Splunk Search

Ask a Question

Discussions

Thread Info

How to modify search text with Javascript

I'm using Splunk Enterprise Version: 7.3.0 I'm trying to make a chrome extension that will allow me to toggle line...

by New Member in

Correlation search for Interactive Login with Service Account and Interactive Login with Local Administrator

Offense Name: Interactive Login with Service Account Rule: Service accounts typically start with svc* Offense Name...

by Explorer in

Why does convert num NOT follow a universal typecasting paradigm and NOT trim leading zeroes?

I guess the question is a bit facetious But, I would still like to know what the (flawed) logic is behind this? It...

by Motivator in

Why is the rex capture not working?

Hi All, I am trying to capture line starting with a number, I have created a regex and tested it in regex101 site and...

by Engager in

How to include double quotes in Switch Case

Hi All, How can I do switch case for below values {"XXX":["ABC"]} == ABC {"XXX":[]} == NULL . | eval Name=ca...

by Communicator in

Better search query way in terms of performance

I have below search criteria so let me know best way for this. base search (which have output in table format) [ta...

by Path Finder in

How to get the number of errors for each application ?

Hi, I'm new to Splunk and so far I've managed to get the number of errors but I do not know for which application?...

by Engager in

Tor traffic search feeds

Hi All, I work with Datamodels, and trying to create search which will alert me about TOR communication. Having s...

by New Member in

searchmatch function

Hi I am trying to find an ip from first query and then search that ip if exists in another csv file and show the ...

by Communicator in

Grouping multiple OR values

Hi People, Is there any efficient way of grouping values? I have like 20 Or statement that I need to match something...

by New Member in

How to calculate the average duration of each steps within a transaction?

Hi, I have events indexed in the following format: type=a transactionID=xxxxxxxxxxx status=Created lastUpdateTime=...

by Loves-to-Learn Lots in

Is it possible to run dashboard panel searches in a staggered sequence instead of all at once?

Hey, I have a dashboard with 6 charts. When I open this dashboard in my browser, Splunk attempts to run all 6 sear...

by Motivator in

Save SPL commands into one SPL new command

Hi, Is it possible to save SPL command into one new command and use it when running a query? For example: | ded...

by Path Finder in

splunk API from browser

Hi all , I am using below url to get data from splunk https://hostname:8089/v7/services/search/jobs/export?out...

by Explorer in

stats value(_time) delimiter

When I use stats values(_time) as _time group by the list of values in my table is delimitated by comma's. ex: 1...

by New Member in

how to set epoch value to

i find epoch time from my token $date1$ using below code index="cdq-dashboard-dev"|eval earliest="$date1$"| convert ...

by Engager in

Can Splunk join on multiple columns?

How can you search Splunk to return a join on 2 columns sourcetype=test1 [search=test2 |fields col1, col2]|fields ...

by Path Finder in

How to build a dashboard to show critical devices without any overlapping

Hello Everyone, I'm trying to build a dashboard to show all my critical devices that do not report to Splunk for a ce...

by Engager in

help on a field renaming in a subsearch

hello in my csv file I have a field called "host" and in my index a field called "HOSTNAME" its the same field and...

by Motivator in

eval command help

Hi All, Need help to get the values from multi field value. We have a field name "properties.targetResources{}.dis...

by New Member in

Help returning the fields with response from user to agent in Mem field

Need your help to return the fields with the response from user to agent in Mem field. There are 7 sets of user to a...

by Explorer in

How to improve Splunk search performance?

I have a search like this: index= foo earliest=-3d |rex field=summary "(?{.*)" | spath input=json_data |stats cou...

by Path Finder in

How to improve the performance of my search?

index="way" sourcetype="transactions" | transaction fields=Id keepevicted=true | eval Status=if(isnotnull(Error...

by Explorer in

Chart overlay is invisbile

Hi, I am using line chart overlay on column chart. but It's not displaying overlay line chart, even though data po...

by Builder in

Alert time range not saving correctly; get "Your changes to the time range of this alert will not be saved. " when I attempt to fix it

I've set up a very simple alert to fire when my indexing volume exceeds a specific value. index=_internal source=*...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to modify search text with Javascript

Correlation search for Interactive Login with Service Account and Interactive Login with Local Administrator

Why does convert num NOT follow a universal typecasting paradigm and NOT trim leading zeroes?

Why is the rex capture not working?

How to include double quotes in Switch Case

Better search query way in terms of performance

How to get the number of errors for each application ?

Tor traffic search feeds

searchmatch function

Grouping multiple OR values

How to calculate the average duration of each steps within a transaction?

Is it possible to run dashboard panel searches in a staggered sequence instead of all at once?

Save SPL commands into one SPL new command

splunk API from browser

stats value(_time) delimiter

how to set epoch value to

Can Splunk join on multiple columns?

How to build a dashboard to show critical devices without any overlapping

help on a field renaming in a subsearch

eval command help

Help returning the fields with response from user to agent in Mem field

How to improve Splunk search performance?

How to improve the performance of my search?

Chart overlay is invisbile

Alert time range not saving correctly; get "Your changes to the time range of this alert will not be saved. " when I attempt to fix it

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions