Splunk Search

Community Activity

I need help with rex ad DN field. my DN field value "cn=jsuwus, jkhzdhkjc,ou=sdsfefv accounts,ou=ffdsrew users,dc=hgsywy,dc=tre,dc=hyt,dc=kuhytr"I need... by karu0711 Communicator in Splunk Search 10-31-2023 0 2	0	2
Search for null fields following rex field extraction I have a current search used in dashboards and alerts. It extracts fields from an existing field. I'm trying to edit ... by DanSec Engager in Splunk Search 10-31-2023 0 2	0	2
Truncate Log I'm confused how to truncate from this log. how do I do it from props.conf or from the SPL command? Can anyone provid... by riposans Explorer in Splunk Search 10-31-2023 0 2	0	2
Splunk DUO app does not apply Tag Hi,How to create automatic tag if:eventtypes.conf[duo_authentication]search = sourcetype=json:duo type=authentication... by jbanAtSplunk Communicator in Splunk Search 10-31-2023 0 1	0	1
Search to find the number of triggered alerts for a particular dashboard Is there any prebuilt search (like rest command) to find the number of triggered alerts for a particular dashboard? i... by av_ Path Finder in Splunk Search 10-31-2023 0 1	0	1
Using stolen or forged tickets (TGT) Hi guys, I want to detect a service ticket (TGS) request (Windows event code 4769) that is not preceded by one of the... by Dustem Explorer in Splunk Search 10-30-2023 0 11	0	11
How to capture the substring of a dynamic multivalued field? I am looking to create an acronym from a dynamic string, by capturing the first letter of each broken substringHow do... by GaryZ Path Finder in Splunk Search 10-30-2023 0 2	0	2
How to find the difference of two stats count I am having two counts in the dashboard one is the total count and other is error count to get the success count I wa... by avi7326 Path Finder in Splunk Search 10-30-2023 0 12	0	12
Joining indexes for stats results I have three indexes I am trying to join that have at least three similar columns each. I want to table the results i... by the_dude Engager in Splunk Search 10-30-2023 0 2	0	2
How tstats is working when some data model acceleration summaries in indexer cluster is missing Hello,by default, DMA summaries are not replicated between nodes in indexer cluster (for warm and cold buckets). I wo... by lukasmecir Path Finder in Splunk Search 10-30-2023 0 0	0	0
Pass values in splunk search and compare it with results Hello,Currently my search looks for the list of containers which includes initialised successfully message and lists ... by raghul725 Explorer in Splunk Search 10-30-2023 0 7	0	7
Does stats values command combine unique values? Hello,Does stats values command combine unique values?For example:companyipcompanyAcompanyA1.1.1.1companyBcompanyBcom... by LearningGuy Motivator in Splunk Search 10-30-2023 0 9	0	9
use * in floor I have a field called position that contains integers and a token called position_select that is either a floating po... by Splunkie1 Loves-to-Learn Lots in Splunk Search 10-30-2023 0 3	0	3
Check current date against lookup I have a lookup table with a list of dates which I want to use in my alerts. If the alert triggers I want a where cla... by aohls Contributor in Splunk Search 10-30-2023 0 6	0	6
How do you calculate the totals of each table row and display those values as new fields? How do you calculate the totals of each single row of a table and display that value in a new fields, much like addco... by johnward4 Communicator in Splunk Search 10-30-2023 0 3	0	3
Add a value "0" and make it visible on a graph Hello community,I'm encountering a problem that's probably simple to correct, but no matter how hard I try, I can't d... by Rajaion Path Finder in Splunk Search 10-30-2023 0 4	0	4
How to extract just the date from a timestamp converted from epoch time? I have a conversion set up to change the epoch time \| convert ctime(_time) as date time. I would like to keep just th... by ECovell Path Finder in Splunk Search 10-30-2023 1 5	1	5
help on tsats command with datamodel HiI have created a basic datamodel called "TEST"I try to query on this datamodel with tstats but the only piece of co... by jip31 Motivator in Splunk Search 10-30-2023 0 4	0	4
Can you help me fix my search Hi,Below is my current search at the moment, index=o365 sourcetype=* src_ip="141.*"\| rex field=_raw "download:(?<down... by NeAllen Observer in Splunk Search 10-30-2023 0 3	0	3
extracting the first 3 characters from a field? How do I extract the first 3 characters from a field ? I thought it might be something like ... \| eval First3=substr... by HattrickNZ Motivator in Splunk Search 10-29-2023 1 9	1	9
join 3 queries HelloI have 3 queries that i need to join between them but there is a catch query number 1 checks for users who sent ... by sarit_s Communicator in Splunk Search 10-29-2023 0 1	0	1
Can you help me fix my Splunk search? I am trying to create an alert that triggers if a user successfully logs in without first having been successfully au... by olawalePS Path Finder in Splunk Search 10-28-2023 0 3	0	3
create scheduled search and alerting between 7pm to 7am How to schedule search between 7pm to 7am and alert if and only if there is an event recorded between 7pm to 7am? my ... by ash2 Explorer in Splunk Search 10-28-2023 0 4	0	4
Date time formatting variables not producing result I expected Hi, I have an existing search as follows: \| eval tempTime=strptime(due_at."-0000","%Y-%m-%d %H:%M:%S.%3N%z") \| ... by pgoldweic Communicator in Splunk Search 10-27-2023 0 2	0	2
Which values I will have for srchJobsQuota and rtSrchJobsQuota Hi all, I've configured a new role to inherit settings from user and power role and I let default values for srchJo... by martaBenedetti Path Finder in Splunk Search 10-27-2023 0 2	0	2