Splunk Search

Discussions

Thread Info

Can you help me show the status duration, timechart with stack bars in 30min spans?

This could get a little tedious but here goes: I have call centre data that is giving me the users' statuses, whet...

by Explorer in

Modify search string from input field to search IP addr db

I'm trying to create a dashboard that lets a user input an IP address and then search through the IP address database...

by Explorer in

How do I replace text within a field with text from another field?

I have events that contain multiple fields. For example PARAM1: Thing1 PARAM2: Thing2 PARAM3: Thing3 MESSAGE: Refe...

by Communicator in

Understaind outlier command + drawing the line where it does the removal of points

This is my search to recreate the data I am working on: | makeresults | eval data = " 2019-01-01 98.0; 2019-0...

by Motivator in

How Can I change from descendant to ascendant in timechart visualization in the Y-axis

Hello Everyone! I have a timechart visualization and I would like to change the order of the number that are in th...

by Path Finder in

Trying to join multiple searches into one big output

by New Member in

Can I return the host IP address in WinEventLog metadata search?

I'm trying to use a metadata search to quickly return the hosts that are currently sending logs to Splunk to determin...

by Explorer in

using regex to reformat json messages

I have a VidyoPortal that gives me its responses formatted this way through its event notification system: **VDY\x...

by New Member in

Can you help me build a Splunk query to get all associated members (Username and UserId) of the LDAP group?

I tried this query to get all the members of a particular LDAP group: | rest /servicesNS/nobody/system/admin/L...

by Explorer in

Prevent users from table sorting (when clicking on its headers)

The question is really simple, not that sure about the answer though. I'm using Splunk 5.0.6 + Advanced XML panels to...

by Path Finder in

Is it possible to replace the names of a field, thanks to a lookup table, but only when they exists in the lookup table?

Hello, I have a column with names, I will call it "Costumers_Names". The "names" are actually unique identifiers (...

by Explorer in

Using Splunk to analyze firewalls, how can I detect attackers who are doing IP spoofing attacks?

How can I detect attackers using IP spoofing in Splunk? I want to be able to detect this in Checkpoint and Juniper...

by Engager in

Format output for timechart by

Hi all, My splunk search generates the following output via timechart: _time;cpu_core:host1;cpu_core:host2 2019...

by Path Finder in

need help in finding the time differece btween two fields when thid field value is null

Hi Team, Can you please help me with the solution for the following usecase. i have three fields named as follo...

by Explorer in

rex expression

one of my field contains one big string as shown below params={fl=doc_objectid,score&sort=doc_dateeffective+asc,do...

by Explorer in

Rename column name in stats

index =* "log" earliest =@d-4h latest=@d+8h | rex " (? \w*)<" | dedup ticketId | stats count as tod...

by New Member in

Can you list time-unique events as one event if certain fields match?

Hi, I'm a complete novice to Splunk, so forgive me if the following is basic/doesn't make sense. I'm trying to red...

by New Member in

Blank rows in table

I am creating a table and simply reordering the fields from events. When I view the table there are random blank rows...

by Path Finder in

order changing with the table command ??

Hi. When i am using the table command ? i am not getting the fields in the order i have ginen ?? how can i do it b...

by Motivator in

rex extraction

Hi, I'm trying to extract a field via rex for a search and having problems. Hoping someone could help me... Her...

by Champion in

*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:
SOAR (f.k.a. Phantom) >>
Enterprise Security >>
Splunk Enterprise or Cloud for Security >>
Observability >>

Or Learn More in Our Blog >>

Splunk Search

Discussions

Can you help me show the status duration, timechart with stack bars in 30min spans?

Modify search string from input field to search IP addr db

How do I replace text within a field with text from another field?

Understaind outlier command + drawing the line where it does the removal of points

How Can I change from descendant to ascendant in timechart visualization in the Y-axis

Trying to join multiple searches into one big output

Can I return the host IP address in WinEventLog metadata search?

using regex to reformat json messages

Can you help me build a Splunk query to get all associated members (Username and UserId) of the LDAP group?

Prevent users from table sorting (when clicking on its headers)

Is it possible to replace the names of a field, thanks to a lookup table, but only when they exists in the lookup table?

Using Splunk to analyze firewalls, how can I detect attackers who are doing IP spoofing attacks?

Format output for timechart by

need help in finding the time differece btween two fields when thid field value is null

rex expression

Rename column name in stats

Can you list time-unique events as one event if certain fields match?

Blank rows in table

order changing with the table command ??

rex extraction

Is it possible to change the severity/color of the...

Why does statistics from a tstats change while the...

How to write query for Windows Remote Desktop Conn...

How to Detect 4 Commands run Within a 1 Second Tim...

Help with Transforming an ingest of timestamped da...