Splunk Search

Community Activity

Compare 2 searches and Update Lookup Table and Rows Hi All,I am trying to do a search to compare 2 different sources. Firstly, I created a lookup to catch some rules hit... by onurragacc Loves-to-Learn Lots in Splunk Search 11-25-2023 0 1	0	1
splunk wildcard search I am very new to SPLUNK and practicing using the botsv1 index.I need to use a "Wild Card" to find all the passwords u... by Mouseman123 Explorer in Splunk Search 11-24-2023 0 4	0	4
not relevant by GIA Path Finder in Splunk Search 11-24-2023 0 1	0	1
Rex extract not working Hi, I have my messages like belowmsg: abc.com - [2023-11-24T18:38:26.541235976Z] "GET /products/?brand=ggg&market=ca&... by Span Engager in Splunk Search 11-24-2023 0 1	0	1
Users with the same roles, in the same app, and same search, are getting different results from AWS logs The search they are running is index=* cloudtrail<bucketnumber>* across a 7 day period.Environment Details: We are us... by sperkins Path Finder in Splunk Search 11-24-2023 0 0	0	0
Extracting fields from logs where a particular field sometimes does not exist Hi all,looking for help with how I can extract all available fields in a set of logs where a particular field sometim... by neilsmith2 Explorer in Splunk Search 11-23-2023 0 2	0	2
Categorize range of status values and calculate count We have range of statua from 200 to 600. Want to search logs and create a output in below sample for range as 200 to ... by Viveklearner Engager in Splunk Search 11-22-2023 0 3	0	3
How to add a line break to the eval condition? I have an eval condition as below in my search: \| eval body= username. " user attempted to delete " . activity_count... by pavanae Builder in Splunk Search 11-22-2023 0 5	0	5
inputlookup with fuzzy matching Hello,I'm building a query which matches entries in an inputlookup table against a set of log data. The original work... by warren Explorer in Splunk Search 11-22-2023 0 1	0	1
Using the dedup command How do I count the number of unique recipients of each type of unique attachment from emails. The same user could rec... by Benny611 Engager in Splunk Search 11-22-2023 0 2	0	2
How do you change a span of 1 week time to start from Saturday to friday? I have data and I need to visualize for a span of 1 week. I.e: it takes data from Sunday to Saturday. But, I want a ... by DataOrg Builder in Splunk Search 11-22-2023 0 6	0	6
Can I use CIDR in the deployment server? Is is possible to specify a client group using a CIDR pattern to simplify app deployment to a network segment? by Lowell Super Champion in Splunk Search 11-22-2023 0 4	0	4
Add a day counter to a list/table. Hello I am trying to add some logic/formatting to my list of failed authentications.Heres my search query.\| tstats su... by akselsoeb Engager in Splunk Search 11-22-2023 0 5	0	5
How to concatenate fields from JSON I have an inputlookup table, in this lookup table there is a JSON array called "Evidence"There is two field I would l... by BeeSpark Engager in Splunk Search 11-22-2023 0 1	0	1
Not all fields in log line extracted Hi, I have two problems with a log line. 1) I have a log line that occasionally is inserted. It is a schedule, and i... by ssaenger Communicator in Splunk Search 11-21-2023 0 3	0	3
I have a field from one query that gets appended with another field coming from second query.How do I filter those value I am appending results from below query,which will display difererent objectypesuppliedMaterial: index="" sourc... by nithys Communicator in Splunk Search 11-21-2023 0 3	0	3
long base search does not work in drop down list? Hello,Why does long base search not work in drop down list?For example if the base query on id="StudentName" has a lo... by LearningGuy Motivator in Splunk Search 11-21-2023 0 2	0	2
Email count How do I count the number of emails from a search but only get recipients that received ten or more emails? by Benny611 Engager in Splunk Search 11-21-2023 0 1	0	1
Incomplete UserID How to I eliminate partial user id characters coming out of a search query? Here are examples of incomplete userIDs... by sgabriel1962 Explorer in Splunk Search 11-21-2023 0 8	0	8
can we increase lookup table maximum matches to 2000? Lookup table max match can be 1 to 1000, I want to increase it to 2000. Is it possible? When I increase the max_match... by rajchi Explorer in Splunk Search 11-21-2023 1 8	1	8
How to apply regex to lookup table field? Hello All,I have a lookup file with multiple fields. I am reading it using inputlookup command and implementing some ... by Taruchit Contributor in Splunk Search 11-21-2023 0 4	0	4
How to achieve conditional formatting of values with eval if and regex? Hello everyone, I have the following field and example value: sourcePort=514.000 I'd like to format these fields in s... by erikschubert Engager in Splunk Search 11-21-2023 0 3	0	3
Remove specific strings from raw events based on other fields Firewall logs needs some purification for threat monitoring, below are couple events, From the events below action=Ac... by sandeepreddy947 Path Finder in Splunk Search 11-21-2023 0 3	0	3
using 'values' in stats shows values merged Hello Experts, I was wondering if you can help me figure out how do I show the merged values in a field as 'unmerged'... by beriwalnishant Path Finder in Splunk Search 11-21-2023 0 4	0	4
Need help in merging the queries Hi,i need to add two queries so that they could come in different fields in one visualization, one will be the error ... by Aj01 Path Finder in Splunk Search 11-21-2023 0 3	0	3