Stack Overflow
Stack Overflow

Questions tagged [splunk-calculation]

93 questions
0
votes
1 answer

Finding brute force attacks with splunk

I have a few login failures then a success for Administrator and this is what I have but it doesn't seem to be getting any results: source=WinEventLog:Security EventCode=4625 OR EventCode=4624 | bin _time span=5m as minute | eval…
Jason
  • 811
  • 1
  • 12
  • 26
0
votes
2 answers

Group events by multiple fields in Splunk

Hi I have some events in splunk which are of this form- Location: some value(same value can be there in multiple events) Client: some value(same value can be there in multiple events) TransactionNumber: some value(Unique for each event) Transaction…
Kunal gupta
  • 481
  • 2
  • 7
  • 19
0
votes
1 answer

In Splunk how to find the number of words based on the a pipe separator and add a value to it and assign it to a new filed

Hi Have an event like this shown below Today's Greeting Messag=Hello|myname|name|is|Alice|myName|is|bob"} How can i count the number of words between message= till "}. I have a | delimiter that should helps me to get the count of words in between.…
Boya Raghavendra
  • 5
  • 1
  • 5
0
votes
3 answers

Splunk interesting field exclusion

i have 4 fields (Name , age, class, subject) in one index (Student_Entry) and i want to add total events but i want to exclude those events who has any value in subject field. I tried the below two ways index=Student_Entry Subject !=* | stats…
Supriya Sharma
  • 21
  • 4
0
votes
1 answer

How to creat a Splunk bubble diagram from timechart

I am trying to create a bubblechart based on this search, also seen in image below. source="*wineventlog:security" sourcetype="*wineventlog:security" EventCode=4624 OR 4625 OR 4649 OR 4724 OR 4732 OR 4740| timechart span=1h count(EventCode) by…
Balder
  • 11
  • 3
0
votes
1 answer

How to find authentication SSH logs for Linux

I am trying to write a query via splunk to find SSH logs used for authentication in Linux. Any ideas as to the query needed to writer to achieve this? I am new to splunk so any information would help. Here is what I have started but to no…
Coder123
  • 334
  • 6
  • 26
0
votes
1 answer

Indexer grouping in dropdown

I have 20 indexes where we want to display them in drop down in grouping manner ..how can we group them in a query ? for example:- index1,Index2,index3 should come with name abc.... Index 4, index 2, index 5 should come with name efg... so in drop…
Supriya Sharma
  • 21
  • 4
0
votes
1 answer

How to Splunk search for transaction types that have a median latency above 3 seconds

I have a table that shows latency data, now i want to write a query for an alert that will alert when requests (method + uri) have a higher median than 3000ms (3s) The query i use for that latency table is: index=ms-app environment=prod AND "*" |…
monkey123
  • 183
  • 1
  • 3
  • 11
0
votes
2 answers

Splunk Dashboard Security

I am from splunk Team, we are noticing that people who are not the part of splunk team , they are doing changes in existing dashboard , without notifying us .. how can we fix this? can we do something like get notification once any changes done on…
Supriya Sharma
  • 21
  • 4
0
votes
1 answer

Calculate mean deviation with Splunk

I have a list of values in Splunk. I can use this list to calcualte avg(vals) and stdev(vals). How do I calculate the mean deviation. The mean deviation is the average absolute difference between the mean and each value in the list. (Sum_x |mean-x|)…
Kevin Kraft
  • 150
  • 1
  • 11
0
votes
1 answer

getting the average duration over a group of splunk transactions

So I have some data in the format of Time | UUID | event_name_status | actual_important_log_time…
splunkLearner
  • 1
0
votes
1 answer

Splunk Query to update a query

I am working on a Splunk requirement, which is like the splunk script is scheduled to run every 15 mints from Mon-Fri for 30m. However they have a new requirement to run this script for 60m on Sat and Sunday alone. What are the changes to be done…
venkat
  • 1
  • 1
0
votes
1 answer

Trying To Peform Mathmetical Calculations Based off One Column

I'm new to Splunk and i'm having trouble with the following line of code. I think what i'm trying to do is pretty self explanatory. Essentially the data i'm working with is one column and the values in the column are "0" or "1". Any help would be…
Gary Dorman
  • 375
  • 1
  • 5
  • 16
0
votes
0 answers

Splunk Dashboard Based on the Content of the Log file

My log file "app.log" contains 20-30 lines of data, example.. Total records 100. Successful batch size: 30. (Followed by some data here....) Total records 100. Successful batch size: 40. (Followed by some data here....) Total records 100. Successful…
Siva
  • 3,297
  • 7
  • 29
  • 35
0
votes
0 answers

Splunk : formatting a csv file during indexing, values are being treated as new columns?

I am trying to create a new field during indexing however the fields become columns instead of values when i try to concat. What am i doing wrong ? I have looked in the docs and seems according .. Would appreciate some help on this. e.g. .csv…
Mark
  • 11
  • 3
1 2 3 4
5
6 7