Splunk Search

Discussions

Thread Info

What are the best practice searches for application lifecycle & release analytics?

I'd like to implement some basic searches for application lifecycle and release analytics without getting caught up i...

by Splunk Employee in

Difference between two string date fields

Hi, i searched but i don't found any solution. I wont the difference between two fields that are date in string forma...

by Engager in

Limit search to top 10 by specific fields

Hi everyone We're using Splunk in a SIEM environment and I have a search that returns all the bad event signatures...

by Path Finder in

How to pass key & value array into macro?

Just checking if there is a smart way of passing "key" and "value" (ideally key-value array) into a macro Ideally ...

by Super Champion in

Input Lookup: How can I Edit a Lookup Field with 'eval' command or 'RegEx' to narrow down my search results?

Apologies if the title of the question is a bit vague! I have search that is creating a table based on events that...

by Path Finder in

How to include dropdown tokens with pivots in dashboards

How do I include dropdown tokens with pivots in my dashboards? ich have pivot. query |bla Club.......a nd a dropdown...

by New Member in

Can we add new indexer through UI and what happens to the data when indexers are removed

1.What are the steps to add new indexer through the WEB UI? . what are steps to be taken to remove indexers from c...

by Builder in

If an IP is put into a table, how would I get the username from a seperate log?

Hi, I know my question is a little bland, so I'll elaborate here: If I have a user with IP 10.7.102.36 going to ww...

by New Member in

Kvstore lookup file location on the server

Hi Guys, I have created a kvstore lookup file with collection name as kvstore_collection and corresponding lookup ...

by Path Finder in

Example of how to measure SSL transactions per second?

Does anyone have examples of how to use Splunk to measure SSL transactions per second?

by Splunk Employee in

Example of how to measure network traffic round trip time?

Does anyone have examples of how to use Splunk to measure network traffic round trip time?

by Splunk Employee in

Example of how to measure database query response time?

Does anyone have examples of how to use Splunk to measure database query response time?

by Splunk Employee in

How to add addcoltotals functionality to show average instead of the total?

I have a table of technologies (WindowsOS, LinuxOS, OracleDB, JBossWeb, etc) and associated security compliance ratin...

by New Member in

regex to remove first occuring numeric values with coma

I want to remove the numeric value and comma which is occurring on the first line beginning 1,Woolworths appoints ...

by Builder in

No cookie support detected. Check your browser configuration.

Does anyone have any insight into this issue? We are very new to Splunk and running IE9, in non-compatibility mode, a...

by Engager in

How to extract these fields?

Hi, let's say we have events with _raw data like this: <XY>aaa,bbbb,priority,high<XY>aaa,bbb,login,failed<XY>aa...

by Motivator in

Select data from the most recent file logged this month over multiple hosts

I have a clustered application running in active/passive configuration. We run a report at the beginning of every mon...

by Explorer in

How to group by in nested JSON?

Hi all, i have a json file like this. { "JOB_NUM" : "1", "JOB_TIME" : "1/1/2020", "JOB_STATUS" : "PASS", "JOB_...

by Communicator in

search to show me all my splunk enterprise devices

Hi Is there a search in splunk which I can run from search head which will show me all splunk enterprise devices?

by Path Finder in

predict future_timespan value as a calculated variable

Hi, I am trying to use the predict function to predict hourly values through to the end of the current day. To do thi...

by Path Finder in

How to find difference between events for a transaction?

Hello Everyone, I want to find duration between the events in a transaction. Let's say I have 100 events In a transac...

by Explorer in

Custom expand table row visulization

Hi Team, I have a simple table that I want to show in a dashboard - user search history. Columns "_time" and "sear...

by Contributor in

Alternate to dedup

Hi, I need to remove duplicates in my results, is there anyway to do this other than using dedup. I used stats, e...

by Path Finder in

How to get fieldsummary on the xml values of request body

Hello, I have XML data as values of requestbody field in Splunk search below, need field summary on the break down of...

by Explorer in

Create key value pair from a key and value column

I am not sure why I can't figure this out, been all over and each untable or makemv solution fails for this simple ch...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

What are the best practice searches for application lifecycle & release analytics?

Difference between two string date fields

Limit search to top 10 by specific fields

How to pass key & value array into macro?

Input Lookup: How can I Edit a Lookup Field with 'eval' command or 'RegEx' to narrow down my search results?

How to include dropdown tokens with pivots in dashboards

Can we add new indexer through UI and what happens to the data when indexers are removed

If an IP is put into a table, how would I get the username from a seperate log?

Kvstore lookup file location on the server

Example of how to measure SSL transactions per second?

Example of how to measure network traffic round trip time?

Example of how to measure database query response time?

How to add addcoltotals functionality to show average instead of the total?

regex to remove first occuring numeric values with coma

No cookie support detected. Check your browser configuration.

How to extract these fields?

Select data from the most recent file logged this month over multiple hosts

How to group by in nested JSON?

search to show me all my splunk enterprise devices

predict future_timespan value as a calculated variable

How to find difference between events for a transaction?

Custom expand table row visulization

Alternate to dedup

How to get fieldsummary on the xml values of request body

Create key value pair from a key and value column

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Session Key Authentication fails sometimes

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown