Splunk Search

Ask a Question

Discussions

Thread Info

How do I search for Windows Servers Version (2008, 2012 etc)?

Splunk Noob here. How do I search for Windows Servers Version (2008, 2012 etc)? Can this be done?

by Loves-to-Learn Lots in

Need REX Help - How do I table results?

Hello, when i table the results the results are not matching exact with the next columns. what can i add to reslove ...

by Communicator in

How to artificially insert event based on an existing event value?

Hello,I have a log file that admins can write when they start or stop their server maintenance.This is then jued to s...

by Explorer in

How filter results by custom start and end string in _raw?

Hello,this is the first time i post here but I have learn alot from this website by just using google search. Situ...

by Explorer in

Is there something about a join that prevents me from doing evaluations?

I am fairly new to Splunk but I come from a background of SQL databases and I may still be trying to do things in a "...

by Explorer in

How to extract a value between to identifiers?

I'm looking for a way to extract a value from the middle of a sting. The value(green) I want is after the first under...

by Engager in

How to write regex to capture Windows 7 only?

Hi all, I need to get the value Windows 7 from the below string . used something like OS[\n]+([^\n]+) , but then i...

by Engager in

How to get search data to be more than 12 months old?

I am trying to run a search where I want my data to be more than 12 months old.However when I run this search, it bri...

by Explorer in

Why do stats and tstats give different set of results?

Hi All, I tried running the two SPLs below for same index and time range, but got two very different set of results...

by Contributor in

How to write query to detect too much blocked traffic to one single destination?

I have created a query to detect too much blocked traffic to one single destination.Somehow this doesn't work. Help m...

by Loves-to-Learn Lots in

Why won't this table show new field names?

Based on what I've studied, I should be able to show a new field named item with a search such as the one below: i...

by Explorer in

How to use rex to extract JSON text in "msg" keyValue pair?

I have a json raw string from which I have to extract the "msg" key and pair value. Can you please assist. The log li...

by Explorer in

Why are Display Values not found in search results but is in lookup table?

I Have a look up file called dataset.csv which will have one field, dataset_namedataset1dataset2dataset3 I...

by Explorer in

Best way to turn large regex with labels into something manageable?

Hello, I just started a new position where I've inherited management of large queries that need to be updated periodi...

by Explorer in

How to search Items in a Lookup Table NOT present in Index?

Hi all - Relatively new to Splunk and have already attempted a number of methods from forums to perform this searc...

by Explorer in

How to filter specific events from use case?

Hi All, We have turned on the Use Case - ESCU 0365 Authentication Failures Alert We need this turned on in orde...

by Observer in

Local Admin: How to check if a user has not been added and NOT removed within a time period?

Hi what would be the best way to check if after a user has been added to a group, they have not been removed from the...

by Loves-to-Learn in

How to calculate difference between timestamps of two successive logs?

Hi , Can you please help me to write a query for calculating the difference in time for two simultaneous logs? I w...

by New Member in

How to write query to exclude the logs having src_ip starting with either 10 or 172?

I have this query in Splunk which gets me the src_ip along with different fields for the particular UserId. But i w...

by Engager in

How to write rex to get "domain.com"?

I have field user-agent like thisuser-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTM...

by Explorer in

Help writting and fixing a rex query

Hello, I have a raw data that go like this ... in[ 60: ]<3034> in[ 62: ]<10> in[ 62: ]<EC_CARDVER> ... ...

by Communicator in

Why am I not receiving data from particular source?

Hi, I have 4 sources from one sourcetype . so i am getting data from 3 sources but not from other 1 source.Logs are ...

by Path Finder in

How Do I Find My Splunk Cloud IP?

So I have migrated to Splunk Cloud, but still have a Deployment server, UF, and HF. How do I find out what my IP is f...

by Explorer in

Can I append lookup results from inputlookup row for filtered results?

Hi, I have a CSV file that I would like to filter search results using an inputlookup command, but also to include ...

by Observer in

Help with SNMP Modular Input- Why am I not seeing anything in Splunk?

I just installed this app and found it simple to setup...but I must be doing something wrong. I've created Trap infor...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do I search for Windows Servers Version (2008, 2012 etc)?

Need REX Help - How do I table results?

How to artificially insert event based on an existing event value?

How filter results by custom start and end string in _raw?

Is there something about a join that prevents me from doing evaluations?

How to extract a value between to identifiers?

How to write regex to capture Windows 7 only?

How to get search data to be more than 12 months old?

Why do stats and tstats give different set of results?

How to write query to detect too much blocked traffic to one single destination?

Why won't this table show new field names?

How to use rex to extract JSON text in "msg" keyValue pair?

Why are Display Values not found in search results but is in lookup table?

Best way to turn large regex with labels into something manageable?

How to search Items in a Lookup Table NOT present in Index?

How to filter specific events from use case?

Local Admin: How to check if a user has not been added and NOT removed within a time period?

How to calculate difference between timestamps of two successive logs?

How to write query to exclude the logs having src_ip starting with either 10 or 172?

How to write rex to get "domain.com"?

Help writting and fixing a rex query

Why am I not receiving data from particular source?

How Do I Find My Splunk Cloud IP?

Can I append lookup results from inputlookup row for filtered results?

Help with SNMP Modular Input- Why am I not seeing anything in Splunk?

How to Monitor Google Kubernetes Engine (GKE)

Index This | How can you make 45 using only 4?

Splunk Education Goes to Washington | Splunk GovSummit 2024

How to compare success/failure by status

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data