SPLUNK SEARCH HISTORY

micro@lab:~/splunk-lab$ docker-compose exec splunk bash
/opt/splunk/etc/users/admin/search/history/226564ab2f07.csv

Here are the unique search queries from the provided data, one per line:

  1. search source="tutorialdata (1).zip:*" index="sree"
  2. search index="sree"
  3. search index="sree"
  4. | metadata type=sourcetypes | search totalCount > 0
  5. search index="tutorial_data"
  6. search index="tutorial_data"
  7. search index="tutorial_data"
  8. search index="tutorial_data" sourcetype="access_combined_wcookie"
  9. search index="tutorial_data" sourcetype="access_combined_wcookie" host="www2"
  10. search index="tutorial_data" sourcetype="access_*" host="www2"
  11. | loadjob 1745507275.56 events=t ignore_running=f require_finished=f | search index=* OR index=_* sourcetype=access_combined_wcookie | head 1000
  12. | metadata type=sourcetypes | search totalCount > 0
  13. search index="tutorial_data" sourcetype="access_combined_wcookie"
  14. | loadjob 1745508521.71 events=t ignore_running=f require_finished=f | search index=* OR index=_* sourcetype=access_combined_wcookie | head 1000
  15. | loadjob 1745508521.71 events=t ignore_running=f require_finished=f | search index=* OR index=_* sourcetype=access_combined_wcookie | head 1000
  16. | loadjob 1745508521.71 events=t ignore_running=f require_finished=f | search index=* OR index=_* sourcetype=access_combined_wcookie | rex field=_raw "(?ms)^(?P<MyIP>[^ ]+)" offset_field=_extracted_fields_bounds | head 1000
  17. | metadata type=sourcetypes | search totalCount > 0
  18. search index="tutorial_data" sourcetype="access_combined_wcookie"
  19. search index="tutorial_data" sourcetype="access_combined_wcookie" Moz
  20. search index="tutorial_data" sourcetype="access_combined_wcookie" chrome
  21. search index="tutorial_data" sourcetype="access_combined_wcookie" moz
  22. search index="tutorial_data" sourcetype="access_combined_wcookie" Mozilla
  23. search index="tutorial_data" sourcetype="access_combined_wcookie" 200
  24. search index="tutorial_data" sourcetype="access_combined_wcookie" status=200
  25. search index="tutorial_data" sourcetype="access_combined_wcookie" status=200 action=purchase
  26. search index="tutorial_data" sourcetype="access_combined_wcookie" status=200
  27. search index="tutorial_data" sourcetype="access_combined_wcookie" status=200 action=purchase
  28. search index="tutorial_data" sourcetype="access_combined_wcookie" status=200 action=purchase | top clientip
  29. search index="tutorial_data" sourcetype="access_combined_wcookie" status=200 action=purchase | top clientip limit=1
  30. search index="tutorial_data" sourcetype="access_combined_wcookie" status=200 action=purchase
  31. search index="tutorial_data" sourcetype="access_combined_wcookie" status=200 action=purchase|top clientip
  32. search index="tutorial_data" sourcetype="access_combined_wcookie" status=200 action=purchase
  33. search index="tutorial_data" sourcetype="access_combined_wcookie" status=200 action=purchase | table clientip
  34. search index="tutorial_data" sourcetype="access_combined_wcookie" status=200 action=purchase
  35. search index="tutorial_data" sourcetype="access_combined_wcookie" status=200 action=purchase | top clientip limit=1| table count
  36. search index="tutorial_data" sourcetype="access_combined_wcookie" status=200 action=purchase | top clientip limit=1| table clientip
  37. search index="tutorial_data" sourcetype="access_combined_wcookie" status=200 action=purchase clientip=87.194.216.51
  38. search index="tutorial_data" sourcetype="access_combined_wcookie" status=200 action=purchase clientip=87.194.216.51
  39. search index="tutorial_data" sourcetype="access_combined_wcookie" status=200 action=purchase | table clientip
  40. search index="tutorial_data" sourcetype="access_combined_wcookie" status=200 action=purchase
  41. search index="tutorial_data" sourcetype="access_combined_wcookie" status=200 action=purchase
  42. search index="tutorial_data" sourcetype="access_combined_wcookie" status=200 action=purchase clientip=[search index="tutorial_data" sourcetype="access_combined_wcookie" status=200 action=purchase | top clientip limit=1| table clientip]
  43. search index="tutorial_data" sourcetype="access_combined_wcookie" status=200 action=purchase clientip="[search index="tutorial_data" sourcetype="access_combined_wcookie" status=200 action=purchase | top clientip limit=1| table clientip]"
  44. search index="tutorial_data" sourcetype="access_combined_wcookie" status=200 action=purchase [search index="tutorial_data" sourcetype="access_combined_wcookie" status=200 action=purchase | top clientip limit=1| table clientip]
  45. search index="tutorial_data" sourcetype="access_combined_wcookie" status=200 action=purchase clientip=[search index="tutorial_data" sourcetype="access_combined_wcookie" status=200 action=purchase | top clientip limit=1| table clientip]
  46. search index="tutorial_data" sourcetype="access_combined_wcookie" status=200 action=purchase | top clientip limit=1 | rename clientip "VIP Customer"
  47. search index="tutorial_data" sourcetype="access_combined_wcookie" status=200 action=purchase | top clientip limit=1 | table count
  48. search index="tutorial_data" sourcetype="access_combined_wcookie" status=200 action=purchase | top clientip limit=1| table clientip
  49. search index="tutorial_data" sourcetype="access_combined_wcookie" status=200 action=purchase clientip=87.194.216.51
  50. search index="tutorial_data" sourcetype="access_combined_wcookie" status=200 action=purchase | top clientip limit=1| table clientip
  51. search index="tutorial_data" sourcetype="access_combined_wcookie" status=200 action=purchase | top clientip limit=1| table count
  52. search index="tutorial_data" sourcetype="access_combined_wcookie" status=200 action=purchase clientip=[search index="tutorial_data" sourcetype="access_combined_wcookie" status=200 action=purchase | top clientip limit=1| table clientip]
  53. search index="tutorial_data" sourcetype="access_combined_wcookie" status=200 action=purchase clientip=[search index="tutorial_data" sourcetype="access_combined_wcookie" status=200 action=purchase | top clientip limit=1| table clientip]
  54. search index="tutorial_data" sourcetype="access_combined_wcookie" status=200 action=purchase clientip="[search index="tutorial_data" sourcetype="access_combined_wcookie" status=200 action=purchase | top clientip limit=1| table clientip]"

These queries are derived from your provided CSV and represent the unique searches executed in Splunk.