Splunk Search

Community Activity

Rex query for two different type event Need help on getting rex query. I am getting below two events. I am able to rex for event 1 with NULL field. But I a... by ravir_jbp Explorer in Splunk Search 02-02-2024 0 2	0	2
Writing Regex with Lookaheads to Capture Group Hello,I am attempting to write some regex with a lookahead.My event ispluginText: <plugin_output>Here is the list of ... by nateloepker Explorer in Splunk Search 02-02-2024 0 1	0	1
Unable to do simple calculation of aggregate durations between 2 states by host Given that per host there are 2 events logged, one indicating transition to active and one indicating transition to i... by smahoney Path Finder in Splunk Search 02-02-2024 0 1	0	1
Adding a column Hi Splunk experts,I’m a Splunk beginner. I need help with a requirement. I have fields named 'location,' 'login,' and... by Muthu_Vinith Path Finder in Splunk Search 02-02-2024 0 2	0	2
Set time using data in token I made a graph that send time data at click point.I use "fieldformat" to change time data shown.This is my code about... by Questioner Path Finder in Splunk Search 02-02-2024 0 3	0	3
Use the '\| from datamodel' command when the datamodel is configured as grandparent/parent/child. I want to query the user dataset using the from datamodel command.I know how to use nodename in the tstat command.Whe... by rrythi Loves-to-Learn in Splunk Search 02-01-2024 0 0	0	0
Nested inputlookup with join or eval My current search that is working is - \| from datamodel:Remote_Access_Authentication \| rex field=dest_nt_domain "^(?<... by jeradb Explorer in Splunk Search 02-01-2024 0 2	0	2
tstats stopped returning data with summariesonly=true after adding _time field Hi,We have a datamodel built against application data. All the tstats searches against the DM were running fine, incl... by att35 Builder in Splunk Search 02-01-2024 0 0	0	0
Streamlining with tstats Hi all, im looking to create a dashboard to capture various info on or proxy data. I have a few simple queries index=... by supersnedz Path Finder in Splunk Search 02-01-2024 0 4	0	4
How to subtract filed values in a column I have AWS Cloudtrail data and want to find out how long an EC2 instance was stopped. Is it possible to subtract the ... by ezamit Explorer in Splunk Search 01-31-2024 0 6	0	6
how to break down a record in multiple rows I have a records that comes with multiple items in a single row. Is there a way i can break it down in a single row. ... by ezamit Explorer in Splunk Search 01-31-2024 0 2	0	2
Inputs Conf on Deployment Apps and HFs Hi Splunkers, Have the following situation, and interested in another opinion:We have a distributed environment with ... by JohnEGones Communicator in Splunk Search 01-31-2024 0 1	0	1
How to calculate time difference? I'm looking to get a difference between both times and create a 3rd field for the results (Properties.actionedDate - ... by EvansB Path Finder in Splunk Search 01-31-2024 0 7	0	7
In a search combine two-three field values(columns) into one field Hi,I have an output like this -LocationEventNameErrorCodeSummaryserver1Mssql.LogBackupFailedBackupAgentErrorFailed ba... by man03359 Communicator in Splunk Search 01-31-2024 0 2	0	2
Splunk health check monitoring using command line ? Hi, is it possible to extract informations about Splunk System health check using command line ? For example I wo... by dlugasny New Member in Splunk Search 01-31-2024 0 3	0	3
Is using index=proxy really bad? HelloI have a question. We have lots of indexes, and rather than specify each one, I use index=proxy to search acro... by davidwaugh Path Finder in Splunk Search 01-31-2024 0 2	0	2
Filtering Hi Splunkers, I dont need the value in first line and need that value later in search to filter, so I tried tis way... by smanojkumar Contributor in Splunk Search 01-31-2024 0 7	0	7
splunk lets say i have a query which is giving no result at present date but may give in future . In this query I have calcu... by Siddharthnegi Contributor in Splunk Search 01-31-2024 0 3	0	3
How to display top 5 and replace the rest with others? How to display top 10 and replace the rest with others?I tried using top limit 5 with userother, but the number did... by LearningGuy Motivator in Splunk Search 01-31-2024 0 7	0	7
How can I search events based on another lookup file subsearch using like. Hi,Would you mind to help on this?, I have been working for days to figure out how can I pass a lookup file subsearch... by JMPP Explorer in Splunk Search 01-30-2024 0 3	0	3
Time conversion for AWS Cloudtrail logs using strptime() and strftime() not working My original time format in the search is eventID: d7d2d438-cc61-4e74-9e9a-3fd8ae96388d eventName: StartInstances ... by ezamit Explorer in Splunk Search 01-30-2024 0 2	0	2
How to find all Dashboards, Reports and Alerts related to a specific index ? Our Splunk instance is being overhauled and I need to update all of the content that has been built. We have some in... by john_glasscock Path Finder in Splunk Search 01-30-2024 1 13	1	13
Tracking Field Changes in Events Hello,I'm looking of your insights to pinpoint changes in fields over time. Events structured with timestamp, ID, and... by PavelP Motivator in Splunk Search 01-30-2024 0 11	0	11
How do I do a search on an inputlookup from data loaded from datamodel My current serach is - \| from datamodel:Remote_Access_Authentication.local \| append [\| inputlookup Domain \| rename n... by jeradb Explorer in Splunk Search 01-30-2024 0 1	0	1
Phishing emails Hi,I want to create a search query that looks for users who have received phishing emails, clicked the link, or downl... by of New Member in Splunk Search 01-30-2024 0 4	0	4