Splunk Search

Discussions

Thread Info

Searching for merged events in Splunk

Hi, I have found that there are some events in Splunk that are merged and it is on a random basis and in a huge da...

by Builder in

Using a lookup for search

I have a small CSV file with common attack signatures in them that I have uploaded as a lookup called web_attack_sign...

by Engager in

How is the Size value on the job page calculated and logged in Splunk?

I am trying to figure out how the Size value in the Job page is calculated and where that is logged in splunk. I c...

by Explorer in

How to get the percentage of each HTTP status code

I would like to get the percentage of each HTTP status code. I have the count of each status code that appears and I ...

by Path Finder in

How to create a regex to extract the first IP address from multiple IP addresses in an event line?

There are multiple ip addresses in a raw event line and I only need the first one How can I achieve that? 192.168...

by Contributor in

Set token on submit button click?

Hi guys. Can someone please post working js code for a button that toggles a token from "true" to "false" and back...

by Motivator in

How to use where to compare field values

Let's say I'm doing a stats count by x,y How would I formulate a WHERE that compares the string value of x and y a...

by Communicator in

How to find out falied login attempts(EventCode=4625) which are more than 6 times within the 1hr timestamp?

Hi Team, I would like to find out user failed login attempts which are greater than 6 times and those 6 failed login ...

by Engager in

How to create a Regex question for field extraction for our shibboleth:audit sourcetype events?

I created the following regex to extract the fields for our shibboleth:audit sourcetype events: ^(?:[^\|\n]*\|){2}...

by Influencer in

"Oops! Your instance is no longer here."

I have been working on the Fundamentals 1 Certification using the free Cloud Trail instance of Splunk. My instance ha...

by New Member in

How to extract the HTTP Status Code?

I need help with extracting and graphing the HTTP status code which is always the end of every log formatted as; `...

by Path Finder in

How to use extracted field as input parameter to another search?

Hi, I needed help with using field extracted in the search(ORG) to be used as input for another search where a sim...

by New Member in

How to use calculated field with url?

Hello, I'm trying to use calculated field on data with url field. Simple doesn't work. Even a very simple 'upper(u...

by Path Finder in

How to create a regex to match URLs ending with a known file extension downloads?

I am trying to filter out all URLs which are for file downloads and those URLs will end with the file extension. Eg -...

by New Member in

Does the`search` command has implicit AND between expressions?

I always understood the search command's expressions be connected by a logical AND by default: search customer=123 it...

by Explorer in

manipulate timestamp

Hello in my organisation we have few kinds of log format one of them does not have the year in the time stamp so the ...

by Communicator in

How to line break events

Can anyone here help with breaking this sample into multiple events each should start with { "resourceId": ? I have t...

by New Member in

help on token strange behaviour

hi I use the search below and I filter the data with 2 token | inputlookup tablet_host.csv | lookup PanaBatter...

by Motivator in

How to display certain stats values command in a search?

Hello I use the stats command below but some process_name have no process_cpu_used_percent value So how to do for ...

by Motivator in

Splunk search issues with timezone of logs from forwarders

Dears, My Splunk Indexer is in CDT time zone and my forwarder logs are in UTC time zone and there is time differe...

by Path Finder in

How can I combine the list of events within recent timeframe with the count of similar event in a broader timeframe (not taking into account the last 5 days)?

Hello everyone, I am trying to combine the following: - The query 1 looks for recent events (earliest=-10m@m lates...

by Engager in

Take multiple regex in single search string

I have to extract the same features from two sets of logs with very different formats and need to take the additional...

by Explorer in

How to return values from lookup which are not matching the search?

Hi I currently have a search which returns a list of users with employee id from a user lookup eg: user lookup ha...

by Explorer in

Convert Timestamp from one format to UNIX style format

I have a log file that has the timestamp for each line as: Jun 10, 11:07:59.305475 Note that the year is missi...

by Engager in

I am looking on how to filter the unwanted logs getting forward to indexer

In my Application there are logs statements which are repetitive and how to avoid them sending to Indexer so that...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Searching for merged events in Splunk

Using a lookup for search

How is the Size value on the job page calculated and logged in Splunk?

How to get the percentage of each HTTP status code

How to create a regex to extract the first IP address from multiple IP addresses in an event line?

Set token on submit button click?

How to use where to compare field values

How to find out falied login attempts(EventCode=4625) which are more than 6 times within the 1hr timestamp?

How to create a Regex question for field extraction for our shibboleth:audit sourcetype events?

"Oops! Your instance is no longer here."

How to extract the HTTP Status Code?

How to use extracted field as input parameter to another search?

How to use calculated field with url?

How to create a regex to match URLs ending with a known file extension downloads?

Does the`search` command has implicit AND between expressions?

manipulate timestamp

How to line break events

help on token strange behaviour

How to display certain stats values command in a search?

Splunk search issues with timezone of logs from forwarders

How can I combine the list of events within recent timeframe with the count of similar event in a broader timeframe (not taking into account the last 5 days)?

Take multiple regex in single search string

How to return values from lookup which are not matching the search?

Convert Timestamp from one format to UNIX style format

I am looking on how to filter the unwanted logs getting forward to indexer

Developer Spotlight with Paul Stout

Preparing your Splunk Environment for OpenSSL3

Deprecation of Splunk Observability Kubernetes “Classic Navigator” UI starting ...

Using Machine Learning Toolkit to detect auth abus...

How to check MQ reconnects after a connection is d...

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas