Splunk Search

Discussions

Thread Info

How to sum a column's values along multiple categories, then display the summed column along with the category which contributed the largest value in that category, all in the same row?

I have the following data: A B C Pkg Area Count NP bcd D02 abc.d PP 1656 NP bcd D05 abc.d PP 870 NP bcd D01 abc...

by Path Finder in

Search Question

I'm building out a dashboard to identify VPN issues in our environment. The issue with the search below is that those...

by Communicator in

How do you use an inputlookup to search through all event fields?

I have a one column lookup. I want to see if any of the values in the lookup appear in ANY field of my events. And I ...

by New Member in

How do you make a table based on a match between field and lookup?

Hi All, My base search has a "tags" field, which contains 10 values. Another lookupfile has the the same column ta...

by Contributor in

Can you help me find the location of a session?

I’m examining server logs where, for each session, there are several events. I’m trying to discover the country from ...

by New Member in

What is scheduler log event status=Continued ?

We have a log of saved searches working simultaneously in our search head. Around 70% of which are resulting status= ...

by New Member in

How can I set a conditional time range if the token date range doesn't fit my need?

I have a dashboard with 3 elements using the time input at the top to drive the search results. One of the three elem...

by New Member in

multivalue in a sub search not working as expected.

I am trying to return multi value from a subsearch and use that value in a field (server_status) as "OUT" in the main...

by Engager in

In a search, how would one count the number of times a value appears in a defined time segment over a longer period of time?

Hi everybody, The search I'm trying to create is to alert possible brute force attacks using WindowEventLogs. ...

by Path Finder in

Suche alle user mit gleicher From: Adresse

Hallo, kann ich alle user mit From=*@domain.de finden, bei denen folgende Bedingungen zutreffen *@domain.de> -> *@dom...

by New Member in

can I show less characters in my result table

I have a search using the splunk table commands, but the text in one fields is too long so that I can't see the whole...

by Explorer in

How do you extract a string from field _raw?

Hi , I am trying to extract info from the _raw result of my Splunk query. Currently my _raw result is: _raw="Se...

by Explorer in

Field extraction with escaped character or control character

Hello, my user tried to feed in the CSV like log file in the Splunk and I have asked to do the field extraction. With...

by Explorer in

How Splunk admin can find a search executed by user which causing SearchResults - Corrupt csv header, 2 columns with the same name '__mv_Calling_Station_Identifier' (col #xx and #xxx, #xxx will be ignored)

How Splunk admin can find a search executed by user which causing SearchResults - Corrupt csv header, 2 columns with ...

by Explorer in

Link srtemp to dashboard or search

I get some occurrences of directories in srtemp which are a few hundred gigs in size. Is there a way to link those di...

by Explorer in

"how to cancel the data source"

the host monitoring keep fetching the CPU data. I want to cancel the date source

by Path Finder in

how to cancel the monitoring job

i am new to splunk. I have created a job to monitoring localhost performance. How can I delete the monitoring job and...

by Path Finder in

How do you create a summary chart based on usage information with cost from imported data using fields?

I'm a bit over my head, so I'm going to dive in and ask. I've searched the forums, and the tubes, and there are some ...

by Engager in

Question on how to prevent an event from being reindexed

I have a web application that produces a fairly complicate log structure that looks something like the following. ...

by New Member in

Difference between time fields in different events based off of the value of another field

I would like to find the difference of time where based on the value of field "disposion", I choose the time value fo...

by Explorer in

Can we run multiple saved queries over the same periods at once?

Hi, I have 79 reports and I want to run those reports over last 30 days. Can I run 79 reports all at once and save...

by Explorer in

Can you help me with my field extractions?

I have logs from the same source type called log4j in Splunk. The format for the logs is a little different. For exam...

by Explorer in

What is the correct URI to logOn with .NET SDK LogOnAsync?

I am trying to write a simple app that will login to Splunk and retrieve some events. I'm using the .NET SDK Splunk.C...

by New Member in

Is it possible to use POST and DELETE with "rest" search command?

There is a nice search command for interacting with REST API: http://docs.splunk.com/Documentation/Splunk/latest/Sear...

by Path Finder in

How do I iterate through a result set and fetch the data for each result?

I have a query to retrieve "Item_Number " in table. The results will be as below... ..| table Item_Number Ite...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to sum a column's values along multiple categories, then display the summed column along with the category which contributed the largest value in that category, all in the same row?

Search Question

How do you use an inputlookup to search through all event fields?

How do you make a table based on a match between field and lookup?

Can you help me find the location of a session?

What is scheduler log event status=Continued ?

How can I set a conditional time range if the token date range doesn't fit my need?

multivalue in a sub search not working as expected.

In a search, how would one count the number of times a value appears in a defined time segment over a longer period of time?

Suche alle user mit gleicher From: Adresse

can I show less characters in my result table

How do you extract a string from field _raw?

Field extraction with escaped character or control character

How Splunk admin can find a search executed by user which causing SearchResults - Corrupt csv header, 2 columns with the same name '__mv_Calling_Station_Identifier' (col #xx and #xxx, #xxx will be ignored)

Link srtemp to dashboard or search

"how to cancel the data source"

how to cancel the monitoring job

How do you create a summary chart based on usage information with cost from imported data using fields?

Question on how to prevent an event from being reindexed

Difference between time fields in different events based off of the value of another field

Can we run multiple saved queries over the same periods at once?

Can you help me with my field extractions?

What is the correct URI to logOn with .NET SDK LogOnAsync?

Is it possible to use POST and DELETE with "rest" search command?

How do I iterate through a result set and fetch the data for each result?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...