Splunk Search

Community Activity

Activating Hyperlinks in a table based on the fields of the table (Dashboard Studio) Hello, I have a table with a column recording the ID, I want to make each ID in the table a Hyperlink and click on... by leenaut Loves-to-Learn in Splunk Search 10-31-2023 0 0	0	0
Algorithm to search multiple related events based on set of words Hello Splunkers,I’m looking for the best algorithm to search for events. with the below criteria.I have a lookup with... by VatsalJagani SplunkTrust in Splunk Search 10-31-2023 0 2	0	2
Extract jSON formated data below is the sample json log content the main filelds are default extracts but the nested aren't. Please help to extr... by sathiyasun Explorer in Splunk Search 10-31-2023 0 2	0	2
I need help with rex ad DN field. my DN field value "cn=jsuwus, jkhzdhkjc,ou=sdsfefv accounts,ou=ffdsrew users,dc=hgsywy,dc=tre,dc=hyt,dc=kuhytr"I need... by karu0711 Communicator in Splunk Search 10-31-2023 0 2	0	2
Search for null fields following rex field extraction I have a current search used in dashboards and alerts. It extracts fields from an existing field. I'm trying to edit ... by DanSec Engager in Splunk Search 10-31-2023 0 2	0	2
Truncate Log I'm confused how to truncate from this log. how do I do it from props.conf or from the SPL command? Can anyone provid... by riposans Explorer in Splunk Search 10-31-2023 0 2	0	2
Splunk DUO app does not apply Tag Hi,How to create automatic tag if:eventtypes.conf[duo_authentication]search = sourcetype=json:duo type=authentication... by jbanAtSplunk Communicator in Splunk Search 10-31-2023 0 1	0	1
Search to find the number of triggered alerts for a particular dashboard Is there any prebuilt search (like rest command) to find the number of triggered alerts for a particular dashboard? i... by av_ Path Finder in Splunk Search 10-31-2023 0 1	0	1
Using stolen or forged tickets (TGT) Hi guys, I want to detect a service ticket (TGS) request (Windows event code 4769) that is not preceded by one of the... by Dustem Explorer in Splunk Search 10-30-2023 0 11	0	11
How to capture the substring of a dynamic multivalued field? I am looking to create an acronym from a dynamic string, by capturing the first letter of each broken substringHow do... by GaryZ Path Finder in Splunk Search 10-30-2023 0 2	0	2
How to find the difference of two stats count I am having two counts in the dashboard one is the total count and other is error count to get the success count I wa... by avi7326 Path Finder in Splunk Search 10-30-2023 0 12	0	12
Joining indexes for stats results I have three indexes I am trying to join that have at least three similar columns each. I want to table the results i... by the_dude Engager in Splunk Search 10-30-2023 0 2	0	2
How tstats is working when some data model acceleration summaries in indexer cluster is missing Hello,by default, DMA summaries are not replicated between nodes in indexer cluster (for warm and cold buckets). I wo... by lukasmecir Path Finder in Splunk Search 10-30-2023 0 0	0	0
Pass values in splunk search and compare it with results Hello,Currently my search looks for the list of containers which includes initialised successfully message and lists ... by raghul725 Explorer in Splunk Search 10-30-2023 0 7	0	7
Does stats values command combine unique values? Hello,Does stats values command combine unique values?For example:companyipcompanyAcompanyA1.1.1.1companyBcompanyBcom... by LearningGuy Motivator in Splunk Search 10-30-2023 0 9	0	9
use * in floor I have a field called position that contains integers and a token called position_select that is either a floating po... by Splunkie1 Loves-to-Learn Lots in Splunk Search 10-30-2023 0 3	0	3
Check current date against lookup I have a lookup table with a list of dates which I want to use in my alerts. If the alert triggers I want a where cla... by aohls Contributor in Splunk Search 10-30-2023 0 6	0	6
How do you calculate the totals of each table row and display those values as new fields? How do you calculate the totals of each single row of a table and display that value in a new fields, much like addco... by johnward4 Communicator in Splunk Search 10-30-2023 0 3	0	3
Add a value "0" and make it visible on a graph Hello community,I'm encountering a problem that's probably simple to correct, but no matter how hard I try, I can't d... by Rajaion Path Finder in Splunk Search 10-30-2023 0 4	0	4
How to extract just the date from a timestamp converted from epoch time? I have a conversion set up to change the epoch time \| convert ctime(_time) as date time. I would like to keep just th... by ECovell Path Finder in Splunk Search 10-30-2023 1 5	1	5
help on tsats command with datamodel HiI have created a basic datamodel called "TEST"I try to query on this datamodel with tstats but the only piece of co... by jip31 Motivator in Splunk Search 10-30-2023 0 4	0	4
Can you help me fix my search Hi,Below is my current search at the moment, index=o365 sourcetype=* src_ip="141.*"\| rex field=_raw "download:(?<down... by NeAllen Observer in Splunk Search 10-30-2023 0 3	0	3
extracting the first 3 characters from a field? How do I extract the first 3 characters from a field ? I thought it might be something like ... \| eval First3=substr... by HattrickNZ Motivator in Splunk Search 10-29-2023 1 9	1	9
join 3 queries HelloI have 3 queries that i need to join between them but there is a catch query number 1 checks for users who sent ... by sarit_s Communicator in Splunk Search 10-29-2023 0 1	0	1
Can you help me fix my Splunk search? I am trying to create an alert that triggers if a user successfully logs in without first having been successfully au... by olawalePS Path Finder in Splunk Search 10-28-2023 0 3	0	3