Splunk Search

Community Activity

Can you help me fix my search Hi,Below is my current search at the moment, index=o365 sourcetype=* src_ip="141.*"\| rex field=_raw "download:(?<down... by NeAllen Observer in Splunk Search 10-30-2023 0 3	0	3
extracting the first 3 characters from a field? How do I extract the first 3 characters from a field ? I thought it might be something like ... \| eval First3=substr... by HattrickNZ Motivator in Splunk Search 10-29-2023 1 9	1	9
join 3 queries HelloI have 3 queries that i need to join between them but there is a catch query number 1 checks for users who sent ... by sarit_s Communicator in Splunk Search 10-29-2023 0 1	0	1
Can you help me fix my Splunk search? I am trying to create an alert that triggers if a user successfully logs in without first having been successfully au... by olawalePS Path Finder in Splunk Search 10-28-2023 0 3	0	3
create scheduled search and alerting between 7pm to 7am How to schedule search between 7pm to 7am and alert if and only if there is an event recorded between 7pm to 7am? my ... by ash2 Explorer in Splunk Search 10-28-2023 0 4	0	4
Date time formatting variables not producing result I expected Hi, I have an existing search as follows: \| eval tempTime=strptime(due_at."-0000","%Y-%m-%d %H:%M:%S.%3N%z") \| ... by pgoldweic Communicator in Splunk Search 10-27-2023 0 2	0	2
Which values I will have for srchJobsQuota and rtSrchJobsQuota Hi all, I've configured a new role to inherit settings from user and power role and I let default values for srchJo... by martaBenedetti Path Finder in Splunk Search 10-27-2023 0 2	0	2
How to combine values in Y axis of dashboard I created a dashboard with a query looks like this : index=cbclogs sourcetype = cbc_cc_performance source="/var/log/c... by ericSplunk Engager in Splunk Search 10-27-2023 0 4	0	4
Dashboard studio shows two values on y axis Hello,I have one more begginers question regarding reports and dashboards I am trying to do overview of most used se... by xyberdef Explorer in Splunk Search 10-27-2023 0 2	0	2
Splunk Alert search time latest=-5m@m OR latest=now Hello everyone,I'm currently setting up a lot of alarms in Splunk, and a question has arisen regarding what is better... by Flenwy Explorer in Splunk Search 10-27-2023 0 2	0	2
i want the output in the below format. please answer my query how to achieve it. i want the output in the below format :-Input as below:-host sql instance db nameabc ... by AyushiSrivas Loves-to-Learn in Splunk Search 10-27-2023 0 1	0	1
Dedup Command Using All Available Memory Hello,Didn't get any hits on this issue so starting a new thread, and didn't find any previous defect reported on thi... by Dennis Explorer in Splunk Search 10-27-2023 0 3	0	3
eventtype=A eventtype=B is this an OR or an AND? As I understand the documentation ANDs are implied, so "eventtype=A eventtype=B" is the same as "eventtype=A AND eve... by gerrysr6 Explorer in Splunk Search 10-27-2023 0 1	0	1
Splunk app for AWS security dashboard shows '0' data Splunk app for AWS security dashboard shows '0' data, need help to fix this issue when I try to run/edit query shows... by Gaikwad Explorer in Splunk Search 10-27-2023 0 3	0	3
Cannot break for some events by lines Hello to everyone!I have a strange issue with some events that come from our virtual environment.As you can see in t... by NoSpaces Contributor in Splunk Search 10-27-2023 0 16	0	16
conditional count(eval) Hi community,\| eval ycw = strftime(_time, "%Y_%U")\| stats count(eval("FieldA"="True")) as FieldA_True, c... by learningquery Explorer in Splunk Search 10-26-2023 0 11	0	11
Passing token value to another dashboard Hi There! I'm having the dropdown "office" in dashboard 1 as a multiselect (full office, half office), based on th... by smanojkumar Contributor in Splunk Search 10-26-2023 0 6	0	6
help with splunk query for getting current concurrency configs & utlization and role utilization I am trying to setup a dashboard which gives me details like user's current concurrency settings & roles utilization ... by Sid Explorer in Splunk Search 10-26-2023 0 2	0	2
How to fetch the current utilization from defined search quota for a given user? Hello All,Using the below code, I get the defined quota limits for each role in Splunk environment: - \|rest /service... by Taruchit Contributor in Splunk Search 10-26-2023 0 2	0	2
Dispositions values in reports Hello,I am trying to make report which will display what notables were closed with what disposition. But unfortunatel... by xyberdef Explorer in Splunk Search 10-26-2023 0 4	0	4
universal forwarder installation in ubuntu on windows hi i am windows user i am trying to install universal forwarders in ubuntu i am a windows user can anyone share like ... by pm New Member in Splunk Search 10-26-2023 0 1	0	1
Timechart and auto bin sizing What I am trying to do is graph / timechart active users. I am starting with this query:index=anIndex sourcetype=pe... by sjringo Contributor in Splunk Search 10-26-2023 0 2	0	2
How to extract using rex I want to extract the below contractWithCustomers and contracts using rex named as entity . For ID 1349c1f4-989c-4... by avi7326 Path Finder in Splunk Search 10-26-2023 0 3	0	3
Why does strptime not parse timestamps to nanoseconds (%9N/%9Q)? Splunk Enterprise 9.0.5.1Hello!I have to calculate the delta between two timestamps that have nanosecond granularity.... by andrewtrobec Motivator in Splunk Search 10-26-2023 0 1	0	1
API /timeserieswindow endpoint returns 400 When I call:https://api.{REALM}.signalfx.com/v1/timeserieswindowwith my access token as header: X-SF-TOKENI receive:{<!-- -->... by PiotrSekula New Member in Splunk Search 10-26-2023 0 0	0	0