Splunk Search

Community Activity

Set up an alert whenever a host stops sending logs to Splunk Hello,I have a lookup where all the hostnames are available under the field called "title" with respect to teams.I wo... by Roy_9 Motivator in Splunk Search 11-01-2023 0 9	0	9
Remove only fields that do not have suffix Basically I have a search with a lot of fields, similar to this example: \| makeresults \| eval aa1=1, aa2=2, aa1x=3, ... by duesser Path Finder in Splunk Search 11-01-2023 0 3	0	3
help on splunk field aliases not visible hello I have a admin role when I create a field alias, I can see it in the props.conf file but when I run the searc... by jip31 Motivator in Splunk Search 11-01-2023 0 2	0	2
Drop some json fields according to their values Hi all,I have a forwarder in my cluster and it sends events to the indexers. The events are json formatted and I want... by sigma Path Finder in Splunk Search 11-01-2023 0 1	0	1
Splunk GUI seperating event From splunk user we are receiving logs but when it comes to Splunk search head its splitting into different events Ex... by Komal0113 Loves-to-Learn in Splunk Search 11-01-2023 0 3	0	3
Activating Hyperlinks in a table based on the fields of the table (Dashboard Studio) Hello, I have a table with a column recording the ID, I want to make each ID in the table a Hyperlink and click on... by leenaut Loves-to-Learn in Splunk Search 10-31-2023 0 0	0	0
Algorithm to search multiple related events based on set of words Hello Splunkers,I’m looking for the best algorithm to search for events. with the below criteria.I have a lookup with... by VatsalJagani SplunkTrust in Splunk Search 10-31-2023 0 2	0	2
Extract jSON formated data below is the sample json log content the main filelds are default extracts but the nested aren't. Please help to extr... by sathiyasun Explorer in Splunk Search 10-31-2023 0 2	0	2
I need help with rex ad DN field. my DN field value "cn=jsuwus, jkhzdhkjc,ou=sdsfefv accounts,ou=ffdsrew users,dc=hgsywy,dc=tre,dc=hyt,dc=kuhytr"I need... by karu0711 Communicator in Splunk Search 10-31-2023 0 2	0	2
Search for null fields following rex field extraction I have a current search used in dashboards and alerts. It extracts fields from an existing field. I'm trying to edit ... by DanSec Engager in Splunk Search 10-31-2023 0 2	0	2
Truncate Log I'm confused how to truncate from this log. how do I do it from props.conf or from the SPL command? Can anyone provid... by riposans Explorer in Splunk Search 10-31-2023 0 2	0	2
Splunk DUO app does not apply Tag Hi,How to create automatic tag if:eventtypes.conf[duo_authentication]search = sourcetype=json:duo type=authentication... by jbanAtSplunk Communicator in Splunk Search 10-31-2023 0 1	0	1
Search to find the number of triggered alerts for a particular dashboard Is there any prebuilt search (like rest command) to find the number of triggered alerts for a particular dashboard? i... by av_ Path Finder in Splunk Search 10-31-2023 0 1	0	1
Using stolen or forged tickets (TGT) Hi guys, I want to detect a service ticket (TGS) request (Windows event code 4769) that is not preceded by one of the... by Dustem Explorer in Splunk Search 10-30-2023 0 11	0	11
How to capture the substring of a dynamic multivalued field? I am looking to create an acronym from a dynamic string, by capturing the first letter of each broken substringHow do... by GaryZ Path Finder in Splunk Search 10-30-2023 0 2	0	2
How to find the difference of two stats count I am having two counts in the dashboard one is the total count and other is error count to get the success count I wa... by avi7326 Path Finder in Splunk Search 10-30-2023 0 12	0	12
Joining indexes for stats results I have three indexes I am trying to join that have at least three similar columns each. I want to table the results i... by the_dude Engager in Splunk Search 10-30-2023 0 2	0	2
How tstats is working when some data model acceleration summaries in indexer cluster is missing Hello,by default, DMA summaries are not replicated between nodes in indexer cluster (for warm and cold buckets). I wo... by lukasmecir Path Finder in Splunk Search 10-30-2023 0 0	0	0
Pass values in splunk search and compare it with results Hello,Currently my search looks for the list of containers which includes initialised successfully message and lists ... by raghul725 Explorer in Splunk Search 10-30-2023 0 7	0	7
Does stats values command combine unique values? Hello,Does stats values command combine unique values?For example:companyipcompanyAcompanyA1.1.1.1companyBcompanyBcom... by LearningGuy Motivator in Splunk Search 10-30-2023 0 9	0	9
use * in floor I have a field called position that contains integers and a token called position_select that is either a floating po... by Splunkie1 Loves-to-Learn Lots in Splunk Search 10-30-2023 0 3	0	3
Check current date against lookup I have a lookup table with a list of dates which I want to use in my alerts. If the alert triggers I want a where cla... by aohls Contributor in Splunk Search 10-30-2023 0 6	0	6
How do you calculate the totals of each table row and display those values as new fields? How do you calculate the totals of each single row of a table and display that value in a new fields, much like addco... by johnward4 Communicator in Splunk Search 10-30-2023 0 3	0	3
Add a value "0" and make it visible on a graph Hello community,I'm encountering a problem that's probably simple to correct, but no matter how hard I try, I can't d... by Rajaion Path Finder in Splunk Search 10-30-2023 0 4	0	4
How to extract just the date from a timestamp converted from epoch time? I have a conversion set up to change the epoch time \| convert ctime(_time) as date time. I would like to keep just th... by ECovell Path Finder in Splunk Search 10-30-2023 1 5	1	5