Splunk Search

Discussions

Thread Info

Trying to join multiple searches into one big output

by New Member in

Can I return the host IP address in WinEventLog metadata search?

I'm trying to use a metadata search to quickly return the hosts that are currently sending logs to Splunk to determin...

by Explorer in

using regex to reformat json messages

I have a VidyoPortal that gives me its responses formatted this way through its event notification system: **VDY\x...

by New Member in

Can you help me build a Splunk query to get all associated members (Username and UserId) of the LDAP group?

I tried this query to get all the members of a particular LDAP group: | rest /servicesNS/nobody/system/admin/L...

by Explorer in

Is it possible to replace the names of a field, thanks to a lookup table, but only when they exists in the lookup table?

Hello, I have a column with names, I will call it "Costumers_Names". The "names" are actually unique identifiers (...

by Explorer in

Using Splunk to analyze firewalls, how can I detect attackers who are doing IP spoofing attacks?

How can I detect attackers using IP spoofing in Splunk? I want to be able to detect this in Checkpoint and Juniper...

by Engager in

Format output for timechart by

Hi all, My splunk search generates the following output via timechart: _time;cpu_core:host1;cpu_core:host2 2019...

by Path Finder in

need help in finding the time differece btween two fields when thid field value is null

Hi Team, Can you please help me with the solution for the following usecase. i have three fields named as follo...

by Explorer in

rex expression

one of my field contains one big string as shown below params={fl=doc_objectid,score&sort=doc_dateeffective+asc,do...

by Explorer in

Rename column name in stats

index =* "log" earliest =@d-4h latest=@d+8h | rex " (? \w*)<" | dedup ticketId | stats count as tod...

by New Member in

Can you list time-unique events as one event if certain fields match?

Hi, I'm a complete novice to Splunk, so forgive me if the following is basic/doesn't make sense. I'm trying to red...

by New Member in

Blank rows in table

I am creating a table and simply reordering the fields from events. When I view the table there are random blank rows...

by Path Finder in

order changing with the table command ??

Hi. When i am using the table command ? i am not getting the fields in the order i have ginen ?? how can i do it b...

by Motivator in

rex extraction

Hi, I'm trying to extract a field via rex for a search and having problems. Hoping someone could help me... Her...

by Champion in

rex word extraction?

How can i write a regular expression to extract string starting with S and ends with 'E'. I have used like this. ...

by Motivator in

How can I put the status into 1 when the log has "failed"?

I'm creating oracle RMAN chart and need the status when failed then the status should be 1 normally it should be 0. F...

by New Member in

When is | tstats summariesonly=true 100% finished on an accelerated Data-model?

How do I know when | tstats summariesonly=true is 100% finished on an accelerated Data-model? I have issues where ...

by Influencer in

How do I do a CIDR match with an inputlookup?

Hi All, I have a lookup that currently works. I've set match_type to CIDR(netRange) in my transforms file and eve...

by Path Finder in

How to change the permissions of a saved search from the CLI

I add a new saved search by CLI splunk: ./splunk add saved-search -search 'ERROR*' -name 'ERROR chart' -schedule '...

by Explorer in

With regex, can you help us extract the first word that comes after the timestamp?

I wanted to extract the first word that comes after the timestamp. The time stamps are of varied formats exampl...

by Contributor in

Unable to map more than one access role in scripted authentication

Hi, I have tried to map more than one access role to scripted authenticated users but only the first role is getti...

by Explorer in

How to improve my search to identify queries which consume a large amount of memory?

We had recently Search Heads crashing and it seems that queries which consume 11-12 GBs of memory cause the crashes. ...

by Ultra Champion in

What is the problem with Regex field extraction with "OR"

Hi everyone, I have data from Cisco ESA similar to this two examples: > Feb 6 10:29:56 10.1.1.152 Feb 06 10:29...

by Explorer in

How to find the timestamp of first occurrence of the event in a transaction?

I have a transaction similar to the below one: 02/06/2018 15:10:30.560 Starting transaction 02/06/2018 15:20:90.15...

by Path Finder in

How do I rename field values and add up the count(*) if the value is the same?

How do I rename field values, and if the values are same, add up the corresponding count value? index="abc" earlie...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Trying to join multiple searches into one big output

Can I return the host IP address in WinEventLog metadata search?

using regex to reformat json messages

Can you help me build a Splunk query to get all associated members (Username and UserId) of the LDAP group?

Is it possible to replace the names of a field, thanks to a lookup table, but only when they exists in the lookup table?

Using Splunk to analyze firewalls, how can I detect attackers who are doing IP spoofing attacks?

Format output for timechart by

need help in finding the time differece btween two fields when thid field value is null

rex expression

Rename column name in stats

Can you list time-unique events as one event if certain fields match?

Blank rows in table

order changing with the table command ??

rex extraction

rex word extraction?

How can I put the status into 1 when the log has "failed"?

When is | tstats summariesonly=true 100% finished on an accelerated Data-model?

How do I do a CIDR match with an inputlookup?

How to change the permissions of a saved search from the CLI

With regex, can you help us extract the first word that comes after the timestamp?

Unable to map more than one access role in scripted authentication

How to improve my search to identify queries which consume a large amount of memory?

What is the problem with Regex field extraction with "OR"

How to find the timestamp of first occurrence of the event in a transaction?

How do I rename field values and add up the count(*) if the value is the same?

Splunk App for Anomaly Detection End of Life Announcment

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Accessing Elasticsearch Data from Splunk Using SPL...

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions