Splunk Search

Discussions

Thread Info

Intermittent log data ingestion with Packetbeat JSON file

Hello, I am experiencing intermittent log ingestion issues on some servers and have observed potential queue satur...

by New Member in

How to replace Join to search large data sets

I've been working on a search that I *finally* managed to get working that would look for events generated by a provi...

by New Member in

How to search and monitor Splunk user logins that are using LDAP based authentication?

I have been going through several answers about how to get and track user logons and logoffs. Tried many of the searc...

by Communicator in

data and lookup field problem

Hi All i have a csv look up with below data Event_Code AUB01 AUB36 BUA12 i want to match it with a ...

by Engager in

Need help in some formatting the result

Hi Team, I am Firewall engineer and working on creation of some dashboard. I have created one dashboard whenever ...

by Explorer in

Sum values fields

How can I get the total sum of the Duration fields? Regards.

by Path Finder in

Splunk Regex never works when entered second folder

Hi So I ran into a very odd and specific issue. I trx to regex-Filter a field, lets call it "parent". The field has...

by New Member in

Alert on table with custom email subject field value

I got an alert working "for each result" by using a query that creates the following table: errorType c...

by Engager in

Data Model custom timerange check

How to pass earliest and latest values to a data model search? Example if I select a time range picker of last 30 mi...

by Path Finder in

How to detect "now" and turn it into a real date?

Dear experts In my dashboard I have a time picker providing the token t_time. My search index="abc" search...

by Path Finder in

Capture similar strings in the logs

Is there any way to search for similar strings dynamically in different logs?I want to group unique error string com...

by Path Finder in

how to replace wc-l on a query from splunk

I need to replace the command wc-l because I want to saw a dashboard of the total of messages on a source.

by New Member in

Identifying compliant logins - including last login time.

Working on supplementing a search we are using to implement conditional access policies. The search identifies succes...

by Explorer in

RegEx

I am trying to regex out eligible with the answer field true, when i do it in the regex builder this works eli...

by Observer in

Chart over time by multiple fields

Hi there! I want to create a scorecard by Manager and Region counting my Orders over Month. So the chart would look s...

by Explorer in

Proactively stream data to different index after CIM Mapping

Hello guys. Hope someone can help us out. I am using the Enterprise and am trying to store the events after CIM m...

by New Member in

Can you create/modify a lookup file via REST API?

Hi, Is it possible to create/modify a lookup file via Splunk's REST API? I don't see anything that addresses this ...

by Champion in

TriggerTime eval with SolarWinds Index

I am creating a dashboard with Splunk to monitor offline assets in my environment with SolarWinds. I have the add-on ...

by Observer in

Need some help with a JSON array

Hi smart folks. I have the output of a REST API call as seen below. I need to split each of the records as delimited ...

by Explorer in

condition drilldown - with link target

Hello, I want to make a drilldown with those services : and I have to apply a drilldow for (s3-bucket / vpc / ec2) ...

by Path Finder in

Reverse time info in chart

Dear expertsMy search index="abc" search_name="xyz" Umgebung="prod" earliest=-7d@d latest=@d zbpIdentifier IN (...

by Path Finder in

Custom TA - python script lookup issue

Hi Dear Splunkers, I have been working on creating a Custom TA for counting unicode characters for non-eng dataset...

by SplunkTrust in

How to filter comma separate keywords in splunk dashboard using text box?

How to filter using text box with multiple keywords using comma separated.How to filter my table data. This is my ...

by Builder in

Difference between users

Good day,I am trying to get a dashboard up and going to easily find the difference between two users groups. I get my...

by Path Finder in

How Can Splunk Help Me Interpret Data Trends Using Zip Codes More Effectively?

I’ve been diving deeper into using Splunk for analyzing various types of data, and recently I’ve been exploring how l...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Intermittent log data ingestion with Packetbeat JSON file

How to replace Join to search large data sets

How to search and monitor Splunk user logins that are using LDAP based authentication?

data and lookup field problem

Need help in some formatting the result

Sum values fields

Splunk Regex never works when entered second folder

Alert on table with custom email subject field value

Data Model custom timerange check

How to detect "now" and turn it into a real date?

Capture similar strings in the logs

how to replace wc-l on a query from splunk

Identifying compliant logins - including last login time.

RegEx

Chart over time by multiple fields

Proactively stream data to different index after CIM Mapping

Can you create/modify a lookup file via REST API?

TriggerTime eval with SolarWinds Index

Need some help with a JSON array

condition drilldown - with link target

Reverse time info in chart

Custom TA - python script lookup issue

How to filter comma separate keywords in splunk dashboard using text box?

Difference between users

How Can Splunk Help Me Interpret Data Trends Using Zip Codes More Effectively?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...