Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

count condition

I'm having trouble writing a search statement that sets the count to 0 when the service is normally. This is my da...

by New Member in

What are the differences between append, appendcols, and join search commands?

Hello all, I need to know all differences between append, appendcols, and join when being used with pipe while sea...

by Path Finder in

How to create a DNS regex for our sample DNS logs to make them more meaningful?

HI Experts, I am a fresh guy in SPLUNK Searching. Recently, my team leader needed us to create a DNS regex and mak...

by Explorer in

Active Directory DNS debug logs extract domain name

props.conf [win_dns] SEDCMD-win_dns = s/(\d+)/./g SEDCMD-domainname = s/($\d$)/./g EXTRACT-dns_name = (?i)] \w+\s+(...

by Path Finder in

How to field extract one or more times to the same field?

I am using a CDN and have obtained my DNS logs. Some of the DNS logs have multiple values for the field response ID a...

by Builder in

Add To Search Returns No Results

I have an index in Splunk enterprise named "my_index". When I search for data using index="my_index" for the last 24 ...

by Explorer in

How to use a table as input for a new search

Hi all. I'm trying to write a search that will list users with more than 5 failed logins in the past 8 hours and then...

by New Member in

Track License Usage Cumulatively, Comparing Last 7 Days

I would like to chart license usage throughout the day cumulatively, meaning, the results are added and charts every ...

by Builder in

How to set earliest time based on current time

I am ingesting data at 6AM, 2PM, 7PM, 10PM (CST) Is there anyway I could have my query check the time and set earlies...

by Contributor in

How to make column timechart that can drill down to the clicked column time value?

Hi, I've got a timechart which lays out the average response count for multiple groups over the last hour with a c...

by Path Finder in

How do I write the regex to extract information within parenthesis?

Hey there, I have been banging my head over this issue. Basically, I am searching a sourcetype for, let's call it,...

by New Member in

Count the three different value from one response message

I have the following response : Message=Login failed for user 'testuser_FSQ5'. Reason: Failed to open the explicitly ...

by Path Finder in

Extract field that might be surrounded by quotes

I am working to extract a field that at times is surrounded by quotes. This means I have either; operation or "operat...

by Contributor in

Breaking an event with occasionally repeating fields, or use multikv?

We have a very simple space delimited input, but the results occasionally instantiate per event: INFO_TYPE 2019-0...

by Explorer in

How to rename unknown field names from inputlookup file

I want to merge multiple fields from multiple lookup tables into a single field/column. I only know the name of the f...

by Explorer in

Powershell Script to get Splunk UF info from DC's

Afternoon All, I have been tasked to get a list of information from Splunk UF's that are installed on 31 Domain Co...

by New Member in

Need Count of values in multivalued field, grouped by another field in json data

hi everyone, I need count of "id" field against the sequence field parentRecord sequence count(id) ABC162856 2...

by New Member in

Maximum number of events displayed in an "events list" visualization?

I have a dashboard in Splunk 7.3.0 with the following HTML viz definition: <html depends="$eventCount$,$duration$,...

by Builder in

Group events by last occurance of status field value

I want to group events with last occurance of notnull field value ex. I am grouping events which startswith:logon and...

by Builder in

Issue with importing 3rd party library into Splunk.

Hello, We are trying to import a third party library party library "go.js" to bring in custom visualization into ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

count condition

What are the differences between append, appendcols, and join search commands?

How to create a DNS regex for our sample DNS logs to make them more meaningful?

Active Directory DNS debug logs extract domain name

How to field extract one or more times to the same field?

Add To Search Returns No Results

How to use a table as input for a new search

Track License Usage Cumulatively, Comparing Last 7 Days

How to set earliest time based on current time

How to make column timechart that can drill down to the clicked column time value?

How do I write the regex to extract information within parenthesis?

Count the three different value from one response message

Extract field that might be surrounded by quotes

Breaking an event with occasionally repeating fields, or use multikv?

How to rename unknown field names from inputlookup file

Powershell Script to get Splunk UF info from DC's

Need Count of values in multivalued field, grouped by another field in json data

Maximum number of events displayed in an "events list" visualization?

Group events by last occurance of status field value

Issue with importing 3rd party library into Splunk.

Streamline Data Ingestion With Deployment Server Essentials

Remediate Threats Faster and Simplify Investigations With Splunk Enterprise Security ...

Introduction to Splunk AI

AD servers with indexing delays when evt_resolve_a...

Using comparison function within mstats

splunk search statement using keyword from input b...

Ex Cisco - run a report for all DFS users who logg...

Splunk query to list all the queries that time out