Splunk Search

Discussions

Thread Info

Adding a column

Hi Splunk experts, I’m a Splunk beginner. I need help with a requirement. I have fields named 'location,' 'login,' ...

by Path Finder in

Set time using data in token

I made a graph that send time data at click point.I use "fieldformat" to change time data shown.This is my code about...

by Path Finder in

Use the '| from datamodel' command when the datamodel is configured as grandparent/parent/child.

I want to query the user dataset using the from datamodel command.I know how to use nodename in the tstat command. ...

by Loves-to-Learn in

Nested inputlookup with join or eval

My current search that is working is - | from datamodel:Remote_Access_Authentication | rex field=dest_nt_domai...

by Explorer in

tstats stopped returning data with summariesonly=true after adding _time field

Hi, We have a datamodel built against application data. All the tstats searches against the DM were running fine, i...

by Builder in

Streamlining with tstats

Hi all, im looking to create a dashboard to capture various info on or proxy data. I have a few simple queries ...

by Path Finder in

How to subtract filed values in a column

I have AWS Cloudtrail data and want to find out how long an EC2 instance was stopped. Is it possible to subtract the ...

by Explorer in

how to break down a record in multiple rows

I have a records that comes with multiple items in a single row. Is there a way i can break it down in a single row. ...

by Explorer in

Inputs Conf on Deployment Apps and HFs

Hi Splunkers, Have the following situation, and interested in another opinion:We have a distributed environment wi...

by Communicator in

How to calculate time difference?

I'm looking to get a difference between both times and create a 3rd field for the results (Properties.actionedDate - ...

by Path Finder in

In a search combine two-three field values(columns) into one field

Hi, I have an output like this - LocationEventNameErrorCodeSummaryserver1Mssql.LogBackupFailedBackupAgentErrorFai...

by Communicator in

Splunk health check monitoring using command line ?

Hi, is it possible to extract informations about Splunk System health check using command line ? For example ...

by New Member in

Is using index=proxy really bad?

Hello I have a question. We have lots of indexes, and rather than specify each one, I use index=*proxy* to search a...

by Path Finder in

Filtering

Hi Splunkers, I dont need the value in first line and need that value later in search to filter, so I tried tis ...

by Contributor in

splunk

lets say i have a query which is giving no result at present date but may give in future . In this query I have calcu...

by Contributor in

How to display top 5 and replace the rest with others?

How to display top 10 and replace the rest with others?I tried using top limit 5 with userother, but the number did...

by Motivator in

How can I search events based on another lookup file subsearch using like.

Hi,Would you mind to help on this?, I have been working for days to figure out how can I pass a lookup file subsearch...

by Explorer in

Time conversion for AWS Cloudtrail logs using strptime() and strftime() not working

My original time format in the search is eventID: d7d2d438-cc61-4e74-9e9a-3fd8ae96388d eventName: StartInstances...

by Explorer in

How to find all Dashboards, Reports and Alerts related to a specific index ?

Our Splunk instance is being overhauled and I need to update all of the content that has been built. We have some ind...

by Path Finder in

Tracking Field Changes in Events

Hello, I'm looking of your insights to pinpoint changes in fields over time. Events structured with timestamp, ID, ...

by Motivator in

How do I do a search on an inputlookup from data loaded from datamodel

My current serach is - | from datamodel:Remote_Access_Authentication.local | append [| inputlookup Domain ...

by Explorer in

Phishing emails

Hi, I want to create a search query that looks for users who have received phishing emails, clicked the link, or do...

by New Member in

create a field alias for _indextime

Hi everyone, I would want to ask if I can create a field alias for _indextime and _time then set this alias as a de...

by Engager in

Escaping special characters in text input

I have a very basic dashboard that requires my users to put in text inputs. These inputs are then outputted to a CSV...

by Contributor in

Help with Field Extraction

Here is my sample data; start=Dec 30 2023 06:07:47 duser=NT AUTHORITY\SYSTEM dvc=10.163.142.37I need to extract...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Adding a column

Set time using data in token

Use the '| from datamodel' command when the datamodel is configured as grandparent/parent/child.

Nested inputlookup with join or eval

tstats stopped returning data with summariesonly=true after adding _time field

Streamlining with tstats

How to subtract filed values in a column

how to break down a record in multiple rows

Inputs Conf on Deployment Apps and HFs

How to calculate time difference?

In a search combine two-three field values(columns) into one field

Splunk health check monitoring using command line ?

Is using index=proxy really bad?

Filtering

splunk

How to display top 5 and replace the rest with others?

How can I search events based on another lookup file subsearch using like.

Time conversion for AWS Cloudtrail logs using strptime() and strftime() not working

How to find all Dashboards, Reports and Alerts related to a specific index ?

Tracking Field Changes in Events

How do I do a search on an inputlookup from data loaded from datamodel

Phishing emails

create a field alias for _indextime

Escaping special characters in text input

Help with Field Extraction

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions