that contain values

Hello Everyone, I'm trying to put together a regex statement that will allow me to select only the XML nodes that ...

by Explorer in

Add a column with count stats in addition to an existing column with avarage stats

I have a json file with some information regarding soa requests. Basically info such as callee, caller, start and end...

by Explorer in

how to set null value ?

If the field value is null, the value is null, and if it is not controlled, it is still the original value I want ...

by Path Finder in

Same report but different lookup file

Hi all, is there a way to pass to a report the filename of a csv as variable, to use it as lookup file ? Example: ...

by Path Finder in

How to filter number from text with regular expression

Hi, I have two types of messages, I would like to receive the numbers from these logs : 2020-03-16 15:12:15,30...

by Explorer in

Matching data across columns

Hi, I'm trying to work out how I can display values from a column based on a unique number appearing in another colum...

by New Member in

How to convert date differences to seconds

Hi all, I have a lookup like this. caseid date a 19-01-01 15:54:43.934000000 b 19...

by Path Finder in

Search NOT Inputlookup match on 2 columns

In a normal search I can do the following: index=foo sourcetype=csv field1!="blah" AND field2!="hah" How would ...

by Contributor in

Detect abnormal failure event based on machine learning?

Hello, I'd like to build a search that will trigger a spike on my authentication agent failure events but I do not...

by Path Finder in

Get windows Local login logs using WMI

Dear , I have cluster setup and we need to collect local logging logs from work station using WMI without install UF...

by Explorer in

I am running an import script for an interval of 5 mins to collect data from all sourcetypes and put it into a summary index.

I have a situation where in the span of 10 mins there could be a possibility that we didn't get any data from one of ...

by Engager in

command map not working

Hi everyone Someone who has used the map command who can help me, I am trying to bind the username of the 12 hours be...

by Contributor in

Count Dashboard for each ip based on traffic count

Hi All, I am trying to build the query to get the website hits for each IP, there are 16 servers ip and wanted to ...

by New Member in

geostats name and status plot

Hi every one. I want to show device names and their status (connected / disconnected) on the map. The color of point...

by New Member in

Back-computation using table contents

I have categories.csv that contains list of sub-categories in each category Category,Sub_category Biology,Botany B...

by Explorer in

Use the output of search A to refine results in search B

I have 2 searches. Search A produces a table output of "UserIP" Search B produces a table output of "FailedDes...

by New Member in

Run Splunk query through excel

I am new to Splunk and still learning.. I have more than 100 queries to run when asked during a daily activity and...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

SPL Help for below scenerio

Convert Number of days into years

What would you say is a normal amount of threads for a a Splunk Universal forwarder to have?

Allowing More Fields to be Shown in a Search

Duplicates events in search

Calculate the average of some field per some time period per some other field(s)

drop null value

Change maxresulttows for outputlookup?

Help with RegEx - Select only XML nodes that contain values

Add a column with count stats in addition to an existing column with avarage stats

how to set null value ?

Same report but different lookup file

How to filter number from text with regular expression

Matching data across columns

How to convert date differences to seconds

Search NOT Inputlookup match on 2 columns

Detect abnormal failure event based on machine learning?

Get windows Local login logs using WMI

I am running an import script for an interval of 5 mins to collect data from all sourcetypes and put it into a summary index.

command map not working

Count Dashboard for each ip based on traffic count

geostats name and status plot

Back-computation using table contents

Use the output of search A to refine results in search B

Run Splunk query through excel

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

Splunk Community Badges!

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

Search for triggered save searches and their actio...

Splunk Search

Are you a member of the Splunk Community?

Discussions