Splunk Search

Ask a Question

Discussions

Thread Info

How to Use Earliest Starting Field in Transaction

Hello, I have events that look like this (for a user with id 123): 2021-04-29 14:30:45 Notification Received [Use...

by Path Finder in

Splunk Case-Sensitive Search

Hi, Can someone help me with the regex command for below? | search ="UPN=*T@mail.cloud" Thanks in advance!

by Contributor in

How to pass event time from an inner subsearch to the outer search results table?

Hi, Here are my searches index=foo <search criteria> | table user _timeindex=bar <search criteria> | table user ...

by Builder in

Large scale join between two sourcetypes

Hello Everyone, I have been working on a problem for the last few weeks and haven't had huge amounts of success...

by Loves-to-Learn Lots in

Splunk File Download

Hi all, I have used an app to generate a document that according to this log went succesfull. Is there a way to allow...

by Path Finder in

Splunk query to eliminate specific events

Hi All, Below is my Splunk query. I want to only eliminate the result if "UPN" & "Event_title" both are the same ...

by Contributor in

How to combine multiple rows (from sub search results) into different columns on single row (main search)

I have a query that returns the following result. ...

by Path Finder in

Searching/Listing down all Installed App Usage, to find how which is the least used app.

Hey all!I am tasked to do some housekeeping and find out which installed apps are being used the least so that I can ...

by Engager in

Splunk DB Connect and Neo4j anyone?

I am trying to connect to Neo4j using their JDBC driver with no luck. Has anybody done better than this?

by Builder in

Get top 20 queries for avarage execution time

Hello there  So, I've extracted from the log, using rex, the time, called OSY_time and each individual slo...

by Path Finder in

table returns duplicates for extracted Fields that are not Selected

table returns duplicates for extracted Fields that are not Selected fields In the following image, host is a Select...

by Engager in

How do you generate CSV File on Schedule basis automatically as an attachment to Email.

Hello,How do we schedule a CSV file as an attachment to the Email. What is the script that needs to be added in the s...

by Engager in

extract multiple values from fields in same event

Hello team , I am having one event in which single field have multiple value like provided below: {"body"...

by Communicator in

regex

Hi all, I have a column containingRequest = REQ_IN ...... { ...... "productId": "test", ...... { ....... "productId...

by Path Finder in

What is the search for creating account on MAC OS?

by Loves-to-Learn Lots in

How to collect events that form part of a common tree

I have a large NodeRED JSON flows.json file that I'm ingesting into Splunk. In that file there are one or more 'flows...

by SplunkTrust in

makemv and mvindex not working as expected

I am working with JSON data type events and am trying to extract the username (user1, user2) from the pathspec data s...

by Explorer in

Find results that are not in a transaction

The data is MFA attempts in O365. I have an alert that fires whenever someone denies an MFA push. The thing is, somet...

by Engager in

Count by Day of Week

I am on Day 2 with Splunk.I am trying to get the average number of records by Day of the Week (Mon, Tue, Wed, etc) of...

by Loves-to-Learn Lots in

Using like() not working in where statement

I have an alerts index which has a data.rule.name field containing the following values: COVID-19 linked Cyber Atta...

by Explorer in

Query Performace

Hello, I am building a query to be able to display a line graph of status (offline, online) over a period of 3...

by Path Finder in

Extract all key value pairs JSON

I have the following log example and Splunk correctly pulls the first few fields (non-nested) as well as the first va...

by Explorer in

Dealing with Datetime in Splunk Henny!

Hello respected members of the prestigious forum of SplunkI have been working with datetimes in splunk and it is maki...

by Communicator in

Need help on how to alert if daily count exceed 30 days average

Hi all, Need some advice here. I have some logs that has the URL and the HTTP response code. Sample here ...

by Engager in

values are missing pot lookup

Not able to find the stats details for all M. tried fill null . it is not working index=UA sourcetype=apps appnam...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to Use Earliest Starting Field in Transaction

Splunk Case-Sensitive Search

How to pass event time from an inner subsearch to the outer search results table?

Large scale join between two sourcetypes

Splunk File Download

Splunk query to eliminate specific events

How to combine multiple rows (from sub search results) into different columns on single row (main search)

Searching/Listing down all Installed App Usage, to find how which is the least used app.

Splunk DB Connect and Neo4j anyone?

Get top 20 queries for avarage execution time

table returns duplicates for extracted Fields that are not Selected

How do you generate CSV File on Schedule basis automatically as an attachment to Email.

extract multiple values from fields in same event

regex

What is the search for creating account on MAC OS?

How to collect events that form part of a common tree

makemv and mvindex not working as expected

Find results that are not in a transaction

Count by Day of Week

Using like() not working in where statement

Query Performace

Extract all key value pairs JSON

Dealing with Datetime in Splunk Henny!

Need help on how to alert if daily count exceed 30 days average

values are missing pot lookup

Observability Release Update: AI Assistant, AppD + Observability Cloud Integrations & ...

Stay Connected: Your Guide to February Tech Talks, Office Hours, and Webinars!

Preparing your Splunk Environment for OpenSSL3

tstats with | search()

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

StateSpaceForecast holdback and forecast_k for eva...

ITSI thresholds: adaptive vs static