Splunk Search

Community Activity

rex from the multivalue fields and get one particular value I have this multivalue fields where i am tring to rex and get particular field value like "value":"ESC1000", but ins... by mikeyty07 Communicator in Splunk Search 10-16-2023 0 6	0	6
How do I search for Filed Values in a Different Multi-Value Field I have two fields: DNS and DNS_Matched. The latter is a multi-value field. How can I see if a field value in DNS is i... by atebysandwich Path Finder in Splunk Search 10-16-2023 0 10	0	10
Find days with no events hello, i would like to find days in which a particular sourcetype is missing. With this, i'll drive an alert. for no... by johnnymc Path Finder in Splunk Search 10-16-2023 1 12	1	12
Splunk Condition Search Let's say im running a search where I want to look at domains traveled to.index=web_traffic sourcetype=domains domain... by MM0071 Path Finder in Splunk Search 10-16-2023 0 9	0	9
non-compliant naming convention for workstations Hello,I want to detect workstations authenticated to the active directory that are not compliant with our naming conv... by karimoss Loves-to-Learn in Splunk Search 10-16-2023 0 4	0	4
ERROR Unable to get apikey from firewall: local variable 'username' referenced before assignment I am trying to use my windows event data to update users ID on panorama, however, running the below query in my es en... by Yusuf Observer in Splunk Search 10-16-2023 0 0	0	0
SPL to find the src to dest traffic Hi,Need an spl from src_ip to dest_ip would like to know the dest_url, logs and outbound traffic size. by AL3Z Builder in Splunk Search 10-16-2023 0 3	0	3
Splunk search - logs retrieval limitation While doing a splunk search using a splunk query and retrieving logs in an automated matter, the job extraction only ... by nivi New Member in Splunk Search 10-16-2023 0 2	0	2
How to get matching AND non matching events with left join Hi I have the use case that i need to find some direct links between different events of the same index and sourcetyp... by claudiaG Engager in Splunk Search 10-15-2023 0 2	0	2
splunk subsearch question Hello, Im trying to use the data from one search in another search. This is what I'm trying to do:-index=index_examp... by splunk_novice99 Explorer in Splunk Search 10-14-2023 0 2	0	2
Calculating Duration of Extracted Fields I'm having trouble getting a duration between two timestamps from some extracted fields.My search looks like this: My... by pgates Explorer in Splunk Search 10-14-2023 0 4	0	4
Rex Field Extraction Hi @All , I want to extract the correlation_id for the below payload, can anyone help me to write rex command.{"messa... by parthiban Path Finder in Splunk Search 10-14-2023 0 4	0	4
Trying to Find All Names that Match a Name in a Field I have a field called DNS whos field values contain the hostname in the lookup. There is also another field called Id... by atebysandwich Path Finder in Splunk Search 10-14-2023 0 2	0	2
stats query help ! Hello, I am searching to get results for each hour top 1 max URL hits. Iam using the below search but not getting ... by kc_prane Communicator in Splunk Search 10-14-2023 0 3	0	3
How to extract a alphanumeric values with special characters I want to extract Sample ID field value"Sample ID":"020ab888-a7ce-4e25-z8h8-a658bf21ech9" by av_ Path Finder in Splunk Search 10-14-2023 0 2	0	2
Not able to use lookup for search in SPATH command My data is coming for 0365 as JSON, I am using SPath to get the required fields after that i want to compare the data... by mohammadsharukh Path Finder in Splunk Search 10-13-2023 0 3	0	3
Active Directory security group changes Hello all, I could use some help here with creating a search. Ultimately I would like to know if a user is added to ... by tkerr1357 Path Finder in Splunk Search 10-13-2023 0 3	0	3
calculate a weighted average Hello, I would like to calculate a weighted average on an average call time.The logs I have available are of this typ... by anissabnk Path Finder in Splunk Search 10-13-2023 0 1	0	1
assign value from another eval param How to assign the value of param name original to the source in the \| collect statementindex=123 \| eval original=abcd... by eranhauser Path Finder in Splunk Search 10-13-2023 0 5	0	5
How to group different errors based on error types from the logs to create alert for continuous errors I am creating a continuous error alert in Splunk. I have been working on constructing a search query to group differe... by lladi Loves-to-Learn Lots in Splunk Search 10-13-2023 0 8	0	8
Json duplication fields on a clustered set up environment Afternoon,We are currently having issues with duplicate JSON entries on our search heads which operate in a clustered... by emcglade Engager in Splunk Search 10-13-2023 0 0	0	0
How to show custom time for PDF schedule report? Dashboard xml:I am using this dashboard to Schedule PDF report, and all panels are showing data for 7 days.I need to... by mahesh27 Communicator in Splunk Search 10-13-2023 0 5	0	5
How do I Search a Multi-Value Field? I need to search a field called DNS_Matched, that has multi-value fields, for events that have one or more values tha... by atebysandwich Path Finder in Splunk Search 10-12-2023 0 2	0	2
List of Idemia machines that are on Cisco and Pulse for the past 10 days. Can someone help me with the Splunk code that would be necessary to search for the Idemia Machines?Thank youAnthony by Anthony3rd Explorer in Splunk Search 10-12-2023 0 1	0	1
Does Splunk support chatbot? Is it possible to have a chatbot answering using Splunk search? by Deepika_R Engager in Splunk Search 10-12-2023 0 2	0	2