Splunk Search

Discussions

Thread Info

excluding holidays and weekends a count of days with events and a count of total days excluding weekends and holidays

I need to get a count of possible days an event could be happening while excluding weekends and holidays, for example...

by Path Finder in

Is it possible to perform bitwise operations on values in the eval function?

In the following query I'm trying to get the logical AND of two numbers: * | head 1 | eval x=2 | eval y=2 | eval ...

by Explorer in

Building query to detect blackhole Exploit Kit traffic

So, I've been logging traffic from my malware analysis sandbox looking for ways to develop a query to identify hosts ...

by Explorer in

How can I write a search to find lost connections with hosts?

Greetings, I am using a syslog setup for my data source. I am trying to create a way to search for lost connection...

by New Member in

Cannot put a date string into outputcsv filename argument

I want to run a report each hour, this report returns a single row. I want to create a separate csv file for each day...

by Path Finder in

How to filter out fields from my search that contain a dash "-" as a value?

I'm creating a dashboard that displays event "headers" for certain events, and a drill down search that will display ...

by Explorer in

How do I edit my search to remove specific substrings from URI values in my results in statistics tab?

I wrote a search which gives the result below in the statistics tab: URI Count HTTPS://XXXXXXXX//AAAA.aspx%3FUI...

by New Member in

How do I extract key value pairs from a field in a log file that has XML content?

Hi All, I have log file which has XML content in one of the fields and I need to extract its key value pairs. Can ...

by Contributor in

Is there a way to use structured field extraction (PSV in this case) that works with multiline field values?

Hi There, I have been trying with no luck today to do a structured field extraction using the "Add Data" function ...

by Explorer in

How to define cell colours in the "Lookup File Editor"?

Hi, how can I define cell colours for a csv in the lookupeditor as shown here? http://lukemurphey.net/projects/...

by Motivator in

How to edit my search to find the number of retention days (frozenTimePeriodInSecs/86400) for a specific index?

I have the following search to calculate the RetentionDays of all the indexes in a cluster, but I'm unable to fetch t...

by New Member in

How to convert time to seconds in my search?

Using this search to show the average runtime by a jobname selected from a drop-down menu. The time right now shows u...

by Communicator in

How do I expand rows in a lookup into columns?

Hi Still learning the language. Hopefully this is a simple one. I have a lookup that displays as Computer1 ...

by Engager in

How to edit my search to only return results that exceed a certain count within a time window?

I would like to issue the following search, but only get results that exceed a count within a time window. I see how ...

by Path Finder in

Is there a way to zoom back in after zooming out on the timeline?

I noticed there's no "zoom in" or "undo" option, after zooming out on the timeline. Is there an easy way to get back ...

by Splunk Employee in

How do I combine my two searches to graph two different fields in one graph?

Hey guys, I'm trying to create a graph which calculates the number of logs that fit the text critieria I am search...

by Path Finder in

Why are events not returned for a search on a search-time extracted field?

We have a field extraction in apps/search/local/props.conf like this: [my_glog_kv] ... EXTRACT-my_glog_kv = ^(?<se...

by Path Finder in

Regex help in filtering machines that were not compliant that now are....

I have events that detect compliance of machines via forescout data (we don't have the app installed) and I'd like to...

by New Member in

How do I separate the results of a transaction to separately show each event?

Hi at all, I have to separate the results of a transaction to separately show each event. I'd like to do this beca...

by SplunkTrust in

If I only need fields "Target Account Name" and "Subject Account Name", how can I write a search to exclude other fields from the list?

For example: Message: An attempt was made to change the password Subject: Security ID: ABC/DEF A...

by New Member in

Splunk Search

Discussions

excluding holidays and weekends a count of days with events and a count of total days excluding weekends and holidays

Is it possible to perform bitwise operations on values in the eval function?

Building query to detect blackhole Exploit Kit traffic

How can I write a search to find lost connections with hosts?

Cannot put a date string into outputcsv filename argument

How to filter out fields from my search that contain a dash "-" as a value?

How do I edit my search to remove specific substrings from URI values in my results in statistics tab?

How do I extract key value pairs from a field in a log file that has XML content?

Is there a way to use structured field extraction (PSV in this case) that works with multiline field values?

How to define cell colours in the "Lookup File Editor"?

How to edit my search to find the number of retention days (frozenTimePeriodInSecs/86400) for a specific index?

How to convert time to seconds in my search?

How do I expand rows in a lookup into columns?

How to edit my search to only return results that exceed a certain count within a time window?

Is there a way to zoom back in after zooming out on the timeline?

How do I combine my two searches to graph two different fields in one graph?

Why are events not returned for a search on a search-time extracted field?

Regex help in filtering machines that were not compliant that now are....

How do I separate the results of a transaction to separately show each event?

If I only need fields "Target Account Name" and "Subject Account Name", how can I write a search to exclude other fields from the list?

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!

Submit Now! >

splunk search query for last 6 months day wise p...

How to update a lookup file in Splunk from Phantom...

Unknow command (__f!=v) in search log at job inspe...

o365 admin center workload

How to colllect avgLoad1m for each cpu core in lin...

Splunk Search

Discussions

Don't miss your chance to share your Splunk wisdom in-person or virtually at .conf21!Call for Speakers hasbeen extended throughThursday, 5/20! Submit Now! >

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!

Submit Now! >