Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

need help with showing eval in stats

so I have this query (host=pnr-proxy-prod* OR host=master*.menlosecurity.com* OR host=pnr-webui-prod*) (source=*...

by Path Finder in

Is the "type" field removed from Splunk metrics in 6.6?

So we have this query: index=_internal type=Usage st!=splunk_metrics earliest=-1d@d latest=-0d@d | bucket _time ...

by Builder in

How to create an alert if there are more than 5 login_id(s) associated to any unique sourceIP

I have an app behind a WAF, and I am looking at the WAF logs to see how many unique login IDs are coming from a singl...

by Builder in

Lookup and powershell command

hi i want to use the powershell code below in order to know if the computer ping or not PS C:> Test-Connection -Co...

by Motivator in

how can test my search query to make sure splunk is giving correct output

I want to test the data retrieved by Splunk query. How can I validate the results.

by New Member in

How to find peak time and the low time of the requests with the span of every hour?

Hi Team, I like to find the peak time of the success requests (http_status=200) and also the least time of the reques...

by Engager in

How to create a case statement with NOT LIKE option?

| eval usage=case(like(_raw,"%FirstClass%"),"A_Grade",like(_raw,"%SecondClass%"),"B_Grade",like(_raw,"%ThirdClass%"),...

by Contributor in

Multiple average time calculations in a single search for Trellis Display

This is my log format. { servicename: ServiceOne end.timestamp: 20000 start.timestamp: 19920 } { ...

by Path Finder in

How to use Collect to push the Host, Source and Sourcetype from the Original index ?

I want to use the collect command and want to push the Host, source and source-type coming from the Original index. ...

by Explorer in

How can I use lookup as a filter?

Hello When the value of lookup equal to result of event = do not show that event. How to create kinda search?

by Builder in

How can I snap to the last second of the month?

I'm looking through time specifiers in Splunk doc. I don't see how I can snap towards the end of month. If I do this:...

by Contributor in

Why is the Drilldown not working?

When I use the below drilldown query without eval its working fine and I'm getting the result as expected. But when I...

by Builder in

Efficient way of extracting data from different log files

Hi I have three log files which provide information for file transmission. The File transmission information is i...

by Path Finder in

How can I convert column value to column?

I have the following output from my query: **Search Query** | eval DateHour=year."-".month."-".day."-".hour | char...

by Explorer in

Most efficient way to exclude two fields from a lookup

Hi, Whats the most efficient way to use a lookup table within a query to exclude results where 2 fields exist, i.e...

by Path Finder in

Search query taking ages to finish in Splunk 7.0.1

Hello, I have upgraded Splunk Enterprise to 7.0.1. One of the search query is taking ages to finish it. Same query...

by Builder in

Extracting the data from Table

Hi All, I am new to SPLUNK and building dashboards and I have requirement to count the records from the table No ...

by New Member in

Trellis Display of two values?

I am currently using a trellis layout successfully for a timechart. These show activity today. I'm interested in havi...

by Builder in

Forwarder throughput - Metrics vs TSTATS

We are having issues with a OPSEC LEA connector. The Checkpoint firewall is showing say 5,000,000 events per hour. ...

by Path Finder in

Search Events with "\" character

I was making some SQL dashboard and i can't use some variables cause one of them is the kerberos USER that comes like...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

need help with showing eval in stats

Is the "type" field removed from Splunk metrics in 6.6?

How to create an alert if there are more than 5 login_id(s) associated to any unique sourceIP

Lookup and powershell command

how can test my search query to make sure splunk is giving correct output

How to find peak time and the low time of the requests with the span of every hour?

How to create a case statement with NOT LIKE option?

Multiple average time calculations in a single search for Trellis Display

How to use Collect to push the Host, Source and Sourcetype from the Original index ?

How can I use lookup as a filter?

How can I snap to the last second of the month?

Why is the Drilldown not working?

Efficient way of extracting data from different log files

How can I convert column value to column?

Most efficient way to exclude two fields from a lookup

Search query taking ages to finish in Splunk 7.0.1

Extracting the data from Table

Trellis Display of two values?

Forwarder throughput - Metrics vs TSTATS

Search Events with "\" character

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

How to extract all the multi-values in excel?

How to convert a large number to string with expre...

Need help on Dashboard related issue?

Why does Walklex return spaces before some of the ...

Why won't Walklex timespan follow time specificati...