Welcome to Splunk Searches!SplunkSearches.com is a collection of Splunk searches, Splunk SPL tips and tricks, and Splunk search optimization techniques.
Search Tip of the WeekHave you ever wondered how to send the results of one search into another search? By using the map command you can achieve exactly that. Example:
sourcetype=syslog sudo | stats count by user host | map search="search index=ad_summary username=$user$ type_logon=ad_last_logon"
Universal Forwarders with Expired Certificates
Check for Hosts Hitting Max File Descriptor (max_fd) Limit
Sourcetypes that are Being Truncated
Splunk User Creations, Modifications, Deletions
Most Popular Searches:
List of all ITSI KPI Thresholds by Service
Last time that a host or sourcetype reported data
Duplicate Events by Index, Sourcetype
Apps and Views that Users are Accessing
Historical Splunk Version Installed
Detecting Log4J jndi Vulnerabilities (CVE-2021-44228) (Log4Shell)
Successful login after 10 failed attempts