Splunk Search

Discussions

Thread Info

How to group values

Hi I have a field name called report_name, it can have a number of status values associated with it, i.e. status=a ...

by Contributor in

Event count before and after a specified time

I am looking to count the number of events that occur before and after a specified time (8am) each day to give a tabl...

by Explorer in

DNS Logs field extraction (flags)

Hello Splunkers, I'm actually trying to extract the "flags" field in the DNS logs. Meanwhile, the TA provided by ...

by Path Finder in

Search hosts, Windows updates

Hello! I am new in Splunk Search. I am using this query to find all hosts to which a specific update was installe...

by Explorer in

How do you allow automatically match against lookup file multi-value field

Hello experts - I'm scratching my head trying to figure out if there's something at the low level configuration si...

by Path Finder in

User agent - Difficult in extracting Field

Hi I am trying to extract field from the user agent details like ( Operating system, Software, Software version, S...

by Path Finder in

sourcetypes

Is there a way to tell which method a sourcetype is using to get data into splunk? For example, suppose I look at ...

by Path Finder in

Event-data within retention time is missing

Hi For a given index with retention of 91 days configured, we find some hosts having events for the full 91 days.So...

by Explorer in

How to resolve high increase in forwarders reporting errors, including "Failed to checkpoint" for channel='security'?

We discovered that in early April, around the 7th, we had a HUGE increase in forwarders reporting this error: ERRO...

by Path Finder in

Blacklist lookup - search query

I have a blacklist.csv file that looks like the following, namedescription*vpn*VPN was found.*putty*Putty was found...

by Path Finder in

Time duration between two events from timestamp mentioned in the event.

Hi there, I have a requirement where i need time duration between two events in ms.Events look like this Event ...

by Loves-to-Learn Lots in

Javascript: How to cancel a search mid run?

Hello, I am trying to write a simple SPA using JS on the Search Head. I have a page where objects are generated dy...

by Champion in

Nested Search Question

OK I have been reading most of the morning and I have to just be missing something very simple. To explain what I a...

by Observer in

UNIX time for the first day of the month of last month

I am querying Nessus imported data and I would like to find old vulnerabilities still present today.More precisely, e...

by Explorer in

queries that used datamodels

Hi There is any option to get a list of acceleration data model and what rules / reports / queries) using each of t...

by Explorer in

resolve IP to name

I want to be able to see the host name in search results rather than IP. In this case, the "host" I am looking for is...

by New Member in

Search query using REST in JSON format?

Hello, I am trying to do a search query using JSON. It works if I use the normal form format, but not JSON. Worki...

by Loves-to-Learn in

Join multiple lookup table to get result in single table

Hi, This is the case scenario: when I run this search query: index = "global" productID I get the following r...

by Explorer in

Count of API calls over X time_taken, only if average time_taken is over a threshold

Hi, I currently have a query that returns the a chart of API's whose calls average over a specific time limit (uni...

by Explorer in

How do you calculate the growth of each Index on a monthly basis?

We have a requirement to show the data growth of each index on a monthly basis. I tried with the below query from _in...

by Communicator in

timechart conditional result

Hello, i have objects with names that all carry a unique and constant "Software-Signature" with them. This si...

by Explorer in

Dashboard

As Per below screenshot, i getting results the difference between last week host and this week host count. But i...

by Motivator in

Search result from different App

Hi , Is it possible to get the search result from a specific app to my own application? Example: The result of...

by Builder in

Extracting multiple values for single field

I'm trying to extract multiple values for a single field. I've got the beginnings of the regex sorted to extract it, ...

by Communicator in

Charting diff of events with running total

I have some firewall session state logs which get sent to Splunk every minute. The session state events contain a uni...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to group values

Event count before and after a specified time

DNS Logs field extraction (flags)

Search hosts, Windows updates

How do you allow automatically match against lookup file multi-value field

User agent - Difficult in extracting Field

sourcetypes

Event-data within retention time is missing

How to resolve high increase in forwarders reporting errors, including "Failed to checkpoint" for channel='security'?

Blacklist lookup - search query

Time duration between two events from timestamp mentioned in the event.

Javascript: How to cancel a search mid run?

Nested Search Question

UNIX time for the first day of the month of last month

queries that used datamodels

resolve IP to name

Search query using REST in JSON format?

Join multiple lookup table to get result in single table

Count of API calls over X time_taken, only if average time_taken is over a threshold

How do you calculate the growth of each Index on a monthly basis?

timechart conditional result

Dashboard

Search result from different App

Extracting multiple values for single field

Charting diff of events with running total

Buttercup Games: Further Dashboarding Techniques (Part 5)

Customers Increasingly Choose Splunk for Observability

Bridging the Gap: Splunk Helps Students Move from Classroom to Career

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...