Splunk Search

Ask a Question

Discussions

Thread Info

How to sort concatenated DATE&TIME field?

Hi, I have concatenated my DATE & TIME Field as below | eval DATE&TIME=DATE." ".TIME EXAMPLE:(%m/%d/%Y %H:%S) ...

by Builder in

Usage of fieldname and field value for a foreach macro

Hi, I am trying to produce a macro with an event summary that would contain both the field name and field value and...

by Engager in

Search a field for multiple values

I am attempting to search a field, for multiple values. this is the syntax I am using: < mysearch > field=valu...

by Motivator in

benefits of using search command

Hi, any one knows the benefits of search command? search src="10.9.165.*" and src_ip="10.9.165.*" , any difference...

by Explorer in

Correlate data from two diffrent splunk logs and evaluate the diffrence of time fields in both logs.

Hi, i am relatively newer to SPL, i have a usecase to evaluate time difference bwn two fields in two different...

by Loves-to-Learn Everything in

Hello, I need help to extract a value from a string

Hi everyone, I hope someone can help me with the following situation.I have multiple events generated from Azure De...

by Path Finder in

make multivalue field from job ID matching multiple customer IDs

In events that we extract CID and JID from, I would like to have an output of all JID that interacted with multiple C...

by Explorer in

Updating KV Store Field Value For Several Events

Hello, I am having problems approaching this problem. Say we have a KV store that stores asset information from...

by Explorer in

lookup input value null

Hey, I am trying to work with lookup table where input contains 3 fields (A,B,C) and output is D Lookup table str...

by Path Finder in

first packet recorded of the reconnaissance

any idea to write the query to capture the first packet recorded of the reconnaissance from the vulnerability scanne...

by Explorer in

Adding new sourcetype and input result in no effect?

On a heavy forwarder, I added a new sourcetype in /opt/splunk/etc/apps/<my_app>/local/props.conf, [sensor_d...

by Communicator in

Searches showing 0 results when using specific text with slashes /'s and -'s in a field?

I have a search index=foobar flashSteamName=foo/bar-moves/12adw320-df21-dasd-124d-12eda234 \ displays 0 results. ...

by Loves-to-Learn in

Fill in 0 if no result is returned

I am showing list of stopped services by host on a dashboard panel. I have 3 servers to show to show stopped services...

by Explorer in

How to get the date time difference of two different formatted dates

Hi, i am relatively newer to splunk, looking for a solution to get time difference is a splunk sample log like this "...

by Loves-to-Learn Everything in

identify scanner and malicious domain

For example, My ip is 202.101.53.4, I want to identify what are the domains sent me the most number of packets (most ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to sort concatenated DATE&TIME field?

Usage of fieldname and field value for a foreach macro

Search a field for multiple values

benefits of using search command

Correlate data from two diffrent splunk logs and evaluate the diffrence of time fields in both logs.

Hello, I need help to extract a value from a string

make multivalue field from job ID matching multiple customer IDs

Updating KV Store Field Value For Several Events

lookup input value null

first packet recorded of the reconnaissance

Adding new sourcetype and input result in no effect?

Searches showing 0 results when using specific text with slashes /'s and -'s in a field?

Fill in 0 if no result is returned

How to get the date time difference of two different formatted dates

identify scanner and malicious domain

Enterprise Security Content Update (ESCU) | New Releases

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We’ve Got Education Validation!

BotS member needed !

To set up alert using saved search and map command

How to compare 2 lookups and highlight any changes...

How to change pie chart font color from within Spl...

Users with the same roles, in the same app, and sa...