Splunk Search

Discussions

Thread Info

How to compare events from two sourcetypes in the same index without using join

I am trying to track file transfers from one location to another. Flow: Files are copied to File copy location -> ...

by Path Finder in

See the results of Splunk alerts in a search.

I'm trying to optimize the alerts since I'm having issues. Where I work, it's somewhat slow to solve the problem (1 t...

by Loves-to-Learn Lots in

How to find empty indexes in Splunk Cloud?

I'm trying to create an alert that looks through a given list of indexes and triggers an alert for each index showing...

by Explorer in

Concatenating values from one field

How can we concatenate values from one field and put it in a new variable with commas. e.g If I run a search , I ge...

by Engager in

eval in stats with max

Hi at all, I have a data structure like the following: title1 title2 title3 title4 value ...

by SplunkTrust in

timechart count and stats count are not matching

I am using same index for both stats disctinctcount and timechart distinctcount. But the results from timechart is al...

by Communicator in

Account locked

there is a user lets say ABC and I want to check why his AD account is locked .

by Explorer in

How to send hard coded message as an email from Splunk

Hi Everyone, I need to send a hard coded message to the users just before every daylight savings of the year saying...

by Explorer in

Fuzzy Match Between Two LARGE Lookups

Hello, We have a lookup csv file: 1 million records (data1); and a kvstore: 3 million records (data2). We need to c...

by Builder in

How to get time from two different sourcetypes

I am trying to track file transfers from one location to another. Flow: Files are copied to File copy location -> ...

by Path Finder in

get the values in each line

Hi i have a below query where I'm calculating the total prod server count in first dataset and in second dataset I'm ...

by Engager in

Need help on Regex for a field

Hello, I am just trying to do a regex to split a single field into two new fields. The original field is: alert....

by Path Finder in

Splunk table query

I've piped a Splunk log query extract into a table showing disconnected and connected log entries sorted by time. N...

by Observer in

Combine two table searches into 1 to compare the results, but one has an inputlookup for inventory and the other is sear

I currently have 2 different tables where the first one shows the number of firewalls each location has (WorkDay_Loca...

by New Member in

want to add extra details to the number display

Would anyone be able to help me on one more thing please !!! I have a Number display dashboard which represent the...

by Explorer in

Regex matching in a Splunk search query that involves a lookup table

I have created a lookup table in Splunk that contains a column with various regex patterns intended to match file pat...

by Loves-to-Learn in

Want to ignore some fields

Hi Team, In below query I don't want to show up the result as "Up" in state_to field, I just want to see data wit...

by Explorer in

Intermittent log data ingestion with Packetbeat JSON file

Hello, I am experiencing intermittent log ingestion issues on some servers and have observed potential queue satur...

by New Member in

How to replace Join to search large data sets

I've been working on a search that I *finally* managed to get working that would look for events generated by a provi...

by New Member in

Time comparison different results in search and dashboar

Dear experts Why is the following line | where my_time>=relative_time(now(),"-1d@d") AND my_time<=relativ...

by Path Finder in

How to search and monitor Splunk user logins that are using LDAP based authentication?

I have been going through several answers about how to get and track user logons and logoffs. Tried many of the searc...

by Communicator in

data and lookup field problem

Hi All i have a csv look up with below data Event_Code AUB01 AUB36 BUA12 i want to match it with a ...

by Engager in

How do you parse two time formats in Splunk?

The first time format is Fri Dec 21 11:17:30 2018 the other one is 2018-12-21T11:17:31.051061 I was wondering...

by Engager in

Need help in some formatting the result

Hi Team, I am Firewall engineer and working on creation of some dashboard. I have created one dashboard whenever ...

by Explorer in

Sum values fields

How can I get the total sum of the Duration fields? Regards.

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to compare events from two sourcetypes in the same index without using join

See the results of Splunk alerts in a search.

How to find empty indexes in Splunk Cloud?

Concatenating values from one field

eval in stats with max

timechart count and stats count are not matching

Account locked

How to send hard coded message as an email from Splunk

Fuzzy Match Between Two LARGE Lookups

How to get time from two different sourcetypes

get the values in each line

Need help on Regex for a field

Splunk table query

Combine two table searches into 1 to compare the results, but one has an inputlookup for inventory and the other is sear

want to add extra details to the number display

Regex matching in a Splunk search query that involves a lookup table

Want to ignore some fields

Intermittent log data ingestion with Packetbeat JSON file

How to replace Join to search large data sets

Time comparison different results in search and dashboar

How to search and monitor Splunk user logins that are using LDAP based authentication?

data and lookup field problem

How do you parse two time formats in Splunk?

Need help in some formatting the result

Sum values fields

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...