Splunk Search

Ask a Question

Discussions

Thread Info

Is there a way to identify/search what SMB version is being used across the network?

Hello Splunkers, Is there a way to identify/search what SMB version is being used across the network? I am looking...

by Loves-to-Learn in

How to join lookups?

Hello everyone! I have 2 lookups - 1.csv and 2.csv 1.csv contains such table hostuserresulthost1Alexsuccessh...

by Contributor in

Why does it say there are events but then it says "No results found"?

After running a search, I have the below results: 112,471 events (9/20/17 2:00:00.000 PM to 9/21/17 2:10:07.000 PM ...

by New Member in

Timechart - Is there a way to define the <selection> area in-code?

Hello, I'm using a timechart with the following block for allowing the user to select a specific area and see stat...

by Explorer in

How to get pie chart average value in three slices?

Short description:When a consumer orders groceries online, I provide the picker—the individual who picked the foods b...

by Path Finder in

Why does search use up large amount of memory?

I'm trying to export raw linux audit logs to a file. For example: splunk.exe "sourcetype=linux...

by New Member in

Splunk search- How to extract payload?

Hello , I have splunk logger line like below: Address: XXX HttpMethod: POST Headers: {Ama-Internal-REST-Servic...

by Explorer in

How to utilize wildcards in time fields in lookup file?

I have a lookup which has a field with time values (in 24 hr time; i.e. 00:30, 13:45, 23:15), which tells my dashboar...

by Explorer in

Do I use Last(..) or Latest(..) after match(..), or something else?

I am performing a search for two events. A start event and a stop event for a specific job Name. I have ran into a...

by Contributor in

How to use eval within stats for data from tstats

I'm trying to use eval within stats to work with data from tstats, but it doesn't seem to work the way I expected it ...

by New Member in

Time Range "earliest" in SPL not working?

When conducting searches, we have observed that the SPL searches were not working based on the "earliest" time range ...

by Path Finder in

Can I change the stats limit in Splunk for the max characters?

hello all, My problem is I thing Splunk have max character accepted for stats command, when i perform this sear...

by Path Finder in

How to dynamically change table contents based on log messages?

Not sure if I am putting this in the correct area; my apologies ahead of time. I wanted to know if it would be possib...

by Explorer in

How to join REST & search results?

I'm really bad when it comes to join searches, though I've been doing this for years. I'm able to find the list o...

by Contributor in

Make average compare with two columns value based and display it in Panel

I have two two columns of data, One is Expected box and another is Actual box. I would like to make Percentage/Avera...

by Path Finder in

Report results to event summary index, why value with hyphen (-) is double quoted?

Isn't hyphen a minor breaker so I'm wondering why the values with hyphen get double quoted when doing summary indexin...

by Path Finder in

How to make comparison of a field with a digit with a field where there are alphabetic characters?

Prompt as I can make arithmetic comparison of two fields. Comparison: more, less.The first field consists of numbers:...

by Communicator in

Merge 3 Splunk field into 1?

Hi, I am trying to concatenate 3 fields into 1 field but I am unable to do so.I tried: and this: ...

by Builder in

How to create a new field?

Tell me, what should I do in my case, I need from the field: 1.SAPS-SIS.TO.LSP.SEND, or: "12.SAPS-SIS.TO.LSP.RECEIVEG...

by Communicator in

Could someone assist on converting Azure Sentinel to SPL?

Hi all. It might sound weird but I need assistance converting Azure Sentinel queries to SPL. The main goal is t...

by Explorer in

How to use substr to extract the first 3 letters of a field and use it as a grouping field?

I'm not sure I asked the right question, but I'd like to use substr to extract the first 3 letters of a field and use...

by Explorer in

Average wrong box estimate- Why is my attempt wrong?

I have total 17 orders. Box Estimates is wrong 6 out of 17 orders. What is the average wrong box estimate in total?T...

by Path Finder in

Splunk SPL- How do I use regex to create an alert?

Hello Splunker! I created below regex from the raw events. And I want to create an alert which show the event in o...

by Motivator in

Splunk Dashboard- Why is the edit dashboard mood screen appearing?

One dashboard was made by me. I'm showing my colleagues my dashboard. Problem: When my coworkers or I access that Spl...

by Path Finder in

How to combine lookup file with splunk query, static data with live data

Static data with one common field app Name as splunk query.

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Is there a way to identify/search what SMB version is being used across the network?

How to join lookups?

Why does it say there are events but then it says "No results found"?

Timechart - Is there a way to define the <selection> area in-code?

How to get pie chart average value in three slices?

Why does search use up large amount of memory?

Splunk search- How to extract payload?

How to utilize wildcards in time fields in lookup file?

Do I use Last(..) or Latest(..) after match(..), or something else?

How to use eval within stats for data from tstats

Time Range "earliest" in SPL not working?

Can I change the stats limit in Splunk for the max characters?

How to dynamically change table contents based on log messages?

How to join REST & search results?

Make average compare with two columns value based and display it in Panel

Report results to event summary index, why value with hyphen (-) is double quoted?

How to make comparison of a field with a digit with a field where there are alphabetic characters?

Merge 3 Splunk field into 1?

How to create a new field?

Could someone assist on converting Azure Sentinel to SPL?

How to use substr to extract the first 3 letters of a field and use it as a grouping field?

Average wrong box estimate- Why is my attempt wrong?

Splunk SPL- How do I use regex to create an alert?

Splunk Dashboard- Why is the edit dashboard mood screen appearing?

How to combine lookup file with splunk query, static data with live data

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

Preparing your Splunk Environment for OpenSSL3

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

How to get alert result through API?

How to check MQ reconnects after a connection is d...

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas