Splunk Search

Ask a Question

Discussions

Thread Info

Extraction of Multiple events (URLS and IP addresses) from text files

Hi, We receive daily emails with lists of IOC's for malware and phishing alerts, each email may contain multiple i...

by Path Finder in

How to apply predict command on multiple fields returned by timechart command?

Hello @kamlesh_vaghela, This is with regards to your solution posted on the below thread: - https://community...

by Contributor in

Search in square brackets

I don't understand how this works, what should replace the square brackets in this situation or what does the search ...

by Explorer in

Passing Multiselect macro input token to search

Hi Splunkers! I would like to pass two macros as a token to a base search when multiple values in multiselect is sel...

by Contributor in

Performant way to use "dedup" with group by

I basically have the opposite question as can be seen here: https://community.splunk.com/t5/Splunk-Search/How-to-us...

by Path Finder in

what is the difference between summary indexing and data models?

Hi  i'm new hier and i still don't understand the difference between summary indexing and data modeling. When ...

by Engager in

How extract the lines as failures from logs using splunk

index=os source="/var/log/bitbucket" host=servera* Failedand evaluate them as failed packages to install. Failed:pyt...

by Explorer in

How to display panels dynamically depends on selection ?

Hi All, I am working on analyzing processing time among 10 devices and categorize all the evnets into 3 categories,...

by Path Finder in

How to calculate distinct count with condition?

Hello,How to calculate distinct count with condition?How to calculate unique vuln that has score >0, group by ip?Befo...

by Builder in

How to hide a field of a table but keep it for separate search?

How to hide a field of a table but keep it for separate search? Thank you for your helpFor example: field "id" exi...

by Builder in

Extracting sub fields or sub string in multiline log.

Good mornign All, I have several logs with fields which have sibfield. I would like to be able to extract the subfi...

by Loves-to-Learn Lots in

Need an SPL to find the threshold for the domain

Hi, I need an spl to find the threshold for the respective domains.index=ss group="Threat Intelligence"| stats val...

by Builder in

Count distinct instances of a field which is an arbitrary structure

Say I have events of the form: { something: "cool", subfield: { this: "may contain", arbitrary:...

by Explorer in

Frequency analysis on names in splunk

Is there a built-in solution in splunk that does the frequency analysis (for ex. on domain names) ? There is a solu...

by Loves-to-Learn in

Need to remove T and Z from output timestamp

I am trying to remove T and Z from the output timestamp results. Can you please help me with the query to remove and...

by Explorer in

Calculate duration sum of consecutive events with other events in between.

Haven't been able to find this, but I want to basically calculate up time percentage for a host based on 2 unique eve...

by Path Finder in

Set up an alert whenever a host stops sending logs to Splunk

Hello, I have a lookup where all the hostnames are available under the field called "title" with respect to teams.I...

by Motivator in

Remove only fields that do not have suffix

Basically I have a search with a lot of fields, similar to this example: | makeresults | eval aa1=1, aa...

by Path Finder in

help on splunk field aliases not visible

hello I have a admin role when I create a field alias, I can see it in the props.conf file but when I run ...

by Motivator in

Drop some json fields according to their values

Hi all, I have a forwarder in my cluster and it sends events to the indexers. The events are json formatted and I w...

by Path Finder in

Splunk GUI seperating event

From splunk user we are receiving logs but when it comes to Splunk search head its splitting into different events ...

by Loves-to-Learn in

Activating Hyperlinks in a table based on the fields of the table (Dashboard Studio)

Hello, I have a table with a column recording the ID, I want to make each ID in the table a Hyperlink and cl...

by Loves-to-Learn in

Algorithm to search multiple related events based on set of words

Hello Splunkers, I’m looking for the best algorithm to search for events. with the below criteria. I have a looku...

by SplunkTrust in

Extract jSON formated data

below is the sample json log content the main filelds are default extracts but the nested aren't. Please help to extr...

by Explorer in

I need help with rex ad DN field.

my DN field value "cn=jsuwus, jkhzdhkjc,ou=sdsfefv accounts,ou=ffdsrew users,dc=hgsywy,dc=tre,dc=hyt,dc=kuhytr"I need...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Extraction of Multiple events (URLS and IP addresses) from text files

How to apply predict command on multiple fields returned by timechart command?

Search in square brackets

Passing Multiselect macro input token to search

Performant way to use "dedup" with group by

what is the difference between summary indexing and data models?

How extract the lines as failures from logs using splunk

How to display panels dynamically depends on selection ?

How to calculate distinct count with condition?

How to hide a field of a table but keep it for separate search?

Extracting sub fields or sub string in multiline log.

Need an SPL to find the threshold for the domain

Count distinct instances of a field which is an arbitrary structure

Frequency analysis on names in splunk

Need to remove T and Z from output timestamp

Calculate duration sum of consecutive events with other events in between.

Set up an alert whenever a host stops sending logs to Splunk

Remove only fields that do not have suffix

help on splunk field aliases not visible

Drop some json fields according to their values

Splunk GUI seperating event

Activating Hyperlinks in a table based on the fields of the table (Dashboard Studio)

Algorithm to search multiple related events based on set of words

Extract jSON formated data

I need help with rex ad DN field.

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services

How to check MQ reconnects after a connection is d...

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown