Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

how to calculate starttime and Endtime duration

how to calculate starttime and Endtime duration |08-feb-2019 01:30:18|08-feb-2019 01:30:28

by Loves-to-Learn in

View the parameters, e.g. from limits.conf using the search

Hello, Is it possible to view the configuration files / parameters, e.g. limits.conf using the search? I do not ha...

by Builder in

Limit Users search

Hi Everyone...I want to put restrictions on users search as presently users can search for as long as they like. This...

by Explorer in

Regex help

Hi All Below are my sample events am trying to use regex and extract Time to run brinson for all days in Parallel...

by New Member in

Regex issue

Having trouble with the below regex generated from the field extractor application \w+:\\w+\\w+\(?P\w+\\w+) When a...

by Path Finder in

mvexpand multiple multi-value fields [MACRO BASED SOLUTION]

There are already several Splunk Answers around mvexpand multiple multi-value fields. https://answers.splunk.com/a...

by Explorer in

Systemd unit with pid tracking for Splunk

With a simple systemd unit file you can tell systemd how to start and stop a Splunk instance, but if the Splunk insta...

by Explorer in

Help with regex

Below is the sample event 01/15/2019 03:49:15 PM LogName=Security SourceName=Microsoft Windows security auditing. ...

by Builder in

Did some math on a chart but need to take results to a timechart

Have a working query, but the boss has now asked me to timechart for SuccessRateByPlatformPCT per week and I am havin...

by Explorer in

Splunk Encoding Issue with Not Sign (¬)

Hello, I am trying to send some records to Splunk that are incorrectly getting written. This is what the messag...

by New Member in

How do you regex multiple keywords that are shown in a log?

If I'm trying to regex InteractionID and msg below, how do I get the results for all InteractionID and msg within the...

by Path Finder in

Can you help me with input lookup, tstats, and visualization?

Hello, I have a lookup table for all the source types. I'm trying to use stats or tstats to show all the source t...

by Explorer in

Can queued searches from users/roles be prioritized?

If searches are queuing, can searches from particular roles/users be prioritized over others to run next, regardless ...

by Engager in

How do I filter out events from two separate event codes with similar fields?

I'm trying to determine which Windows workstations a user is currently logged in to by: Examining logs from our Do...

by New Member in

Can you help me with a search involving multiple AND conditions in eval w/ if statement?

Hello there from someone in healthcare it industry. I'm working with multiple conditions, and I want to make sure...

by Explorer in

meaning of match("-24h@h","^\d")

Hello I have a query that create a field with a value i can't fully understand : eval earliestQual=match("-24h@h","...

by Contributor in

Test if host sends the same logs

Hello, I have several hosts sending logs to Splunk. These logs depends on the version of the software creating the...

by Engager in

How do you subtract values from an appended search?

I'm trying to run the below searches and get the subtracted value from them. However, the eval command is not giving ...

by Explorer in

In a query using the tstats command, how do you add a "not" condition before the 'count' function?

Hello, We use an ES ‘Excessive Failed Logins’ correlation search: | tstats summariesonly=true allow_old_summari...

by Communicator in

How do you join two fields with dedup?

Hello folks, Trying to figure out how to go about joining 2 fields with a dash but only if they don't have the sa...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

how to calculate starttime and Endtime duration

View the parameters, e.g. from limits.conf using the search

Limit Users search

Regex help

Regex issue

mvexpand multiple multi-value fields [MACRO BASED SOLUTION]

Systemd unit with pid tracking for Splunk

Help with regex

Did some math on a chart but need to take results to a timechart

Splunk Encoding Issue with Not Sign (¬)

How do you regex multiple keywords that are shown in a log?

Can you help me with input lookup, tstats, and visualization?

Can queued searches from users/roles be prioritized?

How do I filter out events from two separate event codes with similar fields?

Can you help me with a search involving multiple AND conditions in eval w/ if statement?

meaning of match("-24h@h","^\d")

Test if host sends the same logs

How do you subtract values from an appended search?

In a query using the tstats command, how do you add a "not" condition before the 'count' function?

How do you join two fields with dedup?

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...