| splunk [searches]
  • Categories
    Datamodels Enterprise Security General Splunk Linux Mac Miscellaneous Networking REST Windows ITSI Authentication Deployment Server Database Connect (DBX) Splunk Cloud Security Universal Forwarder Admin
  • Log In

  • Register

Welcome to Splunk Searches!

SplunkSearches.com is a collection of Splunk searches, Splunk SPL tips and tricks, and Splunk search optimization techniques.

Search Tip of the Week

Have you ever wondered how to send the results of one search into another search? By using the map command you can achieve exactly that. Example: sourcetype=syslog sudo | stats count by user host | map search="search index=ad_summary username=$user$ type_logon=ad_last_logon"
Previous Next
Latest Searches:

Size of KV Store Collections

Universal Forwarders with Expired Certificates

Check for Hosts Hitting Max File Descriptor (max_fd) Limit

Sourcetypes that are Being Truncated

Ingested Comments

Volume of Ingested Comments

License Usage by Sourcetype

Queued Searches

Splunk User Creations, Modifications, Deletions

Users Running All Time Searches

Most Popular Searches:

List of all ITSI KPI Thresholds by Service

Last time that a host or sourcetype reported data

Duplicate Events by Index, Sourcetype

Apps and Views that Users are Accessing

Duplicate Events in Splunk

All network traffic

Historical Splunk Version Installed

Detecting Log4J jndi Vulnerabilities (CVE-2021-44228) (Log4Shell)

Successful login after 10 failed attempts

Active correlation searches in Enterprise Security

Splunk Searches

is in no way associated with Splunk, Inc. or any of its affiliates.