Splunk Search

Discussions

Thread Info

How can a row of average hourly event volume be appended to a chart with Fridays' hourly totals and added totals?

Here is my attempt at creating a chart of hourly counts for previous Fridays. I have added row and column totals, but...

by Explorer in

How to create a search to find the same IP hitting specific URL (x number of times)?

Having trouble creating a search that will determine if any single unique IP hits a defined URL 5 or more times withi...

by New Member in

JSON output values wrapped in double quotes, even number/integer values

I have a field called "windows_event_id" which contains integer values that I am adding to a table. I am certain tha...

by New Member in

How to break the events by timestamp if there are two timestamps in every event?

Hello, I'm trying to break the events by time stamps but it is networking, can anyone help me on this? Here is the ra...

by Explorer in

How to extract a string from a particular XML tags with regular expression?

Dear Experts , Need your help with regular expression. I have an XML tag in the field f. I would like to extract all...

by Explorer in

How to find delta between two tables?

Hello, I am trying to find the delta between two tables, but somehow failing with it. My code is as follows: ...

by Builder in

Correlation rule for Nessus Vulnerability scanner and IDS alerts

Does anyone has created any correlation rule between Nessus Vulnerability scanner and Paloalto IDS. We are getting...

by Explorer in

eval,replace & table query based on token

I have a token team_name = "Brenden team, walt, Paul " I want to replace "Brenden team" with his team members details...

by Explorer in

How to replace the string with the other string in a token?

I have a multiselect fied with $team_name$ with Team A, Team B, Team C fields If I select Team A and Team B in mul...

by Explorer in

Does anyone have an example of a custom alert action script that uses a bash script?

All the ones I ever see is Python. I need one that uses a bash script.

by Communicator in

How to find top 20 results and then do a subsequent search?

I need to find out the Top 20 sites within my sourcetype and then from there be able to do further analysis on other ...

by Explorer in

How to extract a field that returns after a line_breaker

Hello, We are trying to split a nested json message into seperated events. As we not wish to use the spath functi...

by Explorer in

Adding Color as a 4th Dimension to Bubble Chart

Hi; I'm messing around with the new Bubble Chart Feature and it is almost doing everything I want but coloring. He...

by Path Finder in

Find orphaned transactions in a series

I have the data in the following format Msg Id Event Timestamp ( Format Example) 123 A 24/06/2019 10:02 123 B 24/...

by New Member in

How to create a regex to match URL ending with file extension to detect file downloads?

I am trying to write a regex which will detect/match URLs ending with 2, 3 & 4 letter file extensions (eg - .py, .txt...

by New Member in

How to create Splunk Alert based on custom condition?

New to Splunk, can anyone please help me with the below scenario? I am receiving events like below: Event La...

by New Member in

How to increase elastic search timeout?

Sometimes my search gets fail and unable to fetch data because of below error: ConnectionTimeout at "/opt/splunk/e...

by Explorer in

How to get an alert if the specific search takes more than 10 min?

Ex: "Acquired" is a keyword. This keyword is getting for every minute. I have to get alert if this keyword is not g...

by Explorer in

How do I export extracted fields for use in another app?

I am creating two apps that use the same data (weird,I know, but I am testing something in my environment). I've buil...

by Explorer in

How to create a search that lists all fields? (and data validation question)

Hi, I am looking to create a search that allows me to get a list of all fields in addition to below: | tstats coun...

by Builder in

How to create a search for Server Uptime for Windows & Linux in Splunk?

I need a Splunk search for finding server uptime for Windows and Linux index= linux sourcetype=cpu

by New Member in

How to correlate events from three sources based on time condition

I have one index which have events from 3 different sources (A, B & C). The value of CELL, CALLERNO & CALLEDNO are th...

by New Member in

How to create a search based on multi-value fields

I am new to Splunk, currently working on a Shift roster. There are 3 teams and 3 members in each team(totally 9 membe...

by Explorer in

How to configure source_type to regex value?

I'm using a Universal Forwarder and want Splunk to return source_type as what's defined for source within the monitor...

by Explorer in

API: How to specify returning dates with a UTC or GMT offset rather than a CDT time zone?

How can I specify Splunk to return dates with a UTC or GMT offset rather than a time zone abbreviation? Right now I g...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How can a row of average hourly event volume be appended to a chart with Fridays' hourly totals and added totals?

How to create a search to find the same IP hitting specific URL (x number of times)?

JSON output values wrapped in double quotes, even number/integer values

How to break the events by timestamp if there are two timestamps in every event?

How to extract a string from a particular XML tags with regular expression?

How to find delta between two tables?

Correlation rule for Nessus Vulnerability scanner and IDS alerts

eval,replace & table query based on token

How to replace the string with the other string in a token?

Does anyone have an example of a custom alert action script that uses a bash script?

How to find top 20 results and then do a subsequent search?

How to extract a field that returns after a line_breaker

Adding Color as a 4th Dimension to Bubble Chart

Find orphaned transactions in a series

How to create a regex to match URL ending with file extension to detect file downloads?

How to create Splunk Alert based on custom condition?

How to increase elastic search timeout?

How to get an alert if the specific search takes more than 10 min?

How do I export extracted fields for use in another app?

How to create a search that lists all fields? (and data validation question)

How to create a search for Server Uptime for Windows & Linux in Splunk?

How to correlate events from three sources based on time condition

How to create a search based on multi-value fields

How to configure source_type to regex value?

API: How to specify returning dates with a UTC or GMT offset rather than a CDT time zone?

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions