Splunk Search

Thread Info

How to trigger alert only when the result is changed?

I want to trigger an alert only when the results are changed. The frequency of my alert is 15 mins, So the next Alert...

by Loves-to-Learn in

help on where command which is malformed

hi I have an issue in the where command below (The expression is malformed) What is the problem please?? | eval...

by Motivator in

Show a message even when no events are returned using Sttats with by clause

Hi All, I have situation where I want to show a message instead of empty cell. I am using below query to get so...

by New Member in

Calculate the difference between two time fields within a single event

I have two time fields in a single event that I need to calculate the difference between and then display said differ...

by Engager in

How do I get a distinct value count from two fields?

I have two different fields (DB_INSTANCE_NAME & INSTANCE_NAME ) in two source types. These fields contain a similar v...

by Communicator in

How to achieve distinct count across multiple fields?

How to get a distinct count across two different fields. I have webserver request logs containing browser family and ...

by Engager in

How to translate SID to Username via the Lookup Table?

I have a lookup file which contains various fields, including the username and corresponding SID (pulled from AD). ...

by Communicator in

How to regex up to a specific word?

How can I create a regex query up to a Specific word? For example, the specific word below is "Index". Example data: ...

by Path Finder in

Case Statement Issue

I'm Having issues with my case statement. index=sti_123 source=rss_servers active = "1" status = "Being Commission...

by New Member in

SPL: Searching the Network Traffic for anything that is not (!=) United States

Hello fellow Splunkers ( : Does anyone have some SPL laying around that shows network traffic that is NOT United ...

by Communicator in

Grouping similar results (URL)

I am trying to pull list of different URLs from a splunk query. The data is like below. Sample data: 1. Need to g...

by Engager in

Unable to resolve host

I am trying to send logcat logs to Splunk mint. I added this code Mint.initAndStartSession(this.getApplication(), "5...

by New Member in

Table not sorted by time even after specifying the sort, what am I missing?

I have a search results I want to show in a table. I noticed that the events were not sorted by time so I added the s...

by Path Finder in

How to fetch top 5 rows based on a value in table

index= aab sourcetype=topconnections earliest=-10m latest=-5m | table SESSION_AUTH_ID , CONNECTION_COUNT | addcoltota...

by Explorer in

Splunk Stream Case Insensitive Extraction

Doing an extraction in Splunk Stream and get an error when trying to use (?i) in my regex: (?i)x-forwarded-for([:\...

by Communicator in

Compare data between 2 indexes

Hi i am using below query to get the results for Ip index=shinken sourcetype=shinken_alarms Level=HARD Status!=UP ...

by Communicator in

len(-5d@d)

I am trying to solve a query and I came across a time modifier with len() function. I did not understand the behavior...

by New Member in

Updating eventgen.conf requires a Splunk restart

Hi, I am playing around with SA-Eventgen to generate data in a Dev environment but I find if I make a change to th...

by Loves-to-Learn in

Pass value to subsearch with inputlookup

Hi, perhaps it is the wrong approach, but i try to use an inputlookup within a search and pass a value to this sub...

by Path Finder in

Find Difference between multiple events

TransID AppName timestamp Messagge 1 App1 2019-12-16 18:18:43.731 +0000 Message…… 1 App1 2019-12-16 18:18:43.732 +000...

by New Member in

Lookups and Wildcard Entries

I'm currently setting up an alert using a CSV lookup file with wildcard entries. I followed the instructions provided...

by New Member in

indexのrententionの仕様について。,indexのRetention (days)の仕様について。

DBConectデータを取り込んだところ、 indexのrententionは一日（a day ago）にもかかわらず、 ５日分保持されております。 splunk cloudではrentention以上の期間を保持するものでしょうか。...

by New Member in

Predefined Group

What is the best way to define a "group" of ip subnets called server_subnet then use that in searches. I have abou...

by Contributor in

Is there a way to search and list all attributes from a data model?

Is there a way to search and list all attributes from a data model in a search? For example if my data model consists...

by Contributor in

Specified driver could not be loaded due to system error 126: The specified module could not be found. (Splunk ODBC Driver, C:\Program Files\Splunk ODBC Driver\lib\SplunkDSII.dll).

Hi, I am trying to connect to Splunk from tableau and getting the attached error. All the drivers are present in the ...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

How to trigger alert only when the result is changed?

help on where command which is malformed

Show a message even when no events are returned using Sttats with by clause

Calculate the difference between two time fields within a single event

How do I get a distinct value count from two fields?

How to achieve distinct count across multiple fields?

How to translate SID to Username via the Lookup Table?

How to regex up to a specific word?

Case Statement Issue

SPL: Searching the Network Traffic for anything that is not (!=) United States

Grouping similar results (URL)

Unable to resolve host

Table not sorted by time even after specifying the sort, what am I missing?

How to fetch top 5 rows based on a value in table

Splunk Stream Case Insensitive Extraction

Compare data between 2 indexes

len(-5d@d)

Updating eventgen.conf requires a Splunk restart

Pass value to subsearch with inputlookup

Find Difference between multiple events

Lookups and Wildcard Entries

indexのrententionの仕様について。,indexのRetention (days)の仕様について。

Predefined Group

Is there a way to search and list all attributes from a data model?

Specified driver could not be loaded due to system error 126: The specified module could not be found. (Splunk ODBC Driver, C:\Program Files\Splunk ODBC Driver\lib\SplunkDSII.dll).

What's New in Splunk Cloud Platform 9.3.2411?

Buttercup Games: Further Dashboarding Techniques (Part 6)

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...