Splunk Search

Discussions

Thread Info

How to extract the prefixed words from logs

Hi All, I require help in extracting the words that appear right before the word. Example: Null.set.error Nullerror S...

by Explorer in

Modify subsearch time starting with timerange picker token

I have a situation where I want to run a main search of one index over a time period driven by the time picker on a d...

by Path Finder in

Is it possible to download two tables into a single Excel file rather than appending to the right?

I have got two different tables in my Splunk dashboard and both came from different searches. Is it possible to d...

by New Member in

ports listen

Can anyone tell me which ports should listen on Splunk server and on the Target server (Client)? From where to whe...

by New Member in

Searching 60 minutes prior to a time failing

I'm trying to do the following query index=main earliest=-60m latest="12/4/2019:12:31:41" So 60 minutes before a spec...

by Path Finder in

transaction event not updated in 20mins

Hi, I have a transaction ,begin and complete like below with session id. Want to generate an alert if the event not u...

by Engager in

[Resolved]Splunk eval - Error in 'eval' command: The expression is malformed.

Hi team, I got error 'Error in 'eval' command: The expression is malformed. ' when running below query. Guess it's...

by Path Finder in

Searching nested JSON to create audit dashboard

I have some test JSON data that I am having trouble searching for. I need to create some Audit dashboards around thi...

by Path Finder in

Search in fast vs smart modes does not return same number of events

We ran into a problem where a search in smart mode returns 6 events, while the same search in fast mode returns 2 eve...

by Contributor in

How is my `set diff` returning any difference if I'm using the same macro as both subsearches?

I'm building a dashboard where a user selects a dropdown item that has the value of a search macro name and then a si...

by Path Finder in

Join two lines in the same search

Hi all, I'm currently monitoring log files. I have exctrated 2 fields end_collection_timestamp & starting_collec...

by Path Finder in

How to join a lookup value for comparison?

The query below works, but i need to add a lookup value 'interval' to compare against the 'hours since last seen' val...

by Path Finder in

Requesting Assistance Writing a Search Request

I am writing a search which I intend to use to create an alert from. I keep getting "No Results" from this search unl...

by Path Finder in

Getting full result in join/append

I have a index, where i store values of items and their count (pulled from SQL DB). I run a search to return me items...

by Explorer in

External Python Lookup not working with Splunk 8.0 with Python 3

Hi, I have setup Splunk v8.0 in a separate VM and configured it to run strictly Python 3. Both my environments (S...

by Engager in

Splunk searching nested json

Hello I use automatic translation because I am not good at English. sorry. I took NVD 's CVE list (Json Feed) into...

by Explorer in

Multistep transaction using stats

Hi, I have following stats table key EventCode timestamp 5q9ptD2QRZGkIrv1hPD3Mg customerCreditTransferInitiationComp...

by New Member in

Can I count lines in table cell?

Hi, I have a search to show the number of times an IP address was trying to reach some Customer IDs. How can I c...

by Path Finder in

count of a field, and then sort by day

Im looking to count by a field and that works with first part of syntex , then sort it by date. both work independant...

by Engager in

How to merge two different queries with the same columns together?

Hi, I have different queries: Query 1: |inputlookup myLokkup | eval count=0 | table myField, count For Example...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to extract the prefixed words from logs

Modify subsearch time starting with timerange picker token

Is it possible to download two tables into a single Excel file rather than appending to the right?

ports listen

Searching 60 minutes prior to a time failing

transaction event not updated in 20mins

[Resolved]Splunk eval - Error in 'eval' command: The expression is malformed.

Searching nested JSON to create audit dashboard

Search in fast vs smart modes does not return same number of events

How is my `set diff` returning any difference if I'm using the same macro as both subsearches?

Join two lines in the same search

How to join a lookup value for comparison?

Requesting Assistance Writing a Search Request

Getting full result in join/append

External Python Lookup not working with Splunk 8.0 with Python 3

Splunk searching nested json

Multistep transaction using stats

Can I count lines in table cell?

count of a field, and then sort by day

How to merge two different queries with the same columns together?

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

There's No Place Like Chrome and the Splunk Platform

Customer Experience | Join the Customer Advisory Board!

what is the use of below query?

splunk search statement using keyword from input b...

Ex Cisco - run a report for all DFS users who logg...

Splunk query to list all the queries that time out

How to perform time series analysis and anomaly de...