Splunk Search

Discussions

Thread Info

Manual Input Form

Hi all, Well a long night and day of reading about every post on forms and manual input to no avail. I'm looking f...

by Path Finder in

Where to place common python libraries

I have multiple alert actions in Python. I am trying to have the modalert helper for each action to load a common lib...

by New Member in

How can I eliminate similar results?

I have a query that is returning similar, but not exact results. In the example results below, I want to get rid of '...

by New Member in

Search Multiple Sourcetypes using different fields - return all rawevent information for all sourcetypes

I need help figuring out the best way to get the information I want in one query. I have indexA with sourcetypeA, ...

by New Member in

Working with boolean operations like an arithmetic operation.

Hello Everyone, I've just done a Splunk query that it required a lot of conditionals and I just wanted to use boolean...

by Communicator in

Conditional count using tstats

Is it possible to do a conditional count using tstats? I want to count specific event_type: (count if(event_type = 'x...

by New Member in

Is it possible to do a conditional count using tstats?

Is it possible to do a conditional count using tstats? I'm trying use the following which is the syntax that I would ...

by Builder in

How to configure the input for ADFS

Based on what I've found I configured the following inputs.conf in a test tier as follows: [WinEventLog://AD FS/Admin...

by Communicator in

Check to compare value with csv contents

I'm trying to build a pass/fail check to see if a machine already exists in a csv, as I have a dashboard with a text ...

by Communicator in

How to filter search results by lookup tables based on matching the fields and arithmatic conditions

I want to filter my search results based on lookup table. But the road block here is that I want not only to match fe...

by Explorer in

Timechart returns no data in smart mode, but does return data in Verbose mode

I have a problem with a query, that I'm trying to use on a dashboard. It works weird: sometimes it returns expected r...

by Explorer in

How to get at two fields from a subsearch that has a subsearch?

I am working with a search like this: dovecot [ search DHCPACK [ search host="airport*" "Associated with s...

by Explorer in

how can I get an aggregation like max() for multiple happenings over a diffenrent periods?

My results are in the following table: happening time_duration Aufnahme zaehler_anzahl 1 50.405 Tasche4 685 2 48.414 ...

by New Member in

How to extract below field from logs ?

Hello, I need to create a dashboard which shows error messages & its count over the time. i have a logfile like be...

by Path Finder in

How to create a dashboard which shows Error messages in X axis with the time span & Error Count in Y axis ?

Hello All, I have to create a real time dashboard which give insight on the different type of errors and how many ...

by Path Finder in

How to extract fields from events where the field location isn't constant and keeps changing?

I want to write a query or rex under field extraction, to extract each value following a string and stopping at coma,...

by Path Finder in

Extracting one field into multiple fields

I have some data that looks similar to the following: { Name: Record1 Tags: [ { Key: Tag1 Valu...

by Path Finder in

help with [Table values of Search 1] in Search 2 -- subsearch

I have a requirement where i got to see if the results of a Search1 with Index1 are available in search2 with Index2....

by Explorer in

Modify a wildcard based lookup to include real values to use in Lookup command? Can you improve this?

I am trying to use a wildcard based lookup table as part of a query that will get all non-wildcard based values so th...

by Builder in

top 10 vendors having high total volume and high failure

Hi All, My requirement was we needed to analyse issues with vendors who are failing to perform and for this, I ne...

by Explorer in

How many lookup tables can I use in one splunk query?

Can anyone please tell how may lookup table can I use in one particular Splunk query? Are there any restrictions?

by Motivator in

Why does geoIp database for Iplocation command doesn't provide information about country, city etc. for some IP's?

Hi, I have a table with list of Ip's and their respective locations but for few Ip's the Country and city regions ...

by Explorer in

Join on one to many with max=0 still only returns 1 row per match

This is the query: source=Audit earliest=-2d [search source=Audit | stats count by persistent_id | where count > ...

by New Member in

Loop through a particular field counting how many values there are for each value of said field

Hello all! I feel like this is a simple query and I just can't wrap my head around it. The data I'm searching thro...

by Engager in

How to create table based on TRUE result?

I'm trying to create a query that will show me {stuff} that's happening outside of 'typical' working hours (i.e. Sat/...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Manual Input Form

Where to place common python libraries

How can I eliminate similar results?

Search Multiple Sourcetypes using different fields - return all rawevent information for all sourcetypes

Working with boolean operations like an arithmetic operation.

Conditional count using tstats

Is it possible to do a conditional count using tstats?

How to configure the input for ADFS

Check to compare value with csv contents

How to filter search results by lookup tables based on matching the fields and arithmatic conditions

Timechart returns no data in smart mode, but does return data in Verbose mode

How to get at two fields from a subsearch that has a subsearch?

how can I get an aggregation like max() for multiple happenings over a diffenrent periods?

How to extract below field from logs ?

How to create a dashboard which shows Error messages in X axis with the time span & Error Count in Y axis ?

How to extract fields from events where the field location isn't constant and keeps changing?

Extracting one field into multiple fields

help with [Table values of Search 1] in Search 2 -- subsearch

Modify a wildcard based lookup to include real values to use in Lookup command? Can you improve this?

top 10 vendors having high total volume and high failure

How many lookup tables can I use in one splunk query?

Why does geoIp database for Iplocation command doesn't provide information about country, city etc. for some IP's?

Join on one to many with max=0 still only returns 1 row per match

Loop through a particular field counting how many values there are for each value of said field

How to create table based on TRUE result?

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6