Splunk Search

Discussions

Thread Info

Is there a fast way to search all indexes to list just the index names and the date/time of the last event or update?

Is there a fast way to search all indexes to list just the index name and the time/date of the last event or update? ...

by New Member in

Is it possible to edit results directly in a table produced by a Splunk search?

Hi I want to edit fields after Splunk produces results in a table. Example search: index=info |table roll_nu...

by Explorer in

How to remove duplicates from results of two searches on two different fields that have some of the same values?

Hello ! I launch a search with append to put the results of two searches together on different fields, but then I ...

by Path Finder in

fast way to query all index's to list index names and the time/date of the last event or update

Is there a fast way to query all index's to list just the index name and the time/date of the last event or update? M...

by New Member in

How to write the regex with mode=sed in a search to mask part of credit card numbers?

I need help with one particular search for masking credit card numbers, but with this output 22222#######2222. I know...

by New Member in

How can I check for events from a host in a list of "critical hosts"?

I have a list of hosts; I need to see if these hosts appear anywhere in my Splunked events. It is a very long list, s...

by Legend in

How to edit my search to get the max count per hour?

Hi, I'm trying to get the system with the most number of logs (usage) for every hour. I did a search for: even...

by Path Finder in

How to write a search to output results where a field from my events match with a field in my lookup CSV file?

Hi, I have found many searches using lookup files, but none works correctly for me What is the correct search to g...

by Engager in

How to extract a string from each value in a column in my log?

hi, I have log with 3 columns ID....TYPE...... DESC 1.......A............Member Since Year-2015 2...... B.........

by Explorer in

How to group by text within a field

I am trying to group by text within a specific field. I'm essentially searching a message content field called event....

by New Member in

Anonymous users access to their data and view.

I am not sure if this is feasible and done before. We have anonymous users, each have their own sensors which gene...

by New Member in

How to display the difference between the results from two different searches?

I display two different graphs by using the following strings. "Sending" earliest=-7days | eval gigabytes=((bytes/...

by Explorer in

How to set up an alert to trigger if EventB from IndexB happens within 1 minute after EventA from IndexA?

I had a previous thread open, but since then I worked on the alert and refined some criteria. The alert is running of...

by Communicator in

How to include the time of each calculated "stats max()" in a table?

If I have a search of search|stats max(duration) by Action When I run the search, how can I add the time for ...

by Builder in

Why is my search producing error "Error in 'eval' command: The expression is malformed..."?

When I enter this search: sourcetype=win* (EventCode=4624 OR EventCode=4634)| stats latest(eval(if(EventCode=4624...

by Communicator in

Why am I unable to get a running total using the streamstats command in my search?

When I try the search to create a running total out of the streamstats documentation, it doesn't work. Nothing change...

by Path Finder in

How do I get Cache Hit ratio?

I have cache hit as well as cache miss reports, How do i get the ratio of cache hit i.e, cache hit / (cache hit + cac...

by Engager in

Why am I unable to convert a PerfmonMK memory value in bytes to kilobytes using eval?

I am collecting a PerfmonMK dataset that includes a memory value in bytes. I would like to display the value in KB. N...

by Path Finder in

How to create a search to find expected hosts that are not reporting to Splunk?

I'm looking to create a report that finds expected hosts not reporting to Splunk without using the Macro. Anyone have...

by Explorer in

How do I combine my two searches to get expected results?

Hi, Can someone help me? I have the searches below and need to be combine the two to display the expected results:...

by Explorer in

Python oneshot query to search for many values via API

I'm trying to run a search where I will get results if a field matches one of many predetermined values and I'm worri...

by Explorer in

How to disable search in a specified index for certain groups of users?

Hello. I have a simple question: I would like to have a specified index with sensitive data in it, however, I ...

by Explorer in

How to create a search to find a percentage using my data set and display this in a timechart?

First of all I am very new to splunk!  My data can be simplified to look something like this. Employee = (Unique...

by New Member in

How to use rex to extract Linux directory sizes and names?

I run a daily script on the server, du -sk, against a certain directory that contains 200 subdirectories and write th...

by Path Finder in

Aggregating fields in JSON array

I'm relatively new to Splunk queries. I have an event that contains JSON and within the JSON data is an array. There'...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Is there a fast way to search all indexes to list just the index names and the date/time of the last event or update?

Is it possible to edit results directly in a table produced by a Splunk search?

How to remove duplicates from results of two searches on two different fields that have some of the same values?

fast way to query all index's to list index names and the time/date of the last event or update

How to write the regex with mode=sed in a search to mask part of credit card numbers?

How can I check for events from a host in a list of "critical hosts"?

How to edit my search to get the max count per hour?

How to write a search to output results where a field from my events match with a field in my lookup CSV file?

How to extract a string from each value in a column in my log?

How to group by text within a field

Anonymous users access to their data and view.

How to display the difference between the results from two different searches?

How to set up an alert to trigger if EventB from IndexB happens within 1 minute after EventA from IndexA?

How to include the time of each calculated "stats max()" in a table?

Why is my search producing error "Error in 'eval' command: The expression is malformed..."?

Why am I unable to get a running total using the streamstats command in my search?

How do I get Cache Hit ratio?

Why am I unable to convert a PerfmonMK memory value in bytes to kilobytes using eval?

How to create a search to find expected hosts that are not reporting to Splunk?

How do I combine my two searches to get expected results?

Python oneshot query to search for many values via API

How to disable search in a specified index for certain groups of users?

How to create a search to find a percentage using my data set and display this in a timechart?

How to use rex to extract Linux directory sizes and names?

Aggregating fields in JSON array

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...