Splunk Search

Discussions

Thread Info

How can I pass a list of parameters to a custom Generating command to iterate over and generate events?

I have written my own custom generating command in Splunk which connects to our API and fetches threat details of a d...

by Path Finder in

Problem with Geospatial lookup and geom command

Hi All, Posting this question, as I am new to Geospatial lookup and trying to configure it as per Michael Porath's...

by Communicator in

Clarification about appendcols needed

Hello, My alert looks as follows: |inputcsv anomalies_ls5923.txt | where like(ANOMALY_ID, "iA%")| tail 1 |renam...

by Builder in

struggle with RegEx field extraction on a Windows Event log

Hey - I'm taking my first steps on extracting fields with RegEx and can't seem to get this one working .. any help wo...

by Path Finder in

Minutes and seconds formating

I have a field that sends time in Min&sec in the format 3m7s I want it to be in the format 3.07 Tried using the...

by Explorer in

Which events has been searching for

Hi all! Need some help with a serach that showing which events has been searching for, last 90 days.

by Explorer in

Need to populate recent time value at the column left and oldest time towards right using chart command

Hello Experts, We had created splunk dashboard for monitoring automation tests which is triggered at Jenkins. Belo...

by New Member in

merge a string in a list relatively to another string

Hello everyone, I want to add a string in a list which is in a field compared to another string which also is in a...

by Explorer in

Total Results With All Fields Showing

I am trying to build an alert for when the total results for my search is greater than 9. I have it working, except t...

by Explorer in

Lookup not working, it is generating a "NOT ()" query for some reason.

lookup contains 3 columns DeviceId, host, and storeNumber splunk events contain a Properties.DeviceName field that...

by Builder in

correct TIME_FORMAT for time stamp

Hello, I'm having trouble extracting the following timestamp for one source, is there someone here that can recommend...

by Path Finder in

How to extract and create multiple fields for the same log line

If I have the log line: WEB 1.1.1.1/2.2.2.2/3.3.3.3 and I want to use extract fields to map: WEB -> field1 1.1.1.1...

by Explorer in

count eval, error using AND

Hello, I'd like to count events from Windows Logs in my search that include both EventCode="4624" as well as Account_...

by New Member in

Conversion of epoch time in rex extracted field

Hey All, Need some assistance with extracting/converting the epoch timestamps on index buckets from a search that ...

by Builder in

Can stats be in the subject of an alert-generated e-mail?

We have an alert, that checks for a particular condition (Oracle-errors) across multiple indexes: (index=HOP OR in...

by Path Finder in

Error with eval expression using eventstats command in Splunk Datamodel

Hi, I want to create below search using splunk DataModel: index="oqa_pub" sourcetype="idesk_db_inc" |search RESOLV...

by New Member in

Can we run the query for 100 or so hosts?

We have the following that runs nicely for one host - index=<index name> host=<host name> source=<source name> sou...

by Motivator in

How to evaluate multiple fields and replace field output with new string

I have an issue where events are displaying incorrect information for a particular field in my search. Example: ...

by Explorer in

After obtaining the Time difference of two time/date fields, if the time greater than a hr create a alert.

Im pretty new to splunk, so my approach may be incorrect. However, At this time my query is as below: search query...

by Engager in

Cisco CDR: How to remove two columns in report extraction

I need to remove these two columns in the report extraction, I already removed the values in the "search" for these c...

by Explorer in

help with regex needed

Hello, I have the following content in the variable $result.LINE$ in my alert, coming as a DB SQL result: Below...

by Builder in

Command to free disk space

My instance of Splunk currently has 9.4 TB of disk for indexing. We have 360GB per day being indexed and I can't incr...

by Explorer in

Change time zone in log indexing

Hi, I have a log that it has the format below, I need his GMT to be -3h. That is, in the log file the time is (...

by Path Finder in

Regular Expression to extract the below values

Hi, One of my value in table is being passed as an Boolean expression as below (assignment_group = 1213App_Develop...

by Explorer in

Rex field to extract dot net module

Hi i currently have the following line in my search that search for system.net.webclient: |rex max_match=0 "(?<mod...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How can I pass a list of parameters to a custom Generating command to iterate over and generate events?

Problem with Geospatial lookup and geom command

Clarification about appendcols needed

struggle with RegEx field extraction on a Windows Event log

Minutes and seconds formating

Which events has been searching for

Need to populate recent time value at the column left and oldest time towards right using chart command

merge a string in a list relatively to another string

Total Results With All Fields Showing

Lookup not working, it is generating a "NOT ()" query for some reason.

correct TIME_FORMAT for time stamp

How to extract and create multiple fields for the same log line

count eval, error using AND

Conversion of epoch time in rex extracted field

Can stats be in the subject of an alert-generated e-mail?

Error with eval expression using eventstats command in Splunk Datamodel

Can we run the query for 100 or so hosts?

How to evaluate multiple fields and replace field output with new string

After obtaining the Time difference of two time/date fields, if the time greater than a hr create a alert.

Cisco CDR: How to remove two columns in report extraction

help with regex needed

Command to free disk space

Change time zone in log indexing

Regular Expression to extract the below values

Rex field to extract dot net module

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Transform your security operations with Splunk Enterprise Security

Splunk Admins and App Developers | Earn a $35 gift card!

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6