Splunk Search

Discussions

Thread Info

How to extract a field from a GET request?

Hi All - I am having trouble extracting the following fields from a GET request . GET **/TSGene/**images/literatu...

by Path Finder in

how can you run one search and share that data with multiple panels

How can or is there a way of running one search and sharing the resulting data amongst multiple panels in a Dashboard...

by Explorer in

Nested JSON and SPATHING

Hi, I have another question similar to the question I asked at https://answers.splunk.com/answers/624148/expanding...

by Path Finder in

Pivot search

hello , someone can help me to translate this pivot command in search command | pivot proofpoint proofpoint_search...

by New Member in

Creating new fields using already set data

I am working with data from an application but the data has been forwarded to Splunk as raw data and appear randomly ...

by New Member in

How to create a real-time map of attacks

I want to create a real-time map similar to https://cybermap.kaspersky.com/ that tracks and displays the exact locati...

by New Member in

Can any one help to understand & use of below command in eval

Can any one help to understand & use of below command in eval index=_internal | eval Mahesh=max(1, 3, 6, 7, "foo", fi...

by Explorer in

Trying to change date

index=_internal | eval Mahesh=replace(date, "^(\d{1,2})/(\d{1,2})/", "\2/\1/") My date 03-16-2018 I need 16-03-201...

by Explorer in

CPU Usage by Process

Is there a way to pull a list of running processes and the CPU % usage per process via Splunk natively? Using Powersh...

by Communicator in

Calculate difference between 2 time fields using strptime

As an example, I am getting weather data where in each json even I have the sunrise and sunset time for that day. The...

by Communicator in

How to create a real-time map of attacks by Source IP?

I would like to create a live map similar to the one at Norse: http://map.norsecorp.com. Below is the search that ...

by Explorer in

Find percentage between two fields whose name will fall into a naming convention

I have a set of fixed fields that define a maximum threshold with the naming convention of "resources_available_[[con...

by Contributor in

How to use rex to get matching number?

I tried to use | rex "^Version\s(?P(\\d{2}))$ to extract version number - it should only be 2 digit number. But 12.1....

by Path Finder in

How to add link per rows?

I first encountered the plank system. Need any help. Have a table with multiple rows. Is it possible to assign a l...

by New Member in

data comparison

Hi all Someone can help me? We have a stream of messages that are sent from one side and received on the other. Is...

by New Member in

Why is the stats count showing higher count for date_ then other fields?

I have a report that provides a summary of key activity by IP. I wanted to cross check that information against th...

by Path Finder in

problem with join

i am trying to join 2 indexes and ClientName. i find some rows are not joining on ClientName. but if i explicitly me...

by Builder in

Regex Help

Hi, I need a regex to extract at search time the values after ACTION[*] and up to the next character, regardless o...

by Path Finder in

How do I combine two unrelated inputlookups in the same search?

Say I have one lookup which has various fields like host, source and other stuff. And another lookup which has fields...

by Explorer in

Need to benchmark IOPS reliably

Hi, Can someone recommend a linux utility to reliably benchmark IOPS on local, NFS and iSCSI volumes? I need so...

by Engager in

How to use transaction command with message and as argument?

How to use message name as argument for transaction command? I have logs relate to a particular message ID for one so...

by Communicator in

high cpu over xtime alert

I want to create an alert when the cpu is at 50% or higher for greater than 5 mins. I thought this would work, but...

by Engager in

Return values of field that dc is ran on instead of just the count

Hello all, I have the following search: index="vpn_gateway" eventtype="vpn-authall" | stats dc(vpnuid) by vpnc...

by Engager in

Why are several JSON fields getting extracted more than once at search-time?

At search-time, several fields get extracted more than once, even if they only exist once in the event. I know I can ...

by Communicator in

combining stats question, can I do this as one search instead of appending 2?

BASE_SEARCH | rex field=dest_host "^(?<hostname>([a-z0-9\.\-]*\.)?(?<Domain>[a-z0-9\-]{2,}(?=\.[a-z\.]{3,})\.(?<tld>...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to extract a field from a GET request?

how can you run one search and share that data with multiple panels

Nested JSON and SPATHING

Pivot search

Creating new fields using already set data

How to create a real-time map of attacks

Can any one help to understand & use of below command in eval

Trying to change date

CPU Usage by Process

Calculate difference between 2 time fields using strptime

How to create a real-time map of attacks by Source IP?

Find percentage between two fields whose name will fall into a naming convention

How to use rex to get matching number?

How to add link per rows?

data comparison

Why is the stats count showing higher count for date_ then other fields?

problem with join

Regex Help

How do I combine two unrelated inputlookups in the same search?

Need to benchmark IOPS reliably

How to use transaction command with message and as argument?

high cpu over xtime alert

Return values of field that dc is ran on instead of just the count

Why are several JSON fields getting extracted more than once at search-time?

combining stats question, can I do this as one search instead of appending 2?

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

Preparing your Splunk Environment for OpenSSL3

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

How to get alert result through API?

How to check MQ reconnects after a connection is d...

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas