Splunk Search

Community Activity

blacklisting event code 4679. TaskCategory=Kerberos Service Ticket Operations Hello,I am trying to blacklist winevent code 4679 by TaskCategory=Kerberos Service Ticket Operations. This regex is... by nyajoefit22 Loves-to-Learn Lots in Splunk Search 12-20-2023 0 3	0	3
I need to create panel with filter Hi,So i have below base query :\| inputlookup abc.csv where DECOMMISSIONED=N \| fields DATABASE DB_VERSION APP_NAME ACT... by shruti14 Explorer in Splunk Search 12-20-2023 0 1	0	1
How to sort value in a multivalue field of IP address Hello, I know that mvsort command sort values lexicographically.But I want the output as below:62.0.3.7563.0.3.8475.... by mnj1809 Path Finder in Splunk Search 12-20-2023 0 9	0	9
Box plot error in 'stats' command I try to make box plot graph using <viz>However, My code have this error,"Error in 'stats' command: The number of wil... by Questioner Path Finder in Splunk Search 12-19-2023 0 2	0	2
How can I extract just a section of a field? I have a key called messageInside the value are several results but I need to only extract one result in the middle o... by mark_groenveld Path Finder in Splunk Search 12-19-2023 0 2	0	2
Data disappears in expanded search time I'm trying to have a timechart showing the count of events by a category grouped by week. The search time is controll... by michaeler Communicator in Splunk Search 12-19-2023 0 3	0	3
Searching a block of text for multiple values from a list. I have an index set up that holds a number of fields, one of which is a comma separated list of reference numbers and... by El_Franco Explorer in Splunk Search 12-19-2023 0 3	0	3
Why my date values are showing the year 1969 (12/31/1969) this is my end_time: 1703027679.5678809After this query, it showed this output but i am getting the 1969 format\| eval... by ramkyreddy Explorer in Splunk Search 12-19-2023 0 1	0	1
I want to create the table in Splunk for last 3 months TC Execution Summary for Last QuarterNo. of job runsAUSJERINDASIAugust150121110200Sept200140150220Oct100160130420I wa... by ramkyreddy Explorer in Splunk Search 12-19-2023 0 4	0	4
Deduct certain events from search by riz1 Engager in Splunk Search 12-18-2023 0 1	0	1
Rename works in search but not in Dashboard Studio I have a data like this.{ ... name: AppName metrics: {<!-- --> data: [ { details: { ... } ... by MirrorCraze Explorer in Splunk Search 12-18-2023 0 5	0	5
Max/Min/Avg TPS Hi all, I have this query:\| timechart span=1s count AS TPS\| eventstats max(TPS) as MaxPeakTPS\| stats avg(TPS) as avgT... by WanLohnston Explorer in Splunk Search 12-18-2023 0 4	0	4
How to round Totals for Statistics under Format Summary? HelloWhen I turned on Total for Statistics under Format > Summary, the output shows long digit after decimal point: T... by LearningGuy Motivator in Splunk Search 12-18-2023 0 13	0	13
Partially eliminate error message in Splunk query Hi,below are the log details.index=ABC sourcetype=logging_0Below are the values of "ErrorMessages" field:invalid - 5 ... by Dharani Path Finder in Splunk Search 12-18-2023 0 6	0	6
How to add colors to a Column Chart This is my source code</search> <option name="charting.chart">column</option> <option name="charting.dr... by avi7326 Path Finder in Splunk Search 12-18-2023 0 3	0	3
Arranging column chart X-axis labels in static order Hi Everyone,I have a column chart for the below query. As shown in the below screenshot, the x-axis label is sorted i... by Pratyusha Engager in Splunk Search 12-17-2023 0 2	0	2
Search data by result count I have a search that returns a list of users and the country logins have occurred from grouped by user.index=o365 Use... by balcv Contributor in Splunk Search 12-17-2023 0 2	0	2
Removing duplicates from 2 multivalue field (leaving distinct values only) I have 2 multivalue fields (old and new) containing group lists for 1 or more users. The new values is the list of gr... by diskioinferno Engager in Splunk Search 12-17-2023 0 3	0	3
Using wildcard in mvfind Hi All,I am facing error using wildcard in multivalue field. I am using mvfind to find a string. eval test_loc=case(... by Poojitha Communicator in Splunk Search 12-16-2023 0 7	0	7
tuning the query Hi Team,I am using a query which has same index and source but fetch two results based on the search and combine to a... by nithys Communicator in Splunk Search 12-16-2023 0 3	0	3
Expand json string into searchable fields HiKinda a new to splunk . Sending data to splunk via HEC. Its a DTO which contains various fields, one of them being ... by murad Observer in Splunk Search 12-16-2023 0 3	0	3
Monthly AV compliance report expert query Dear All,Scenario--> 1AV server is having multiple endpoint reporting to it. This AV server integrated with Splunk an... by mohammadsharukh Path Finder in Splunk Search 12-16-2023 0 1	0	1
How to get fields into a bar chart? I have a search as follows:index=\|search sourcetype=\|spath logs{} output=logs\|spath serial_number output=serial_num... by nkavouris Path Finder in Splunk Search 12-15-2023 0 2	0	2
HF multiple UDP port listening \| Best practices Hello Splunkers,I have a Splunk HF that will receive multiple logs coming from different machines, all sending via UD... by GaetanVP Contributor in Splunk Search 12-15-2023 1 4	1	4
merge rows to one row if matches the result value by VM ( little complex situation) I have a Splunk result like below.VMcol1col2vm1carsedanvm2carsedanvm3planePrivvm4bikeFazervm5bikethunder I would like... by Satheesh_red Path Finder in Splunk Search 12-15-2023 0 10	0	10