Splunk Search

Discussions

Thread Info

Dynamic trim of field at both start and end

Hi, i have a field that i need to trim. The field can have a number of different strings, for which i want to trim ev...

by Path Finder in

How to produce a table visualization that spans time?

The following SPL returns data for all returns for a day. How can I just return the maximum return for the day? Ex...

by Loves-to-Learn Lots in

Total Account lockouts > 2 within 30mins

Hi There, I am trying to find where total account lockouts that are greater than 2 within the time frame of 30 min...

by New Member in

regex in lookup file

I want to match a reg ex pattern (e.g. "aaa\s+:\d\d") from a lookup file. pattern,output_value "aaa\s+:\d\d:", 2 "...

by Path Finder in

Splunk Query Help- Summary index - Compare all data of - solutionType=*

Hi Team, I am using the below command to get the last 4 weeks of data solutionType=EML. index=sample1 "com.URL...

by Explorer in

How to search only sourcetypes that began ingestion in last 7 days

Hi, I'm very much a Splunk novice, but I've been playing around with trying to do some health checks for Splunk so...

by Path Finder in

Same query run multiple times returns different results

I got a different result count when I executed this query a week before, and when I executed it today. The first time...

by Path Finder in

Field extraction

gauge="ProcessorResponse.Country[US]Processor[ApgProcessor]PaymentType[VISA] DECLINE" is one of the field. I am tryin...

by Contributor in

pattern based indexing is not working for some events

I am using pattern base indexing like below that is if i have splunk_send and app host in event i m trying to discard...

by Explorer in

How to create radial gauges for each channel from this query ?

Hi, I know that we can create radial gauges using aggregate values but I've selected the radial gauge visualizatio...

by Engager in

Inconsistent number of results

I have a search that generates different number of results and I can't figure out why.. Here's my search: sour...

by Communicator in

How to pick latest updated file from today

I have a file, which will be updated multiple times in a single day and the it will be indexed into splunk multiples ...

by New Member in

Why is the same search returning different results each time it is run?

I use Splunk to calculate user's Internet hits. There are about 710 thousands entries. I searched several times, but ...

by Explorer in

subnet information

I have subnet lookup in cidr notation. so i am trying to print subnet detail with dest ip but not getting result. ...

by Explorer in

looping through all rows of lookup file and match

Hi, I have a lookup file with following structure. pattern,output_value "aaa\s+:\d\d:", 2 "aaa\s+:\d:", 1 ...

by Path Finder in

Extracting field data from alert to be emailed

I have an alert configured to automatically send an email upon a user account locking. I'm looking for the email to o...

by New Member in

How to get results only if search field contains a word in the lookup table

If I have a search result which has a field named "Field1" and It has values like : This is Word1 now. This is Word2 ...

by Explorer in

Lookup table for lot of fields

My event log has comma separated field values of 100+ fields. Each field can have about 2-15 different values. Exampl...

by New Member in

Why is newly configured ingestion not showing older logs?

My search is that I have to log in the client machine, which needs to be ingested into Splunk Cloud- so I have deploy...

by Path Finder in

splunk tags.conf disable stanza

We need to override a tags & eventtypes from one of the official TA (eg eventtype=ssh_authentication). eventtypes...

by Super Champion in

Extract multiple values from a single field into multiple unique fields

Hello, Is there a way to split out the unique values of a field into separate fields that are returned after a sea...

by New Member in

Search for a value in a set of results, then indicate in a new field if the value was found

I have a somewhat complicated search whose results I present in a dashboard, and looks a bit like this: [ sear...

by Engager in

New field created through field transformation not appearing in search results

I have created a field called PROCESS via Fields » Field transformations I could not see in the field appe...

by New Member in

If len() then A else B

Hi All, I'm looking to include a If Else Check along with Len() Function along with Eval in my Search. My Raw s...

by Explorer in

How do I block GUI messages about missing indexes?

Since 7.3 the missing indexes message below goes to all my users causing many panicked questions about Splunk being d...

by Influencer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Dynamic trim of field at both start and end

How to produce a table visualization that spans time?

Total Account lockouts > 2 within 30mins

regex in lookup file

Splunk Query Help- Summary index - Compare all data of - solutionType=*

How to search only sourcetypes that began ingestion in last 7 days

Same query run multiple times returns different results

Field extraction

pattern based indexing is not working for some events

How to create radial gauges for each channel from this query ?

Inconsistent number of results

How to pick latest updated file from today

Why is the same search returning different results each time it is run?

subnet information

looping through all rows of lookup file and match

Extracting field data from alert to be emailed

How to get results only if search field contains a word in the lookup table

Lookup table for lot of fields

Why is newly configured ingestion not showing older logs?

splunk tags.conf disable stanza

Extract multiple values from a single field into multiple unique fields

Search for a value in a set of results, then indicate in a new field if the value was found

New field created through field transformation not appearing in search results

If len() then A else B

How do I block GUI messages about missing indexes?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Using Time Range with Bin

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...