Splunk Search

Ask a Question

Discussions

Thread Info

How to create a search that can Event count by Vendor/Product by Day for past 30days?

Hey All, I am trying to create an efficient search that I can schedule and run once a month to create some metrics...

by Builder in

[INGEST_EVAL] Regex replace stops after 1000 chars

Hi, I'm trying to convert a hex string to readable ascii text at index time, inspired by this solution: https://an...

by Observer in

How to search partial field names and exclude events that contain no value

Hi, I want my search to only return events that have field names matching Feature.Flags* My data currently has the be...

by New Member in

Regex help extracting session ID

10.249.68.17 0000*aJyyyQvMs5xIb7KGdRxRTl98AhhUNq0lMLQ8RQ8szjFp4gtHI:1cq4afaa*7 12.119.53.11 - - [26/Jun/2019:13:06:37...

by Contributor in

Regex: Help extracting user ID, session ID, and browser

2019.06.26 13.18.18.186 ERROR presentation [WebContainer : 5]: **********Browser information - ***********Mozilla/5.0...

by Contributor in

Calculating Median of Count over Time

Hello, I am trying to find outliers on a graph by using the median absolute deviation on a graph. I know that the ...

by Path Finder in

Regex help - disregard everything after a match

I have the following regex that is pulling the sender and receiver domains: "SenderAddress":"\w+.*@(?<s_domain>.*)...

by Influencer in

Copy and Paste search string

Hi! I am trying to create a report which I will use as a dashboard panel, to show me who has been copying and pasting...

by New Member in

excluding weekends and overnights from plotted results

I'm trying to plot the average figure from a set of results, however I want to exclude weekends and overnight as the ...

by New Member in

What are the limitations/benefits of using eval inside of stats commands?

One of our users is asking the following: -- What are the limitations/benefits of using the eval command inside of...

by Ultra Champion in

how to append query ?

Hi Guys i have 3 queries query 1 : identity/phones/retrieve AND "[HTTP-STATUS-CODE]" | stats count as Total quer...

by Path Finder in

Lookup table permission cannot be changed to global because of this error : : Cannot move asset lacking a pre-existing asset ID

we are getting this error only for during lookup permissionchange in splunk search head cluster : Splunk could not up...

by Explorer in

Firewall Log: How to send API calls to abuseIPDB and deal with results in splunk to get threat score?

Hi there, I have been dealing with Splunk for two weeks now. My intention was to make firewall drops from an Unifi Se...

by Engager in

How to compare two fields from two different searches and display results with matches and mis-matches?

I am running 2 different searches and have to compare the each value in one field with the values in the other field....

by Loves-to-Learn Lots in

Why are special characters replaced with UTF-8 after exporting table to CSV?

Hi all, When uploading a .csv file to Splunk, utf-8 is selected as the encoding type. Special characters look fine wh...

by Path Finder in

How to count the distinct list values

My results look like these: V1 V2 A X Y Z Z X Y Y B X X X Y Z Z X Y Y V2 IS A LIST. I want to ad...

by Contributor in

Help writing a condition for taking out average

Hi all, I need help in taking out “avg(“Participant”)” that is using calldevice1.   I need to write a condition here....

by Path Finder in

How do I write the regex to extract a DNS domain field from my sample data?

Hi : I need help extracting the domain IP address for the DNS logs. The automatic field extractor does not work in...

by Path Finder in

What's ops.json in etc/system/replication?

Hi, we removed some roles and checked on file level where these roles still have a reference. We found the file sp...

by Path Finder in

Cannot perform action "POST" without a target name Python

Hello all, I am running python 3.4.9 on CentOS 7. The issue I am having is with the following python script: fr...

by Path Finder in

Monitoring Critical Device Logging

We are looking to take an enterprise level approach on the monitoring of critical device logging. We have a list of s...

by Path Finder in

How to remove this signal "-" and "OTHER" in results of a timechart?

Hi Splunkers, I have this search bellow: index=br_activedirectory_microsoft EventCode=4624 Account_Domain=AGBANESP...

by New Member in

tstats command help required for CIDR

Hello Everyone, I am writing a query using tstats command need to use the CIDR values . Below is the example. |...

by Explorer in

Geom command receiving error: Error in 'SearchOperator:Geom': could not resolve

I can't seem to get Splunk to run the search necessary to create a choropleth map. Here is my search: index="main"...

by Explorer in

Search not producing event types

Hello. I am trying to get interactive logon logs for all workstations in an organization. The event code for this log...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to create a search that can Event count by Vendor/Product by Day for past 30days?

[INGEST_EVAL] Regex replace stops after 1000 chars

How to search partial field names and exclude events that contain no value

Regex help extracting session ID

Regex: Help extracting user ID, session ID, and browser

Calculating Median of Count over Time

Regex help - disregard everything after a match

Copy and Paste search string

excluding weekends and overnights from plotted results

What are the limitations/benefits of using eval inside of stats commands?

how to append query ?

Lookup table permission cannot be changed to global because of this error : : Cannot move asset lacking a pre-existing asset ID

Firewall Log: How to send API calls to abuseIPDB and deal with results in splunk to get threat score?

How to compare two fields from two different searches and display results with matches and mis-matches?

Why are special characters replaced with UTF-8 after exporting table to CSV?

How to count the distinct list values

Help writing a condition for taking out average

How do I write the regex to extract a DNS domain field from my sample data?

What's ops.json in etc/system/replication?

Cannot perform action "POST" without a target name Python

Monitoring Critical Device Logging

How to remove this signal "-" and "OTHER" in results of a timechart?

tstats command help required for CIDR

Geom command receiving error: Error in 'SearchOperator:Geom': could not resolve

Search not producing event types

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services

How to check MQ reconnects after a connection is d...

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown