Splunk Search

Ask a Question

Discussions

Thread Info

Need an help to create a SPL's.

Hi, Could any one pls figure out from these below logs to achieve the use case like when we launch rdp,proxy from s...

by Builder in

Checking specific index data for large server list

Hi all, I have list of 3k+ servers for which i want to check data flow from specific index. How can i do this with ...

by Path Finder in

Calculate Percentage of status code for 200 by _time

I want to calculate the Percentage of status code for 200 out of Total counts of Status code by time. I have written ...

by Explorer in

How to create summary index?

I have a dashboard which contains 5 panels in table format.Query for panel1:index=xxxx sourcetype=xxxxx stroage_name...

by Path Finder in

best/fastest way to match results from two sets of data in the same index

I have an index that is receiving JSON data from a HEC, but with 2 different data sets and about 2M per day:DS1{guid:...

by Path Finder in

Return on certain field values in my search

Hi Community, I'm fairly inexperienced when it comes to anything other than quite basic searches, so my apologies i...

by Engager in

information about Splunk audit events

Hi at all, I need to create some Correlation Searches on Splunk audit events, but I didn't find any documentation a...

by SplunkTrust in

How to extract Title from this XML data

Hello I have a very long xml record that I am trying to spath some data from but I cant seem to get it to work. Can...

by Path Finder in

Possibility to extend the hover description

Hello everyone, I am still relatively new to Splunk. I would like to add an additionalTooltipField to my maps v...

by Loves-to-Learn in

Output of one String as an input to another search

I have this query which is working as expected. There are two different body axs_event_txn_visa_req_parsedbody and ax...

by Explorer in

Performing Set operation using splunk query

Hi , I have two queries, that have a common field someField one helps me find inconsistencies: sourcetype="...

by Loves-to-Learn in

Splunk lookup (not inputlookup) and cidr matching

Hello,I have a search that's coming back with 'src' which is the source IP of a client, and I have a lookup file cal...

by Explorer in

How Can I search retrospectively in splunk

I am working on building a query to search retrospectively and potentially run a report. Let's say the first search...

by Loves-to-Learn in

metrics-toolkit

We are using splunk metrics-toolkit app to check the logs. created two indexes 1.metrics 2. platform_benefits and o...

by New Member in

Query should return last/latest available data when there is no data for the selected time range

by Explorer in

Need help with json spath search

Hello, I have seen a few of the spath topics around, but wasn't able to understand enough to make it work for my d...

by Contributor in

Having a base64 decoding problem in Splunk 9- How to decode Idap-events?

After installing splunk 9 we have a problem with decoding ldap-events. We tried several apps but none of them gave us...

by Contributor in

How can I represent the stats for 5 minutes before and the top of the hour?

I am looking to represent stats for the 5 minutes before and after the hour for an entire day/timeperiod. The search...

by Path Finder in

search stats

Hi, I have a log with several transactions, each one have some events. All event in one transaction share the same...

by Engager in

using lookup without common field

Hi Splunkers, I'm having a lookup country_categorization, which have the keyword and its equivalent country, we ...

by Contributor in

Extracting a multivalue key-value pair to multivalue field for lookup

Hello, As I want to get my email events CIM compliant, I have trouble parsing a "disposition" key-value pair. Exa...

by Loves-to-Learn Everything in

Can you help me build a search query for checking the latest version of Splunk Enterprise?

Hello all, I know that Splunk regularly checks for Splunk Enterprise and app updates. There is the "New (maintenan...

by Motivator in

Variance or Average Delta Between MV Field of timestamps

I'm trying to calculate the variance and delta between a multivalue field that contains epoch timestamps. The purpose...

by New Member in

Find nearest value in numeric multivalue field to other numeric field

I have events with a numeric field "Amount" and a field "User". In a KV Store collection I keep the Amount history va...

by New Member in

Date and Time fields from the string

I have a "myfiled" for the last update in format 2020-11-25T11:40:42.001198Z.I want to create two new fields UpdateDa...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Need an help to create a SPL's.

Checking specific index data for large server list

Calculate Percentage of status code for 200 by _time

How to create summary index?

best/fastest way to match results from two sets of data in the same index

Return on certain field values in my search

information about Splunk audit events

How to extract Title from this XML data

Possibility to extend the hover description

Output of one String as an input to another search

Performing Set operation using splunk query

Splunk lookup (not inputlookup) and cidr matching

How Can I search retrospectively in splunk

metrics-toolkit

Query should return last/latest available data when there is no data for the selected time range

Need help with json spath search

Having a base64 decoding problem in Splunk 9- How to decode Idap-events?

How can I represent the stats for 5 minutes before and the top of the hour?

search stats

using lookup without common field

Extracting a multivalue key-value pair to multivalue field for lookup

Can you help me build a search query for checking the latest version of Splunk Enterprise?

Variance or Average Delta Between MV Field of timestamps

Find nearest value in numeric multivalue field to other numeric field

Date and Time fields from the string

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

AppDynamics is now part of Splunk Ideas

Advanced Splunk Data Management Strategies

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...