Splunk Search

Discussions

Thread Info

Extract fields from array of data and find best performing currency.

SSP Request: { "disableAMLFlag" = "false"; "orderAttributes" = { "OrderAttributes" = { "requestPostalIndicator" = "X"...

by Contributor in

How to find values that are not in a summary index

Good day, I have sysmon information collected in an index called sysmon. I also have created a summary index "HASh256...

by Path Finder in

How to calculate state based on values from many searches

I'm using a dashboard to display the state of some services. For this purpose, I must takes single values from many s...

by Explorer in

How do we invoke a sub search with parameters from the parent search?

We have a parent search that looks like - index=os_linux * | eval length = len(process) | where length = 7 | s...

by Motivator in

Force python3 on custom commands

Hi all, I´ve a custom command but it requieres python3 for launch properly. Errors on job inspector: 09-17-2019...

by Path Finder in

How to compare output of a search to a lookup file?

Hello, I have a lookup filled with hostnames. I want to compare the hostnames with the host field in the index. ...

by New Member in

How can I set timechart span=2h count for a day to start plotting from midnight?

Hi, Could anyone know how to start plotting from midnight when time range is something like earliest=-1d@d latest=...

by Motivator in

Help creating a search that involves an IF statement and JOIN

There are three different events. Each event has the same fields. The fields I am focusing are "NumberOfRecords" and ...

by Engager in

Help putting a condition match for a search with three possible results to show/hide either both or one of two panels

I'm trying to either hide or show two panels depending on a search result from a different panel which will have 3 op...

by Explorer in

Search not giving correct results (Join,Append,Union)

Hello All, I am working the below search - When I am running these two main which joined using join command are givin...

by Path Finder in

How to speed up my search?

I am trying to show the count of events where any external IP is attempting to connect to port 136-139, 445 from diff...

by Path Finder in

Timechart not displaying for some selections despite having results. It's invisible for some reason, but shows when it edit mode

I have a timechart dependent on a dropdown at the top of the dashboard that selects the customer to show the results ...

by Explorer in

How to get sum of field based on it's value?

Hi, I would be grateful for any help. In my fields we are having two fields which are: data.user_id and data.co...

by Path Finder in

Time difference by grouping identical events

Suppose I have the following events. 2019-09-20 01:40:09 INFO Listener processing event with message key A1:B1...

by Engager in

Field extract and zip them.

(product=X Phone , 512 ГБ, золотой,shipMethodCode=E3,qty=1,deliveryType=STH,partNumber=MRU/A,deliveryDate=4 Окт - 11 ...

by Contributor in

Append the columns of a search onto the results of another search many times [lookup, but for a search]

Search A returns many events for each ID. Search B returns a single event for each ID. My end result is a table w...

by New Member in

Find the date on max value

I have a table below, how can I find the date I have the most income? Thanks. date Income 9/18/2019 20.7651 9/1...

by New Member in

custom generating command 'Command xxx appears to be statically configured for search command protocol version 1'

I am attempting to use custom generating command protocol version 2, but my command seems to be detected as version 1...

by Path Finder in

eval, if, len, substr to produce specific results

So far, I've had success with the following command: eval Port=if(len(Port)>=22,substr(Port,1,len(Port)-2),Port) This...

by New Member in

Account Lockouts Report for Active Directory

Hello, I'm running the following search that gives me accounts that get locked out and targets the specific domain...

by Engager in

How to remove certain values from table column?

I have a extracted a field, which has mutiple values applname = app1, app2 , app3 when i form a table with appl...

by Explorer in

How to extract latest event for unique account numbers?

Hello, I'm trying to extract some fields for the latest event based on unique account numbers. I've tried using la...

by Explorer in

Most recent event per host ( | Head 1)?

So I need to pull only the most recent event from each of 60+ hosts, and put them in a table. I'm thinking something ...

by Path Finder in

Config Documentation Sites Not Opening

When one searches a config on Google, e.g. props.conf, the first result is almost always the page you'd want. However...

by Builder in

Eval Calculate fields with null values

Hello, I am attempting to run the search below which works when all values are present "One, Two, Three, Four" but wh...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Extract fields from array of data and find best performing currency.

How to find values that are not in a summary index

How to calculate state based on values from many searches

How do we invoke a sub search with parameters from the parent search?

Force python3 on custom commands

How to compare output of a search to a lookup file?

How can I set timechart span=2h count for a day to start plotting from midnight?

Help creating a search that involves an IF statement and JOIN

Help putting a condition match for a search with three possible results to show/hide either both or one of two panels

Search not giving correct results (Join,Append,Union)

How to speed up my search?

Timechart not displaying for some selections despite having results. It's invisible for some reason, but shows when it edit mode

How to get sum of field based on it's value?

Time difference by grouping identical events

Field extract and zip them.

Append the columns of a search onto the results of another search many times [lookup, but for a search]

Find the date on max value

custom generating command 'Command xxx appears to be statically configured for search command protocol version 1'

eval, if, len, substr to produce specific results

Account Lockouts Report for Active Directory

How to remove certain values from table column?

How to extract latest event for unique account numbers?

Most recent event per host ( | Head 1)?

Config Documentation Sites Not Opening

Eval Calculate fields with null values

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...