Welcome to Splunk Searches!

SplunkSearches.com is a collection of Splunk searches, Splunk SPL tips and tricks, and Splunk search optimization techniques.

Search Tip of the Week

Have you ever wondered how to send the results of one search into another search? By using the map command you can achieve exactly that. Example:

sourcetype=syslog sudo | stats count by user host | map search="search index=ad_summary username=$user$ type_logon=ad_last_logon"

Latest Searches:

Splunk User Creations, Modifications, Deletions

Users Running All Time Searches

Indexers a Univeral Forwarder is Sending Data To

Fields in CIM Datamodel

Details on Active Database Connected (DBX) Connections

Database Connect (DBX) Inputs

Deployment Clients Phoning Home to Deployment Server

Detecting Log4J jndi Vulnerabilities (CVE-2021-44228) (Log4Shell)

Disk, CPU and Memory Details of SplunkCloud or On-prem Search Head

Size of All Lookup Files on Search Head

Most Popular Searches:

List of all ITSI KPI Thresholds by Service

Last time that a host or sourcetype reported data

Duplicate Events by Index, Sourcetype

Apps and Views that Users are Accessing

Duplicate Events in Splunk

All network traffic

Successful login after 10 failed attempts

Active correlation searches in Enterprise Security

Buckets frozen by index

List of Apps Deployed to Deployment Clients