Splunk Search

Discussions

Thread Info

Why only one condition works for where clause in a tstats search

Hi Splunkers, when I set 2 conditions for the same field to where stanza - I get 0 results. Example: | tstats sum...

by Contributor in

How to create a search to alert me when a user is part of one or more groups in a specific OU?

I'm having trouble writing a query in splunk to notify me when a user has been added to one or more groups in a speci...

by New Member in

How do I subtract values from different events and fields based on a common field?

Please help, I'm stuck on this problem for a while. Basically, lets say I have different events with fields like this...

by New Member in

Sorting Question for joins

I have been trying to sort this and I can not seem to be able to get it. index=uberagent* sourcetype=uberAgent:Sy...

by Explorer in

how to exclude sending logs to heavy forwarder which ends with a specific string using transforms.conf in cluster master?

The following are my transforms.conf and props.conf in my cluster master transforms.conf [send_to_heavyforwar...

by Builder in

After configuring LDAP authentication with AD groups. Few users are unable to login although they belong to same AD group.

We have newly setup the Splunk Environment in AWS platform where we have used LDAP authentication method and created ...

by New Member in

Can you help me extract the following field using regular expression?

I want to extract the Autosys_Job from the below log snippet and so used the below rex. Log Snippet : Query : ...

by Explorer in

Is it possible to define multiple evals as default for each search?

Hi, I would like to know whether it is possible to perform something like this per default for each and every sear...

by Motivator in

Rounding off percentage values in pie chart not working?

I displayed the percentage values by enabling this: <option name="charting.chart.showPercent">1</option> And...

by Engager in

Calculate average on two different times

I want to get a 7 day and 30 day average in a single search. sourcetype="businessService" OR sourcetype="bpmservice-...

by Contributor in

Use strftime eval in same query

I am trying to create a search that evaluates today's date and uses that output string/field as part of the search: ...

by Path Finder in

Understanding map command

I am banging my head trying to understand the map command and how it works. I have one search that returns values: ...

by Observer in

How to compare fields from csv and search, then add the result as a new column

Hello, I'm having a little trouble solving this one. I managed to extract all hosts in Splunk in a table with even...

by Path Finder in

Multiple Join/outer within same search

Hi I have a very wierd requirement to transform the result of my search **EMPLOYEE, BOSS** ERIC, CHRIS CHRIS, M...

by Engager in

How do I get max for all events to use in timechart 1h span?

(this may be a duplicate, as I wrote a version of this question before registering and can't find it) I have a sit...

by New Member in

Breaking of one field values into 2-3 different fields

Hi, I have a field called Location and It have data like Call Type, Site, Wing and Room all in just one field call...

by Explorer in

How to concatenate the two search results in single email report.

We have two different scheduled search and it is providing the two different result. I would like send the both of th...

by Communicator in

Regex generation

I have the below set of events where I wanted to write regex to capture only the last word Kindly help

by Explorer in

Time conversion from milliseconds to break down to days hours minutes seconds

I have been working on a search that gives a duration breakdown. I am trying to achieve: thehost theip ...

by Engager in

disable drill down on statistics table for last row

I have a table as shown below team open>3 days open>4 days Avg_days_task_open A 2 4 4 B 4 6 4 Total 6 10 As you...

by New Member in

How to append column total to column name?

I have data something like this Name. Accepted Rejected Posted Total Change 3 5 7 15 NOC 5 6 5 16 8 11 12 21 ...

by Contributor in

I want to include field values which have the latest timestamp value for a particular field

events are like this : number = INCXXXXXX dv_sys = yyyy-mm-dd hh:mm:ss group = lx ........ for a particular value of ...

by New Member in

CLI Search Command: Why does search that includes a field name fail?

This cli search command works from a machine with a universal forwarder: splunk search "index="foo" earliest=-7d |...

by Path Finder in

How do I find a pattern in a field that contains 10 digit numbers that increase by 1?

I have a field called data. Example of what is in the data field. 1234567890 9999999999 7638278823 1234567891 8475627...

by New Member in

append and transaction

I have a pretty complex search where I'm trying to get the DHCP and ACS authentication logs correlated by MAC address...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why only one condition works for where clause in a tstats search

How to create a search to alert me when a user is part of one or more groups in a specific OU?

How do I subtract values from different events and fields based on a common field?

Sorting Question for joins

how to exclude sending logs to heavy forwarder which ends with a specific string using transforms.conf in cluster master?

After configuring LDAP authentication with AD groups. Few users are unable to login although they belong to same AD group.

Can you help me extract the following field using regular expression?

Is it possible to define multiple evals as default for each search?

Rounding off percentage values in pie chart not working?

Calculate average on two different times

Use strftime eval in same query

Understanding map command

How to compare fields from csv and search, then add the result as a new column

Multiple Join/outer within same search

How do I get max for all events to use in timechart 1h span?

Breaking of one field values into 2-3 different fields

How to concatenate the two search results in single email report.

Regex generation

Time conversion from milliseconds to break down to days hours minutes seconds

disable drill down on statistics table for last row

How to append column total to column name?

I want to include field values which have the latest timestamp value for a particular field

CLI Search Command: Why does search that includes a field name fail?

How do I find a pattern in a field that contains 10 digit numbers that increase by 1?

append and transaction

Preparing your Splunk Environment for OpenSSL3

Deprecation of Splunk Observability Kubernetes “Classic Navigator” UI starting ...

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

Using Machine Learning Toolkit to detect auth abus...

How to check MQ reconnects after a connection is d...

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas