Splunk Search

Community Activity

	Using a lookup table to store regex patterns to be used in a search Is it possible to store regex patterns in a lookup table so that it can be used in a search?For example lets say I ha... by klim Path Finder in Splunk Search 01-02-2024 0 4	0	4
	Extraction of value from nested multivalue field Hi All,I have a multivalue field that contains nested key value pair with key named as "Key" and Value named as "Valu... by Poojitha Communicator in Splunk Search 01-02-2024 0 4	0	4
	Splunk Message : Search has been terminated. This is most likely due to an out of memory condition Hello Everyone,I'm attempting to search for queries in Splunk Free Edition. However, it worked well for some time, an... by Naveen_4025 New Member in Splunk Search 01-02-2024 0 3	0	3
	Fetch the details We are trying to create a dashboard to understand the usage of our application version something like shown belowAppl... by svodela Explorer in Splunk Search 01-02-2024 0 6	0	6
	Monitor log file inside zip file Hi All, There are 50 zip files in a folder in those zip folders there are many other files- log/txt/png, out of which... by krutika_ag Path Finder in Splunk Search 01-01-2024 0 4	0	4
	Combine results from multiple queries I am new to splunk queries and was trying to combine results from multiple queries without using subsearches due to i... by p0r049z Engager in Splunk Search 01-01-2024 0 5	0	5
	How to find a difference of a column field by date Namepercdatexxx9028-Dec-23yyy9128-Dec-23zzz9228-Dec-23xxx9629-Dec-23yyy9729-Dec-23zzz9829-Dec-23 i want to calculate ... by bhava2704 New Member in Splunk Search 12-31-2023 0 4	0	4
	Regex: regular expression is too large Hi Team/Community,I'm having an issue with a lookup file. I have a csv with two columns, 1st is named ioc and second ... by jhooper33 Explorer in Splunk Search 12-31-2023 0 14	0	14
	Search for Upload Activity to Unique Domains Hi all,I am trying to put together a search and stats table for users in our environment who have uploaded data to a ... by AC1 Engager in Splunk Search 12-29-2023 0 4	0	4
	Expression for custom lookup table values Hi All,This may be a bit of a peculiar question, but I'm trying to figure out if there's a way to use a certain expre... by bcanfield83 Engager in Splunk Search 12-29-2023 0 2	0	2
	Update output count as percent I am trying to generate a list of the percentages of response codes by resultCode by app. A simplified version of ev... by xxxxxxxxxxxxxx Explorer in Splunk Search 12-29-2023 0 8	0	8
	Index time hi, how can I change the scheduled index time of a data source? by beepbop Explorer in Splunk Search 12-28-2023 0 1	0	1
	LINE_BREAKER in json files Hello, Line breaker in my props configuration for the json formatted file is not working, it's not breaking the json ... by SplunkDash Motivator in Splunk Search 12-28-2023 0 2	0	2
	How to compare 2 different Fields between 2 lookups and output must be missing items Lookup 1 : Contains fields such as AssetName FQDN and IP AddressLookup 2 : Contains fields such as Host Index and... by HPACHPANDE Explorer in Splunk Search 12-28-2023 0 1	0	1
	Track Changes to a field Hello guysI need some help with making a table/dashboard that shows me changes to incidents in our Defender platform.... by akselsoeb Engager in Splunk Search 12-28-2023 0 2	0	2
	What am I doing wrong with this case function??? I have tried to use the following eval to pretty up the return of a field but the result is always test. I have trie... by Pat Path Finder in Splunk Search 12-27-2023 0 11	0	11
	Unable to get botsv1 in search result Hi,I have a botsv1 dataset uploaded in Splunk simulated environment. But when I search "index=botsv1" , it returns 0 ... by Dipti Explorer in Splunk Search 12-27-2023 0 4	0	4
	Convert Epoch Time to a different timezone using SPL I have the follow time:EPOCH HUMAN READABLE170363091912/26/2023 19:48:39I would like to convert the EPOCH to CST time... by jason_hotchkiss Communicator in Splunk Search 12-27-2023 0 3	0	3
	Unable to get the lookup values on the search queries Hi Team,Need your assistant for below We have created new csv lookup and we are using the below query but we are get... by Nagalakshmi Path Finder in Splunk Search 12-27-2023 0 2	0	2
	Compare fields without wildcards Hello everyone, I'm a beginner in using Splunk. I'm facing an issue in finding a search solution for the following id... by quangnm21 Explorer in Splunk Search 12-27-2023 0 4	0	4
	Escape literal $ at FORMAT of transforms.conf Hi, I have the following transforms.conf: [REPLACEMENT_COST] CLEAN_KEYS = 0 FORMAT = $1"REPLACEMENT_COST2":"$2$s"$3 R... by Assaf_Katz Loves-to-Learn in Splunk Search 12-27-2023 0 2	0	2
	Search queries Hi,I need help generating search queries using SPL, especially in my new role as a SOC Analyst. I would like to know ... by of New Member in Splunk Search 12-27-2023 0 1	0	1
	How to combine rows based on parent-child relationship on separate fields Hi,I have data like these entrieslink id parent name---- --- ... by yolk Observer in Splunk Search 12-26-2023 0 3	0	3
	Need to Exclude event SERVICE_START observed within 10 minutes from same host after observing service stop (index=123) sourcetype=XYZ AND type IN ("SERVICE_STOP") ) \| _time host type _raw is the main query where we are sea... by HPACHPANDE Explorer in Splunk Search 12-25-2023 0 2	0	2
	I want to extract list of all clients deployed in Splunk along with the location of splunkd on those clients Hi,There are a lot of clients in my architecture and every other splunk instance is deployed in either /opt/bank/splu... by krutika_ag Path Finder in Splunk Search 12-24-2023 0 4	0	4