Splunk Search

Community Activity

Capture Connected Devices Does anyone have any SPL that looks at ALL connected network devices? For example, John Doe decides he wants to conn... by itsmevic Communicator in Splunk Search 02-04-2020 0 0	0	0
tstats and a lookup I hope I explain this well. I have the following tstats search: \| tstats max(_time) AS _time WHERE index=_internal s... by chirsf Explorer in Splunk Search 02-04-2020 0 2	0	2
Duration between events - Max gap (not the start and end points) hi all . I am trying to create a map where I can look at users max duration between logins who register with us betw... by stephenreece New Member in Splunk Search 02-04-2020 0 3	0	3
How to display what values are missing in my lookup table comparing to actual data? How to display what values are missing in my lookup table comparing to actual data? Table.csv SERVER_A,DATA_A SERVER... by yuvarajvelu New Member in Splunk Search 02-04-2020 0 4	0	4
where is the custom command documentation? Lots of custom commands come with Splunk. 31 in the search app alone. I often see all of those commands and wonder... by MonkeyK Builder in Splunk Search 02-04-2020 0 6	0	6
replace function itself is not working when i did a splunk search query I have a use case where i need to pass the previously performed search query to replace the part of message with empt... by d942725 New Member in Splunk Search 02-04-2020 0 11	0	11
Pass subsearch field to parent search I am trying to pass number from subsearch to main search and find before or after 10 values of number. So if number ... by satya2p Path Finder in Splunk Search 02-04-2020 0 2	0	2
Why does my python custom reporting command work only if I use a stats command in the pipeline before? I'm trying to write a new custom search command, more specifically a reporting command. I'm using the Python SDK 1.6.... by grundsch Communicator in Splunk Search 02-04-2020 1 14	1	14
help with counting search events / output needed Hello, I need a help with counting the search results. I cannot use the following: \| stats count as Total because... by damucka Builder in Splunk Search 02-04-2020 0 2	0	2
How do I send syslog data to nullQueue from a single source IP but multiple destination IPs? I am receiving Syslog data from the firewall and I would like to send a subset of it to the nullQueue. The issue I am... by scottrunyon Contributor in Splunk Search 02-04-2020 0 3	0	3
How to dynamically append the content of multiple lookup files? Hello there, I am trying to dynamically append the content of multiple lookup files but I am not sure it is possible... by D2SI Communicator in Splunk Search 02-04-2020 0 5	0	5
Search exact string from inputlookup sub-search Hi, I am trying to list all the events where a user has fired a DNS request to a specific domain mentioned in a look... by qbolbk59 Path Finder in Splunk Search 02-04-2020 0 6	0	6
How Do I Obtain the Valid Part of DNS Logs? Dear All, I'm trying to retrieve and parse windows dns log, the sample looks like this: 1/23/2020 11:59:42 PM 0B50... by dickens8866 New Member in Splunk Search 02-04-2020 0 1	0	1
compare todays time duration with 30 days time duration.If if exceeds threshold(1.230days avg)send email alert,compare current Job duration with last 30 days average.If its exceeds threshold(1.230 days avg) send an email alert PROBLEM DESCRIPTION:compare todays time duration with 30 days time duration.If if exceeds threshold(1.2*30days avg)se... by thomaap New Member in Splunk Search 02-03-2020 0 1	0	1
How to "group by" in JSON Hi all I have a json file like this, { "NUM" : "#1", "TIME" : "1/27/2020 12:49:13", "STATUS" : "PASS", "DURATIO... by anooshac Communicator in Splunk Search 02-03-2020 0 12	0	12
How to get data into a KV store in Splunk Cloud from an external source Splunk Cloud We have lookup data that needs to be accessed from Splunk Cloud. This data can either come from an ext... by bowesmana SplunkTrust in Splunk Search 02-03-2020 0 0	0	0
alert lookup file with alert trigger condition tokens Hi Experts, I want to store alert search result and the following token in Lookup file app = $app$ description = $... by arun_kant_sharm Path Finder in Splunk Search 02-03-2020 0 1	0	1
Changing a SSO IDP failed to authenticate page to custom message I am using SSO and I want to be able to edit the error message you get when SSO authenticates, but the user account y... by bolaojewale Explorer in Splunk Search 02-03-2020 0 0	0	0
What is an easy way to determine what searches are filling up the dispatch directory? I'm seeing lots of dispatch directory threshold errors. Is there an easy way to see what searches or reports are dri... by sail4lot Path Finder in Splunk Search 02-03-2020 1 3	1	3
Stats count & chart over combo? I'ma beginner with Splunk hoping someone can help me with my syntax around the following query. I have queries with ... by hollybross1219 Path Finder in Splunk Search 02-03-2020 0 2	0	2
How to find out the top 30 applications by bandwidth Hi. I'm new to splunk and trying to code a search for top 30 applications by bandwidth. So far I have the following c... by annageorgiou New Member in Splunk Search 02-03-2020 0 5	0	5
How to join metric data I have several types of metric data going into a metric index. One has 'username' and 'DimA' as dimensions, and 'Valu... by drezanka Explorer in Splunk Search 02-03-2020 0 1	0	1
Efficiency of REGEX = . vs REGEX = .* vs REGEX = (.*) Which of the following (in terms of the REGEX) is the most efficient? I've seen examples of all of them. And is th... by chris_barrett SplunkTrust in Splunk Search 02-03-2020 0 4	0	4
Proofpoint Campaign Data Ingestion I need to ingest Proofpoint Campaign data and it seems that there is no canned TA/App for this. What have other done ... by brent_weaver Builder in Splunk Search 02-03-2020 0 0	0	0
How to format SPL Search Query as code ?? HI All i am creating a dashboard in SPLUNK .. i am trying capture the API counts and response time . here is a sampl... by venkat0896 Path Finder in Splunk Search 02-03-2020 0 10	0	10