Splunk Search

Community Activity

Search queries Hi,I need help generating search queries using SPL, especially in my new role as a SOC Analyst. I would like to know ... by of New Member in Splunk Search 12-27-2023 0 1	0	1
How to combine rows based on parent-child relationship on separate fields Hi,I have data like these entrieslink id parent name---- --- ... by yolk Observer in Splunk Search 12-26-2023 0 3	0	3
Need to Exclude event SERVICE_START observed within 10 minutes from same host after observing service stop (index=123) sourcetype=XYZ AND type IN ("SERVICE_STOP") ) \| _time host type _raw is the main query where we are sea... by HPACHPANDE Explorer in Splunk Search 12-25-2023 0 2	0	2
I want to extract list of all clients deployed in Splunk along with the location of splunkd on those clients Hi,There are a lot of clients in my architecture and every other splunk instance is deployed in either /opt/bank/splu... by krutika_ag Path Finder in Splunk Search 12-24-2023 0 4	0	4
Difference between the NOT and != operators? What is the difference between the NOT operator and the != operator? I have always used NOT up to this point, but am... by Jason Motivator in Splunk Search 12-22-2023 3 5	3	5
How to get the result of next event by searching for a key word I want to get the result of the next line of the log message when I encounter a key word.Example log:----error in ch... by t_splunk_d Path Finder in Splunk Search 12-22-2023 0 4	0	4
inputlookup query table fields I am running the current search using the network toolkit but will not show the hostname field from the csv, do I nee... by MGlass Explorer in Splunk Search 12-22-2023 0 2	0	2
Help with report creation please hello I am pretty new using Splunk and I am being tasked to generate multiple of these kinds of reports in Splunk (or... by GIA Path Finder in Splunk Search 12-21-2023 0 5	0	5
Splunk coalesce index="*******"message_type =ERROR correlation_id=""\| eval err_field1 = spath(_raw,"response_details.body")\| eval e... by yuvaraj_m91 Loves-to-Learn Lots in Splunk Search 12-21-2023 0 2	0	2
Splunk content This was my initial search. I cannot compare the two fields "srcdomain = destdomain" because when I intend to use eva... by quangnm21 Explorer in Splunk Search 12-21-2023 0 3	0	3
How to compare matching values and their count from two fields from two lookup files Hello Friends, I need your help to find out matching fields values and their total count by comparing from two differ... by Mr_Adate Explorer in Splunk Search 12-20-2023 0 9	0	9
Download splunk apm on premises Hihow can I download splunk apm on premises? FYI: I don’t want use cloud version Thanks by indeed_2000 Motivator in Splunk Search 12-20-2023 0 6	0	6
Change table columns based on field value Hello All,I have a search question. I have a csv file that returnds data.the ID field if there is no data - I want to... by eholz1 Builder in Splunk Search 12-20-2023 0 3	0	3
Extract fields in query or in config file HiWhat is the different between Extract fields in query with rex or in config file.Pros and cons?how about performanc... by indeed_2000 Motivator in Splunk Search 12-20-2023 0 4	0	4
strptime calculation not working correctly with / but works with - timeformat Hi, communities,I am doing a calculation or eval command. \| eval dormancy=if(last_login="(never)",round((now()-str... by youngsuh Contributor in Splunk Search 12-20-2023 0 1	0	1
blacklisting event code 4679. TaskCategory=Kerberos Service Ticket Operations Hello,I am trying to blacklist winevent code 4679 by TaskCategory=Kerberos Service Ticket Operations. This regex is... by nyajoefit22 Loves-to-Learn Lots in Splunk Search 12-20-2023 0 3	0	3
I need to create panel with filter Hi,So i have below base query :\| inputlookup abc.csv where DECOMMISSIONED=N \| fields DATABASE DB_VERSION APP_NAME ACT... by shruti14 Explorer in Splunk Search 12-20-2023 0 1	0	1
How to sort value in a multivalue field of IP address Hello, I know that mvsort command sort values lexicographically.But I want the output as below:62.0.3.7563.0.3.8475.... by mnj1809 Path Finder in Splunk Search 12-20-2023 0 9	0	9
Box plot error in 'stats' command I try to make box plot graph using <viz>However, My code have this error,"Error in 'stats' command: The number of wil... by Questioner Path Finder in Splunk Search 12-19-2023 0 2	0	2
How can I extract just a section of a field? I have a key called messageInside the value are several results but I need to only extract one result in the middle o... by mark_groenveld Path Finder in Splunk Search 12-19-2023 0 2	0	2
Data disappears in expanded search time I'm trying to have a timechart showing the count of events by a category grouped by week. The search time is controll... by michaeler Communicator in Splunk Search 12-19-2023 0 3	0	3
Searching a block of text for multiple values from a list. I have an index set up that holds a number of fields, one of which is a comma separated list of reference numbers and... by El_Franco Explorer in Splunk Search 12-19-2023 0 3	0	3
Why my date values are showing the year 1969 (12/31/1969) this is my end_time: 1703027679.5678809After this query, it showed this output but i am getting the 1969 format\| eval... by ramkyreddy Explorer in Splunk Search 12-19-2023 0 1	0	1
I want to create the table in Splunk for last 3 months TC Execution Summary for Last QuarterNo. of job runsAUSJERINDASIAugust150121110200Sept200140150220Oct100160130420I wa... by ramkyreddy Explorer in Splunk Search 12-19-2023 0 4	0	4
Deduct certain events from search by riz1 Engager in Splunk Search 12-18-2023 0 1	0	1