Splunk Search

Community Activity

	SPL query to match fields value and create new field value based on matching condition. i have fields value in events something like below.TOOL_Status description Event_ID Host_NameCLOSED 21alerts has been... by RSS_STT Explorer in Splunk Search 01-17-2024 0 2	0	2
	How to combine two datamodels in the tstats command? I want to merge them to capture DCOM lateral movement events. I want to combine these two events. Can anyone help me? I have tried using the join and append commands, but haven't ... by quangnm21 Explorer in Splunk Search 01-16-2024 0 1	0	1
	How to combine field values? Hi experts, I want to just combine these location sites - "HU1","IA2","IB0 and create new AM site.I tried this query,... by Muthu_Vinith Path Finder in Splunk Search 01-16-2024 0 3	0	3
	Help please. How can I write this using a lookup for the IPs? thank you I have tried using search but can't seem to get it right. Any guidance is appreciated This alert detects any traffic ... by GIA Path Finder in Splunk Search 01-16-2024 0 12	0	12
	Controlling Text - Output Table formatted data to text We are in the process of generating Events in ServiceNow using the Splunk add-on for ServiceNow. We are passing Even... by regarza Engager in Splunk Search 01-16-2024 0 0	0	0
	Why "*" start does not include the void value Hello everyone, I'm working on Splunk Entreprise and on the Search & Reporting app. I made many drop-down menu to fil... by michaelteck Explorer in Splunk Search 01-16-2024 0 2	0	2
	Searching a lookup I have this lookupI want the total count when the timeval is latest. (in this case 2023) any solution by Siddharthnegi Contributor in Splunk Search 01-16-2024 0 7	0	7
	How to find the difference of time between the 2 fields ? Hi Can you please tell me how can i extract the events for which the difference of current_time and timestampOfRece... by Real_captain Path Finder in Splunk Search 01-16-2024 0 7	0	7
	How to filter results of a 2nd search from the main search I have a use case where I want to setup Splunk Alerts for certain Exception events. I have already defined standard E... by D_Rai New Member in Splunk Search 01-16-2024 0 1	0	1
	Updating App Macros Hi Community People.Our team has stood up a new instance of Splunk, and we have deployed out some cool new apps. One ... by JohnEGones Communicator in Splunk Search 01-15-2024 0 1	0	1
	How to use Not Exists function in Splunk when 2 indexes are involved ? Hi Can someone help to explain how we can use Not-exists in Splunk. Example is attached below for which i need to use... by Real_captain Path Finder in Splunk Search 01-15-2024 0 8	0	8
	Interpretation of integers I am wondering why the two following requests, when applied to exactly the same time range, return a different value:... by fabienpe Explorer in Splunk Search 01-15-2024 0 8	0	8
	Reordering fields Hello Splunkers,I've a Region filter over the dashboard. This Region filter has values AMER and EMEA. I've a requirem... by mnj1809 Path Finder in Splunk Search 01-15-2024 0 3	0	3
	To extract a field using the REX Command HelloI want to extract the field issrDsclsrReqId" using the Rex command. Can someone please help me with the command ... by Real_captain Path Finder in Splunk Search 01-15-2024 0 6	0	6
	Report NOT running 1 week I have this query in my report scuedhled to run every week, but results are for all time, how can i fix ?index=dlp us... by dm2 Explorer in Splunk Search 01-14-2024 0 1	0	1
	IndexScopedSearch The search failed. More than 1000000 events were found I read many articles about it but no one knows how to fix it. so how can I fix it? Error in 'IndexScopedSearch': The ... by abedcx Explorer in Splunk Search 01-13-2024 0 4	0	4
	Help with Outbound SMB traffic Rule SPL, please. Thank you! Can someone please help me with this rule? I have been assigned to create a bunch of similar rules but I am strugglin... by GIA Path Finder in Splunk Search 01-12-2024 0 2	0	2
	Fix Error: IndexScopedSearch? Hello Splunk enjoyers!I loaded some data(10 000 000), with fields: updated_time, info, user and discription, to my n... by splunk_enjoyer Explorer in Splunk Search 01-12-2024 0 2	0	2
	How to monitor a certain rule from McAfee? Hi!  I want to write a query that will show me all the events that jumped because of a certain rule that I set in Mc... by meitarsaban03 Loves-to-Learn in Splunk Search 01-12-2024 0 1	0	1
	Need an help to create a SPL's. Hi,Could any one pls figure out from these below logs to achieve the use case like when we launch rdp,proxy from secr... by AL3Z Builder in Splunk Search 01-12-2024 0 1	0	1
	Checking specific index data for large server list Hi all,I have list of 3k+ servers for which i want to check data flow from specific index. How can i do this with opt... by nehamvinchankar Path Finder in Splunk Search 01-12-2024 0 3	0	3
	Calculate Percentage of status code for 200 by _time I want to calculate the Percentage of status code for 200 out of Total counts of Status code by time. I have written ... by Chirag812 Explorer in Splunk Search 01-11-2024 0 2	0	2
	How to create summary index? I have a dashboard which contains 5 panels in table format.Query for panel1:index=xxxx sourcetype=xxxxx stroage_name... by Vani_26 Path Finder in Splunk Search 01-11-2024 0 5	0	5
	best/fastest way to match results from two sets of data in the same index I have an index that is receiving JSON data from a HEC, but with 2 different data sets and about 2M per day:DS1{guid:... by loganramirez Path Finder in Splunk Search 01-11-2024 0 8	0	8
	Return on certain field values in my search Hi Community,I'm fairly inexperienced when it comes to anything other than quite basic searches, so my apologies in a... by Clancy_Moped Engager in Splunk Search 01-11-2024 0 2	0	2