Stack Overflow
Stack Overflow

Questions tagged [splunk-query]

438 questions
-1
votes
1 answer

Is it possible to forward raw Security Onion data/logs to splunk (stand-alone) server for visualization?

I am trying to forward raw data collected by security onion to Splunk server installed in stand-alone mode
talib ansari
  • 1
-1
votes
1 answer

Extract custom field in Splunk from specific events

I want to extract the kind of error and store it in the field error_type for each event. I have three kinds of errors majorly occurring in my logs within different events. I want that error_type should populate only the error that particular event…
knowledge20
  • 378
  • 1
  • 2
  • 15
-1
votes
1 answer

Summary Index In splunk

can you please help me with time stamp of summay index.. we having disk space issue and we are clearing the old logs . but we want keep some field data so if will schedule a SI then does it will add the data from last 1 month at one time ..then why…
supriya
  • 1
  • 2
-1
votes
1 answer

Splunk command to check if current search is greater than x% of previous search

I want to know how to write search query in Splunk in order to check if the current search is greater than 20% of previous search. I am getting events on a particular count every 10 min. I want to check if my current count (for the last 10 min) is…
Geethu Thomas
  • 1
-1
votes
2 answers

Splunk get inner Query results with in the time frame provided by outer Query

Successfully scheduled PushNotification in UserMessageChanelMap LINK_MORE_ACCOUNTS |eval fields=split(raw,"|") | eval messageKey =mvindex(fields,2) |eval num=mvindex(fields,5) | table messageKey_, num | eval scheduledDate = replace(num,…
Sahithi Mamidi
  • 55
  • 3
-1
votes
2 answers

Extract Values from a field

I need to extract the whole value from a field I have tried different Regex patterns and it did not work and was wondering if there was a simple way to do this. Here's an example Splunk Event HelloSample=My tool is too picky and has a hard…
Prozac
  • 1
-1
votes
1 answer

Splunk query to filter results in IIS log to identify CRYPT_Protocol values less than 400

I am trying to find a regex expression to help filter splunk results from ingested IIS logs such that when the CRYPT_PROTOCOL response is less than 400 it is displayed.
Patrick H.
  • 1
-1
votes
2 answers

Regular expression splunk query

I have a line containing [India,sn_GB] Welcome : { Name:{Customer1},Place:{Mumbai},} I want to print the entire line after sn_GB] in splunk, which is Welcome : { Name:{Customer1},Place:{Mumbai},} I used the below regular expression:…
Chinchan
  • 19
  • 9
-1
votes
1 answer

How to run Splunk stats command to get answers

Anyone please tell me how to execute commands - stats to produce a report on the numbers of times the GAMES equals to FOOTBALL?
Akshray Kc
  • 1
-2
votes
1 answer

Splunk :find percentage of top 1000 in splunk

How can we get percentage of top 1000 values along with some more field .. i have tried below but its not working .. |eval percent=round(count/total*100,1000) | eventstats count(src) as total | iplocation src| stats count by src , dest , msg ,…
supriya
  • 1
  • 2
-2
votes
1 answer

Splunk generate a random events

I'm a rookie in Splunk. I am using it for the first time. I noticed that if the interval value is 60, it generates 2 events every minute. This confused me. Is it a known situation?
sisodo8186
  • 1
-2
votes
1 answer

Need table o/p with each FROM_IP its related uid

index=name conn "connection from" [search index=name [| inputlookup UIDlist.csv |rename UID AS uid | fields uid ] "BIND" | fields conn ] | rex field=_raw "connection from (?\d+\.\d+\.\d+\.\d+):" …
Misrty vib
  • 9
  • 6
-2
votes
1 answer

To find New error in server logs that was not present in logs in the past one week

I am looking to trigger an alert in splunk if a new error is there in server logs. New error is an error/s that was not present in server logs in the past one week. I have index for logs index=Serverlogs1. Please help!
user14191992
  • 1
  • 1
-2
votes
1 answer

Need help in Splunk Pie chart search expression

I am new to splunk dashboard development, so far I am creating KPI's using just 'single value'. I have three KPI's resulted 600, 250, 150 KPI 1 search expression - Result is 600 (example) index=indexname kubernetes.container_name=tpt MESSAGE = "Code…
Raju
  • 135
  • 8
-2
votes
2 answers

I am trying to use regular expression for extracting the Filename filed in Splunk,I have attached the same text

ID=6913&Filename=C%3A%5CUsers%5CTHanse04%5CAppData%5CRoaming%5CDocumentum%5CViewed%5C181019_ERS_321_102_500857.pdf&Download=65536&DownloadSize=79243 HTTP/1.1" 200 3 "-" "Java/1.8.0_192" I need to extract and after extract i need Thanse04 from…
Anshuman
  • 3
  • 1
1 2 3
29
30