Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Running subsearch to verify results

I'm attempting to remove some elements from a search. After reading some answers, next was born: index=domain_ctrl...

by Path Finder in

Search performance impact & How to find user deploying high impact searches

Hello Splunkers, I have two questions today, concerning user's queries and performance impact. I couldn't find a c...

by Path Finder in

Show last part of a result after a /

A result of a search for a field resourceId is /SUBSCRIPTIONS/9B8874C9-5DC3-46CE-908A-D00EE594A4EC/PROVIDERS/MICRO...

by New Member in

MSFT System Center 2016 and Endpoint Protection Data

Has anyone out there successfully tried to pull this data from SCCM2016 into Splunk?

by Engager in

Why are the search results changing days after running the same search?

We are periodically seeing instances where data that was previously indexed shows up differently. The results I got ...

by New Member in

How to retain statistics and metadata while aging out logs?

Hi everyone, I think the title sums it up, but I'll clarify anyway. So, we would like to pull some information ...

by New Member in

How to drop brackets from field extraction result?

I have some logs that are very inconsistent and need to get a source number that is displayed one of few different wa...

by New Member in

How to condense search outputs?

I would like to condense this search output in order to see all Windows versions as "Windows" and all Mac versions as...

by Engager in

Using IF statement with SUM and passing data to a timechart.

I am interested in quantifying inbound/outbound traffic traversing an IPsec tunnel on a Palo Alto firewall and visual...

by New Member in

How to color lines in a table by clicking a cell?

Hi everybody I want to know how I can color the all the lines in my table by clicking on a cell. I tried this code...

by Contributor in

DELIM not capturing full value

I'm using DELIM to extract colon separated KV pairs separated by a comma. DELIMS = ",", ":" This is somewhat w...

by New Member in

How can i display additional data in Cluster map?

I am developing a map and would like to add certain labels to it, such as percentage or location name. When i hover o...

by Explorer in

How to extract all values after ","

Hello all , Please help me to extract all values from this field : arn:aws:iam::aws:policy/AmazonEC2FullAccess,Am...

by New Member in

[Windows] Blacklisting Event 4656 for system accounts only

Good morning everyone, having a bit of a tough time with this, as my blacklists and whitelists aren't working properl...

by Path Finder in

Transactions events at the same second

I am using the transaction command to identify if a report runs over a certain time. Below is my search: | transac...

by Contributor in

help on basic table

Hello I use the search below : [| inputlookup host.csv | table host] index="x" sourcetype="PerfmonMk:Proce...

by Motivator in

Search top 4 destinations based on usage by IP and put remaining in others for each IP

I am bit new to splunk. I want to search top 4 destinations downloads and total ‘Other’ traffic for each source ip...

by Explorer in

Field extraction is working for one server but not for other by defining stanzas in props.conf.

I added the data into Splunk after changing the configuration in props.conf for breaking the event as per the need an...

by Loves-to-Learn in

Show IP addresses not matching CIDR ranges in lookup table

I have a list of CIDR ranges in a single column with name Prefix in a csv file. I only want to show events with sourc...

by Path Finder in

Prediction algorithm in splunk

Hi , I am trying to predict cpu load for 10 days ahead for that I am using LLP algorithm in my query, so in visual...

by Path Finder in

*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:
SOAR (f.k.a. Phantom) >>
Enterprise Security >>
Splunk Enterprise or Cloud for Security >>
Observability >>

Or Learn More in Our Blog >>

Splunk Search

Discussions

Running subsearch to verify results

Search performance impact & How to find user deploying high impact searches

Show last part of a result after a /

MSFT System Center 2016 and Endpoint Protection Data

Why are the search results changing days after running the same search?

How to retain statistics and metadata while aging out logs?

How to drop brackets from field extraction result?

How to condense search outputs?

Using IF statement with SUM and passing data to a timechart.

How to color lines in a table by clicking a cell?

DELIM not capturing full value

How can i display additional data in Cluster map?

How to extract all values after ","

[Windows] Blacklisting Event 4656 for system accounts only

Transactions events at the same second

help on basic table

Search top 4 destinations based on usage by IP and put remaining in others for each IP

Field extraction is working for one server but not for other by defining stanzas in props.conf.

Show IP addresses not matching CIDR ranges in lookup table

Prediction algorithm in splunk

Is it possible to change the severity/color of the...

Why does statistics from a tstats change while the...

How to write query for Windows Remote Desktop Conn...

Help with Transforming an ingest of timestamped da...

How to generate alarm for when CPU peaks at100% o...