Splunk Search

Community Activity

Regex: regular expression is too large Hi Team/Community,I'm having an issue with a lookup file. I have a csv with two columns, 1st is named ioc and second ... by jhooper33 Explorer in Splunk Search 12-31-2023 0 14	0	14
Search for Upload Activity to Unique Domains Hi all,I am trying to put together a search and stats table for users in our environment who have uploaded data to a ... by AC1 Engager in Splunk Search 12-29-2023 0 4	0	4
Expression for custom lookup table values Hi All,This may be a bit of a peculiar question, but I'm trying to figure out if there's a way to use a certain expre... by bcanfield83 Engager in Splunk Search 12-29-2023 0 2	0	2
Update output count as percent I am trying to generate a list of the percentages of response codes by resultCode by app. A simplified version of ev... by xxxxxxxxxxxxxx Explorer in Splunk Search 12-29-2023 0 8	0	8
Index time hi, how can I change the scheduled index time of a data source? by beepbop Explorer in Splunk Search 12-28-2023 0 1	0	1
LINE_BREAKER in json files Hello, Line breaker in my props configuration for the json formatted file is not working, it's not breaking the json ... by SplunkDash Motivator in Splunk Search 12-28-2023 0 2	0	2
How to compare 2 different Fields between 2 lookups and output must be missing items Lookup 1 : Contains fields such as AssetName FQDN and IP AddressLookup 2 : Contains fields such as Host Index and... by HPACHPANDE Explorer in Splunk Search 12-28-2023 0 1	0	1
Track Changes to a field Hello guysI need some help with making a table/dashboard that shows me changes to incidents in our Defender platform.... by akselsoeb Engager in Splunk Search 12-28-2023 0 2	0	2
What am I doing wrong with this case function??? I have tried to use the following eval to pretty up the return of a field but the result is always test. I have trie... by Pat Path Finder in Splunk Search 12-27-2023 0 11	0	11
Unable to get botsv1 in search result Hi,I have a botsv1 dataset uploaded in Splunk simulated environment. But when I search "index=botsv1" , it returns 0 ... by Dipti Explorer in Splunk Search 12-27-2023 0 4	0	4
Convert Epoch Time to a different timezone using SPL I have the follow time:EPOCH HUMAN READABLE170363091912/26/2023 19:48:39I would like to convert the EPOCH to CST time... by jason_hotchkiss Communicator in Splunk Search 12-27-2023 0 3	0	3
Unable to get the lookup values on the search queries Hi Team,Need your assistant for below We have created new csv lookup and we are using the below query but we are get... by Nagalakshmi Path Finder in Splunk Search 12-27-2023 0 2	0	2
Compare fields without wildcards Hello everyone, I'm a beginner in using Splunk. I'm facing an issue in finding a search solution for the following id... by quangnm21 Explorer in Splunk Search 12-27-2023 0 4	0	4
Escape literal $ at FORMAT of transforms.conf Hi, I have the following transforms.conf: [REPLACEMENT_COST] CLEAN_KEYS = 0 FORMAT = $1"REPLACEMENT_COST2":"$2$s"$3 R... by Assaf_Katz Loves-to-Learn in Splunk Search 12-27-2023 0 2	0	2
Search queries Hi,I need help generating search queries using SPL, especially in my new role as a SOC Analyst. I would like to know ... by of New Member in Splunk Search 12-27-2023 0 1	0	1
How to combine rows based on parent-child relationship on separate fields Hi,I have data like these entrieslink id parent name---- --- ... by yolk Observer in Splunk Search 12-26-2023 0 3	0	3
Need to Exclude event SERVICE_START observed within 10 minutes from same host after observing service stop (index=123) sourcetype=XYZ AND type IN ("SERVICE_STOP") ) \| _time host type _raw is the main query where we are sea... by HPACHPANDE Explorer in Splunk Search 12-25-2023 0 2	0	2
I want to extract list of all clients deployed in Splunk along with the location of splunkd on those clients Hi,There are a lot of clients in my architecture and every other splunk instance is deployed in either /opt/bank/splu... by krutika_ag Path Finder in Splunk Search 12-24-2023 0 4	0	4
Difference between the NOT and != operators? What is the difference between the NOT operator and the != operator? I have always used NOT up to this point, but am... by Jason Motivator in Splunk Search 12-22-2023 3 5	3	5
How to get the result of next event by searching for a key word I want to get the result of the next line of the log message when I encounter a key word.Example log:----error in ch... by t_splunk_d Path Finder in Splunk Search 12-22-2023 0 4	0	4
inputlookup query table fields I am running the current search using the network toolkit but will not show the hostname field from the csv, do I nee... by MGlass Explorer in Splunk Search 12-22-2023 0 2	0	2
Help with report creation please hello I am pretty new using Splunk and I am being tasked to generate multiple of these kinds of reports in Splunk (or... by GIA Path Finder in Splunk Search 12-21-2023 0 5	0	5
Splunk coalesce index="*******"message_type =ERROR correlation_id=""\| eval err_field1 = spath(_raw,"response_details.body")\| eval e... by yuvaraj_m91 Loves-to-Learn Lots in Splunk Search 12-21-2023 0 2	0	2
Splunk content This was my initial search. I cannot compare the two fields "srcdomain = destdomain" because when I intend to use eva... by quangnm21 Explorer in Splunk Search 12-21-2023 0 3	0	3
How to compare matching values and their count from two fields from two lookup files Hello Friends, I need your help to find out matching fields values and their total count by comparing from two differ... by Mr_Adate Explorer in Splunk Search 12-20-2023 0 9	0	9