Splunk Search

Discussions

Thread Info

Is anyone monitoring user permissions/access to SharePoint / Office365 sites and files?

Hello, We currently have a use case to examine the permissions/access associated with a users Office365 or SharePoint...

by Explorer in

Dashboard panels: what's the proper use of the splunk admin_all_objects capability vs. read permission settings?

When I give admin_all_objects to a role, that role can also edit the permissions of the dashboards, but when I remove...

by Path Finder in

How to assign dates using eval

Hi, Here I want to assign Initial_L1_Decision_Date dates to Queue_to_Initial_L1_Days. There are some dates for Initi...

by Explorer in

Event Type vs Tags for multiple events

I am looking to create a way to track multiple types of events across different sources. For example, where 'web' is ...

by Explorer in

Lookup a value based on a position in the string field

I have a string of status codes per component, something, like this: 0113000000000000000 To determine what this me...

by Explorer in

Get Day of Week from Created Date Field through extraction

I have extracted a field from log files that is called file_Date and it is in the format "8/1/2017". How do get the d...

by Path Finder in

How to create a sum of counts variable

I have a query that ends with: | eval error_message=mvindex(splited,0) | stats count as error_count by error_messa...

by Path Finder in

Need help editing my search string so it displays correctly on visualization chart

Below is my search string: | multisearch [search index="*" host="*" sourcetype="*" user="*" useradd "type=ADD_GRO...

by Explorer in

Two fields are not populating, not sure why

Hello, For some reason my SEVERITY, and CATEGORY field aren't showing any value.. Can anyone see why? index...

by Path Finder in

Only show transactions that don't contain a certain value

This may have been asked before, but I'm having trouble finding it. I have weblogs that I've sliced into transacti...

by Explorer in

Why and when is Splunk differing between canceling and queuing searches?

Hi, I'm wondering why (and when) there is a different handling when a lot of searches are running at the same time...

by Motivator in

timechart but only for the top 5

I want to use timechart to show a graph of the progress of an item so I use this command | timechart span=1w count...

by Motivator in

Lookup in column A, grab value from column B, compare to a field in search result and don't display if values match?

Hey guys, I have a search that gives me a login from a country along with the user and the user's "work country". Unf...

by Path Finder in

_time field extraction

I found that the _time field in my event was a bit unusual 19756;10;7;mik;security;2017-08-04 10:57:33;test（201707...

by Engager in

Multiple login from same source ip with dynamic source ip

I am trying to implement security use case to detect Multiple login from same Source IP. Source IP is dynamic, every ...

by Explorer in

Values on the bar chart

Can we add the values to the bar chart items that have been plotted?

by New Member in

Combining search statements

For each subject in the search sentence, the count number is displayed. In addition to the information currently bein...

by Explorer in

How to make a search sentence

For each subject in the search sentence, the count number is displayed. In addition to the information currently bein...

by Explorer in

Route events to different indexes based on calculated field or lookup field

Hello, I'm in a distributed/cluster scenario (SH, Indexers, ...) and would like to route events in different index...

by Path Finder in

Grouping fields in a search: How do I apply conditional logic to the results to assign new values?

I have a table that has UserID, device, and classification (1,2,3). A UserID can have multiple devices and a device c...

by Path Finder in

How do I write a regex command that extracts the username and replaces the appending -*a with @company.com?

I have a search query that finds users whose accounts have been locked out and then sends them an email saying so. Th...

by Explorer in

Sparkline and a Timechart Table

I'm attempting to add a Sparkline to my transposed, timechart statistics table. I read that sparkline only works for ...

by Explorer in

How to modify my search to add a column that sums CostPerDay field for each Feature field?

Hello all, First thanks for the participation in this forum, many of your older solutions have helped greatly in m...

by Path Finder in

how copmare two table values in one visualisation charts?

I have 2 tables with energy spent values by month of years, one for 2015 other for 2016. Can I put two table values i...

by New Member in

Hide Panel Not Working Version 6.5

Hello, Hoping for some help with this. We have a Dashboard that was working, at least that's what I was told, one of...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Is anyone monitoring user permissions/access to SharePoint / Office365 sites and files?

Dashboard panels: what's the proper use of the splunk admin_all_objects capability vs. read permission settings?

How to assign dates using eval

Event Type vs Tags for multiple events

Lookup a value based on a position in the string field

Get Day of Week from Created Date Field through extraction

How to create a sum of counts variable

Need help editing my search string so it displays correctly on visualization chart

Two fields are not populating, not sure why

Only show transactions that don't contain a certain value

Why and when is Splunk differing between canceling and queuing searches?

timechart but only for the top 5

Lookup in column A, grab value from column B, compare to a field in search result and don't display if values match?

_time field extraction

Multiple login from same source ip with dynamic source ip

Values on the bar chart

Combining search statements

How to make a search sentence

Route events to different indexes based on calculated field or lookup field

Grouping fields in a search: How do I apply conditional logic to the results to assign new values?

How do I write a regex command that extracts the username and replaces the appending -*a with @company.com?

Sparkline and a Timechart Table

How to modify my search to add a column that sums CostPerDay field for each Feature field?

how copmare two table values in one visualisation charts?

Hide Panel Not Working Version 6.5

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Buttercup Games: Further Dashboarding Techniques (Part 5)

Customers Increasingly Choose Splunk for Observability

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...