Splunk Search

Discussions

Thread Info

How to rename unknown field names from inputlookup file

I want to merge multiple fields from multiple lookup tables into a single field/column. I only know the name of the f...

by Explorer in

Powershell Script to get Splunk UF info from DC's

Afternoon All, I have been tasked to get a list of information from Splunk UF's that are installed on 31 Domain Co...

by New Member in

Need Count of values in multivalued field, grouped by another field in json data

hi everyone, I need count of "id" field against the sequence field parentRecord sequence count(id) ABC162856 2...

by New Member in

Maximum number of events displayed in an "events list" visualization?

I have a dashboard in Splunk 7.3.0 with the following HTML viz definition: <html depends="$eventCount$,$duration$,...

by Builder in

Group events by last occurance of status field value

I want to group events with last occurance of notnull field value ex. I am grouping events which startswith:logon and...

by Builder in

Issue with importing 3rd party library into Splunk.

Hello, We are trying to import a third party library party library "go.js" to bring in custom visualization into ...

by Path Finder in

How to correlate across events, then aggregate by a different event?

Something like, DEBUG traceid=123 user=john DEBUG traceid=123 result=200 DEBUG traceid=456 user=john DEBUG traceid...

by New Member in

How to get the latencycount by each Api using stats

I am just trying to get the latency count of API by taking the AVG responsetime of the API and using the avg as thres...

by New Member in

Splunk Status Indicator - Awesome Font Library - Icons missing

I just loaded the app Splunk Status Indicator on Splunk Enterprise 7.2.6, and just finished reading the online docume...

by Engager in

Default value for `stats count` or `top`

This should be a trivial thing, but I'm having a hard time figuring out how to do it in Splunk: how do I use a defaul...

by New Member in

Search SPL to show messages menu

Can someone tell me the Splunk query to match the contents of the "Messages" menu item? As an example, i see the foll...

by Path Finder in

How to split up multiple values within a field (mvexpand)

Hi, The output of both systems is written to the same index and differ by the component contained in the event. ...

by Path Finder in

How to extract fields from log

I'm trying to extract fields from a log and failing miserably. In my first attempt I used a props.conf to specify th...

by Explorer in

Is there a way to tell if a "specific" lookup file is in use on a dashboard, report, or alert without manually checking each of these searches?

found the answer to getting all lookup files in use on a dashboard, report or alert. Looking for a way to tell if one...

by Explorer in

SPL to find first time account access

To find the user first time login in PCI compilance - what is the SPL query ? I am using the query as below : |...

by New Member in

Get numbers between event

Hi, I would like to get Heap number, from event: [Eden: 704.0M(5804.0M)->0.0B(5800.0M) Survivors: 52.0M->56.0M Heap:...

by Explorer in

Similar EventIds been taken in splunk

Hi All, My inputs conf are as follows [WinEventLog://Application] disabled = 0 whitelist = EventCode="26|25|19" wh...

by New Member in

Filter a Chart with Values Greater Than some Integer.

I have this query (time is in milliseconds and I converted it to seconds): index=ABCD source=EFGH | bin span=5m _t...

by Path Finder in

merge events by common fields and rename other fields

Hi, Im trying to figure out how to merge these events [{"event_type":"Metric","jobid":"1d622e4f-6a78-404a-9c4...

by Explorer in

Multivalue Field Filterung search

Hello, I need your help. I have a field which contains multivalue. Example: Table Foo in cash ...

by Path Finder in

how to use a lookup table to identify missing tags from a search?

Heres the ask... I want to run a spl to see what tags are MISSING from a potential host by looking at a lookup fil...

by Splunk Employee in

Earliest_time and Latest_time

Hi all, I am trying to use Earliest_time and Latest_time in splunk query in order to simulate the REST API (running ...

by Contributor in

Need rex help with URL

Hi I have this rex I'm trying to filter on for any URL that points to file extensions that have two or more extension...

by Path Finder in

Extract date (timestamp) from raw data and source field

Hi my events looks like- 31,04:56:47:928, abc:0xabc, 49.716720, -59.271553,197 30,04:56:47:928, abc:0xabc,...

by Builder in

Help with regular expression

Hi, all I would like to create a mechanism that generates an alert when a regular expression extracted matches. ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to rename unknown field names from inputlookup file

Powershell Script to get Splunk UF info from DC's

Need Count of values in multivalued field, grouped by another field in json data

Maximum number of events displayed in an "events list" visualization?

Group events by last occurance of status field value

Issue with importing 3rd party library into Splunk.

How to correlate across events, then aggregate by a different event?

How to get the latencycount by each Api using stats

Splunk Status Indicator - Awesome Font Library - Icons missing

Default value for `stats count` or `top`

Search SPL to show messages menu

How to split up multiple values within a field (mvexpand)

How to extract fields from log

Is there a way to tell if a "specific" lookup file is in use on a dashboard, report, or alert without manually checking each of these searches?

SPL to find first time account access

Get numbers between event

Similar EventIds been taken in splunk

Filter a Chart with Values Greater Than some Integer.

merge events by common fields and rename other fields

Multivalue Field Filterung search

how to use a lookup table to identify missing tags from a search?

Earliest_time and Latest_time

Need rex help with URL

Extract date (timestamp) from raw data and source field

Help with regular expression

What's New in Splunk Cloud Platform 9.3.2411?

Buttercup Games: Further Dashboarding Techniques (Part 6)

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...