Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How many time a string occurs in a transaction and not the number of events that string appear

Hi, I've got a machine splitted in two unit A and B who gave me their state of preparation and their Failure level...

by Path Finder in

How to change service.jobs.oneshot to return unlimited number of rows in its result set?

I have a Python script to run nightly and extract data using Splunk REST API. Here is the code: kwargs_oneshot = {...

by Path Finder in

How to backup the search queries of a user/admin in splunk ?

How to backup the search queries of a user/admin in splunk ? How to backup all the search queries of a user or admin ...

by Engager in

Comparing fields in searches to find common values

Hello All, I have some data here with which i need to find out which is the most vulnerable ip address from the dummy...

by Communicator in

Finding when a set of AD users were disabled.

Hello, I am trying to figure out how to find when a set of users were disabled in AD. We have the app MS Windows ...

by New Member in

Remove rows without result from timechart count query

Hello, I have the following query: sourcetype=access_* action="purchase" | timechart count by productName usenull=f ...

by Explorer in

Difference between rows of query result

Jan-1 100 60 87 78 86 545 53 509 56 545 656 Jan2 110 60 87 78 86 545 53 509 56 545 656 Jan-3 111 60 87 78 86 545 53 ...

by Contributor in

Tstats events restriction / from command time range

Hi all, I have a bit complicated question. I tried to use "tstats count" command to check if there are events in ...

by Contributor in

The date has special characters in my logs which is which the timestamp parsing is incorrect. could someone help me identify the conf changes needed to capture the timestamp?

The log file of UTF-16LE is fetched in batch mode, but LRM (Left-to-Right Mark) is included in the date part in the l...

by Path Finder in

How to stack all error codes per endpoints from a table?

Context: Each or transactions has its unique RequestId, and in Splunk search, we will have multiple rows with the sam...

by New Member in

Using Active Directory group membership as sub search to user logon search

I am trying to use an ldapsearch as input to a seach which will list AD user logons. Both parts of the search work in...

by Explorer in

_time not same as data timestamp

hi! I have to create an area chart where it shows the actual and the target part count of the machine. I am using tim...

by Communicator in

Why is the 'foreach' command losing event data?

I'm running Splunk 6.2. I'm dealing with events that have varying amounts of multivalue fields (some events have one,...

by Path Finder in

How can I group results without duplicates?

Hi This is my command to find the number of times an authentication has been rejected. But I would like to be able...

by Communicator in

Help using eval case statement using wildcards

I'm trying to create a new field for category based off values in my existing 'message' field. index=network sour...

by Communicator in

Splunk Enterprise free not shows events

Hi team, I'm using Splunk 7.2.6 free. Adding data from by file (the sample datafile downloaded from Splunk tutorial) ...

by New Member in

Date range on inputlookup search

Hi I'm trying to do an inputlookup search with a specific date range of the last 6 months, but am not having any succ...

by Engager in

Searching for the absence of events

I'm looking for an efficient way to find events that have not been indexed. Given a sequentially increasing number (r...

by Path Finder in

splunkd died every day with the same error

splunkd died every day with the same error FATAL ProcessRunner - Unexpected EOF from process runner child! ERROR Pro...

by Explorer in

splunk query to list if anyone removed logs from unix server(syslog servers)?

Base query :- sourcetype=syslog How can I or where can I find if anyone removed any log files on unix syslog serve...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How many time a string occurs in a transaction and not the number of events that string appear

How to change service.jobs.oneshot to return unlimited number of rows in its result set?

How to backup the search queries of a user/admin in splunk ?

Comparing fields in searches to find common values

Finding when a set of AD users were disabled.

Remove rows without result from timechart count query

Difference between rows of query result

Tstats events restriction / from command time range

The date has special characters in my logs which is which the timestamp parsing is incorrect. could someone help me identify the conf changes needed to capture the timestamp?

How to stack all error codes per endpoints from a table?

Using Active Directory group membership as sub search to user logon search

_time not same as data timestamp

Why is the 'foreach' command losing event data?

How can I group results without duplicates?

Help using eval case statement using wildcards

Splunk Enterprise free not shows events

Date range on inputlookup search

Searching for the absence of events

splunkd died every day with the same error

splunk query to list if anyone removed logs from unix server(syslog servers)?

Splunk Observability Cloud | Customer Survey!

Happy CX Day, Splunk Community!

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

Field EventDescription and Splunk Add-on for Sysmo...

searching for specific result

How to Add Datamodel Fields in Search and Reportin...

AD servers with indexing delays when evt_resolve_a...

Using comparison function within mstats