Splunk Search

Community Activity

How to find all Dashboards, Reports and Alerts related to a specific index ? Our Splunk instance is being overhauled and I need to update all of the content that has been built. We have some in... by john_glasscock Path Finder in Splunk Search 01-30-2024 1 13	1	13
Tracking Field Changes in Events Hello,I'm looking of your insights to pinpoint changes in fields over time. Events structured with timestamp, ID, and... by PavelP Motivator in Splunk Search 01-30-2024 0 11	0	11
How do I do a search on an inputlookup from data loaded from datamodel My current serach is - \| from datamodel:Remote_Access_Authentication.local \| append [\| inputlookup Domain \| rename n... by jeradb Explorer in Splunk Search 01-30-2024 0 1	0	1
Phishing emails Hi,I want to create a search query that looks for users who have received phishing emails, clicked the link, or downl... by of New Member in Splunk Search 01-30-2024 0 4	0	4
create a field alias for _indextime Hi everyone,I would want to ask if I can create a field alias for _indextime and _time then set this alias as a defau... by Shihua Engager in Splunk Search 01-30-2024 0 2	0	2
Escaping special characters in text input I have a very basic dashboard that requires my users to put in text inputs. These inputs are then outputted to a CSV... by willadams Contributor in Splunk Search 01-29-2024 0 3	0	3
Help with Field Extraction Here is my sample data; start=Dec 30 2023 06:07:47 duser=NT AUTHORITY\SYSTEM dvc=10.163.142.37I need to extract the f... by secphilomath1 Explorer in Splunk Search 01-29-2024 0 9	0	9
Remove duplicate columns - column which have single unique value Hi, I want to get rid of columns which have single unique value. There could be multiple columns showing this behavio... by bhavesh0124 Explorer in Splunk Search 01-29-2024 0 3	0	3
Filter subset of search results I am trying to filter my search results where only a particular subset of the results should be shown. Example suppos... by ghostrider Path Finder in Splunk Search 01-29-2024 0 1	0	1
Join two indexes in one search I am noob with Splunk.I am trying to join two indexes in one search -index="idx-enterprise-tools" sourcetype="spectru... by man03359 Communicator in Splunk Search 01-29-2024 0 3	0	3
Using timechart to show the number of users in the busiest minute against a one hour span Hi,I'm after some assistance.I am trying to capture the peak number of concurrent users in a single minute block usin... by SleepyGuy Engager in Splunk Search 01-29-2024 0 3	0	3
using different date range but showing the same value When I was searching for the different data ranges in my Splunk dashboard it showed the same,for example, i am selec... by ramkyreddy Explorer in Splunk Search 01-29-2024 0 5	0	5
dnslookup on oneidentity-safeguard app Why oneidentity override dnslookup transform changing the parameters name ? from clientip to ip , from clienhost to... by paolos Loves-to-Learn Everything in Splunk Search 01-29-2024 0 2	0	2
timechart with multiple series Hi, Im trying to create a dashboard that easily presents api endpoint performance metrics I am generating a summary i... by clamarkv Explorer in Splunk Search 01-28-2024 0 1	0	1
Splunk query help - query for URL that have values other than X,Y,Z Lets say i would like to query for message that has a URL field with values other than X,Y,Z added as query parameter... by Splunkanator New Member in Splunk Search 01-27-2024 0 2	0	2
Left join not returning values as expected. I am joining two splunk query to capture the values which is not present in subquery. Trying to find the account whi... by yuvrajsharma_13 Explorer in Splunk Search 01-27-2024 0 2	0	2
How to pass data from a report to another report? Hello,How to pass data/token from a report to another report? Thank you for your helpI am trying to run a weekly re... by LearningGuy Motivator in Splunk Search 01-27-2024 0 3	0	3
Need Help with REGEX for this raw data We need to extract the value behind "<Computer>" I have underlined it to make it easier. It would also be beneficial... by zach-keener Explorer in Splunk Search 01-26-2024 0 2	0	2
tstats and inputlookup My current search is - \| tstats count AS event_count WHERE index=* BY host, _time span=1h\| append [ \| inputlookup Do... by jeradb Explorer in Splunk Search 01-26-2024 0 1	0	1
How do I create column chart using two fields and keep more fields in the statistical table? Hello,How do I create bar chart using two fields and keep all fields in the statistical table?The column chart automa... by LearningGuy Motivator in Splunk Search 01-26-2024 0 8	0	8
Password storage during setup of an app Hi all,Very new to Splunk so apologies if this is a very basic question. I've looked around and haven't found a concl... by nlloyd Engager in Splunk Search 01-26-2024 0 2	0	2
voulme data comparison Hi, I have below SPL, which return todays count vs yesterday count and difference between them. I want to see, if i r... by selvam_sekar Path Finder in Splunk Search 01-26-2024 0 3	0	3
How to correlate index with dbxquery with condition or interation? How to correlate index with dbxquery with condition or interation?See the sample below. Thank you for your help.ind... by LearningGuy Motivator in Splunk Search 01-25-2024 0 2	0	2
How to filter values returned from an array field? I have events with an array field named "tags". The tags array has 2 fields for each array object named "name" and "... by splguy Engager in Splunk Search 01-25-2024 0 2	0	2
Splunk Query not working as expected HiUsing following query:`mbp_ocp4` kubernetes.container.name =service level=NG_SERVICE_PERFORMANCE SERVICE!=DPTDRet... by Sunny Observer in Splunk Search 01-25-2024 0 3	0	3