Splunk Search

Ask a Question

Discussions

Thread Info

Multiple capture groups not capturing

I have the following log structure: 2023-11-25T21:18:54.244444 [ info ] I am a log message request = GET...

by New Member in

Alien Vault Check OTX

Hello I have installed the add-on "Alien Vault Check OTX". I would like to know if out of this command where I ca...

by Builder in

Find the number of days between the earliest and latest event.

I need help with an employee travel analysis report.I have an index containing information about employee office chec...

by Path Finder in

Optimizing Splunk Search Query without Using Joins and Subquery due to Record Limitation

Hello Community, I'm seeking some guidance with optimizing a Splunk search query that involves multiple table s...

by New Member in

Compare 2 searches and Update Lookup Table and Rows

Hi All, I am trying to do a search to compare 2 different sources. Firstly, I created a lookup to catch some rules ...

by Loves-to-Learn Lots in

splunk wildcard search

I am very new to SPLUNK and practicing using the botsv1 index. I need to use a "Wild Card" to find all the password...

by Explorer in

not relevant

by Path Finder in

Rex extract not working

Hi, I have my messages like belowmsg: abc.com - [2023-11-24T18:38:26.541235976Z] "GET /products/?brand=ggg&market=ca&...

by Engager in

Users with the same roles, in the same app, and same search, are getting different results from AWS logs

The search they are running is index=* cloudtrail<bucketnumber>* across a 7 day period.Environment Detai...

by Path Finder in

Extracting fields from logs where a particular field sometimes does not exist

Hi all, looking for help with how I can extract all available fields in a set of logs where a particular field some...

by Explorer in

Categorize range of status values and calculate count

We have range of statua from 200 to 600. Want to search logs and create a output in below sample for range as 200 to ...

by Engager in

How to add a line break to the eval condition?

I have an eval condition as below in my search: | eval body= username. " user attempted to delete " . activity_cou...

by Builder in

inputlookup with fuzzy matching

Hello, I'm building a query which matches entries in an inputlookup table against a set of log data. The original w...

by Explorer in

Using the dedup command

How do I count the number of unique recipients of each type of unique attachment from emails. The same user could rec...

by Engager in

How do you change a span of 1 week time to start from Saturday to friday?

I have data and I need to visualize for a span of 1 week. I.e: it takes data from Sunday to Saturday. But, I want ...

by Builder in

Can I use CIDR in the deployment server?

Is is possible to specify a client group using a CIDR pattern to simplify app deployment to a network segment?

by Super Champion in

Add a day counter to a list/table.

Hello I am trying to add some logic/formatting to my list of failed authentications.Heres my search query.| tstats su...

by Engager in

How to concatenate fields from JSON

I have an inputlookup table, in this lookup table there is a JSON array called "Evidence" There is two field I woul...

by Engager in

Not all fields in log line extracted

Hi, I have two problems with a log line. 1) I have a log line that occasionally is inserted. It is a schedu...

by Communicator in

I have a field from one query that gets appended with another field coming from second query.How do I filter those value

I am appending results from below query,which will display difererent objectypesuppliedMaterial: ...

by Path Finder in

long base search does not work in drop down list?

Hello,Why does long base search not work in drop down list?For example if the base query on id="StudentName" has a lo...

by Builder in

Email count

How do I count the number of emails from a search but only get recipients that received ten or more emails?

by Engager in

Incomplete UserID

How to I eliminate partial user id characters coming out of a search query? Here are examples of incomplete userIDs...

by Explorer in

can we increase lookup table maximum matches to 2000?

Lookup table max match can be 1 to 1000, I want to increase it to 2000. Is it possible? When I increase the max_match...

by Explorer in

How to apply regex to lookup table field?

Hello All, I have a lookup file with multiple fields. I am reading it using inputlookup command and implementing so...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Multiple capture groups not capturing

Alien Vault Check OTX

Find the number of days between the earliest and latest event.

Optimizing Splunk Search Query without Using Joins and Subquery due to Record Limitation

Compare 2 searches and Update Lookup Table and Rows

splunk wildcard search

not relevant

Rex extract not working

Users with the same roles, in the same app, and same search, are getting different results from AWS logs

Extracting fields from logs where a particular field sometimes does not exist

Categorize range of status values and calculate count

How to add a line break to the eval condition?

inputlookup with fuzzy matching

Using the dedup command

How do you change a span of 1 week time to start from Saturday to friday?

Can I use CIDR in the deployment server?

Add a day counter to a list/table.

How to concatenate fields from JSON

Not all fields in log line extracted

I have a field from one query that gets appended with another field coming from second query.How do I filter those value

long base search does not work in drop down list?

Email count

Incomplete UserID

can we increase lookup table maximum matches to 2000?

How to apply regex to lookup table field?

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

Logs to Metrics

Developer Spotlight with Paul Stout

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown