Splunk Search

Community Activity

How to read a field value which field name is in another field? We have this table: And we want to have a field (for example, named "value") that gets the value of the field which ... by mseijos Engager in Splunk Search 10-17-2023 3 8	3	8
Record Numbers I'm going crazy with this, would appreciate some help.I'm pretty sure the record numbers were not being shown to me. ... by vikas1 Engager in Splunk Search 10-16-2023 0 3	0	3
Syntax Error while using "distance" command Hi peeps,I receive below error while running a query.below is my query;eventtype=sfdc-login-history \| iplocation allf... by syazwani Path Finder in Splunk Search 10-16-2023 0 4	0	4
I want create table view I have SPLindex=main state=open \| stats count(state) as open by risk_rating \| rename risk_rating as state \| addtotals... by abi2023 Path Finder in Splunk Search 10-16-2023 0 1	0	1
AWS User last login Hi.I want to create a search that checks for last user login date in AWS.I can see them in AWS IAM and there are bunc... by msilins Engager in Splunk Search 10-16-2023 0 1	0	1
Filtering 2 fields with multiple values Hello , i am new in Splunk and need help i get every week a vulnerability scan log with 2 main fields: "extracted_Ho... by LionSplunk Explorer in Splunk Search 10-16-2023 0 5	0	5
rex from the multivalue fields and get one particular value I have this multivalue fields where i am tring to rex and get particular field value like "value":"ESC1000", but ins... by mikeyty07 Communicator in Splunk Search 10-16-2023 0 6	0	6
How do I search for Filed Values in a Different Multi-Value Field I have two fields: DNS and DNS_Matched. The latter is a multi-value field. How can I see if a field value in DNS is i... by atebysandwich Path Finder in Splunk Search 10-16-2023 0 10	0	10
Find days with no events hello, i would like to find days in which a particular sourcetype is missing. With this, i'll drive an alert. for no... by johnnymc Path Finder in Splunk Search 10-16-2023 1 12	1	12
Splunk Condition Search Let's say im running a search where I want to look at domains traveled to.index=web_traffic sourcetype=domains domain... by MM0071 Path Finder in Splunk Search 10-16-2023 0 9	0	9
non-compliant naming convention for workstations Hello,I want to detect workstations authenticated to the active directory that are not compliant with our naming conv... by karimoss Loves-to-Learn in Splunk Search 10-16-2023 0 4	0	4
ERROR Unable to get apikey from firewall: local variable 'username' referenced before assignment I am trying to use my windows event data to update users ID on panorama, however, running the below query in my es en... by Yusuf Observer in Splunk Search 10-16-2023 0 0	0	0
SPL to find the src to dest traffic Hi,Need an spl from src_ip to dest_ip would like to know the dest_url, logs and outbound traffic size. by AL3Z Builder in Splunk Search 10-16-2023 0 3	0	3
Splunk search - logs retrieval limitation While doing a splunk search using a splunk query and retrieving logs in an automated matter, the job extraction only ... by nivi New Member in Splunk Search 10-16-2023 0 2	0	2
How to get matching AND non matching events with left join Hi I have the use case that i need to find some direct links between different events of the same index and sourcetyp... by claudiaG Engager in Splunk Search 10-15-2023 0 2	0	2
splunk subsearch question Hello, Im trying to use the data from one search in another search. This is what I'm trying to do:-index=index_examp... by splunk_novice99 Explorer in Splunk Search 10-14-2023 0 2	0	2
Calculating Duration of Extracted Fields I'm having trouble getting a duration between two timestamps from some extracted fields.My search looks like this: My... by pgates Explorer in Splunk Search 10-14-2023 0 4	0	4
Rex Field Extraction Hi @All , I want to extract the correlation_id for the below payload, can anyone help me to write rex command.{"messa... by parthiban Path Finder in Splunk Search 10-14-2023 0 4	0	4
Trying to Find All Names that Match a Name in a Field I have a field called DNS whos field values contain the hostname in the lookup. There is also another field called Id... by atebysandwich Path Finder in Splunk Search 10-14-2023 0 2	0	2
stats query help ! Hello, I am searching to get results for each hour top 1 max URL hits. Iam using the below search but not getting ... by kc_prane Communicator in Splunk Search 10-14-2023 0 3	0	3
How to extract a alphanumeric values with special characters I want to extract Sample ID field value"Sample ID":"020ab888-a7ce-4e25-z8h8-a658bf21ech9" by av_ Path Finder in Splunk Search 10-14-2023 0 2	0	2
Not able to use lookup for search in SPATH command My data is coming for 0365 as JSON, I am using SPath to get the required fields after that i want to compare the data... by mohammadsharukh Path Finder in Splunk Search 10-13-2023 0 3	0	3
Active Directory security group changes Hello all, I could use some help here with creating a search. Ultimately I would like to know if a user is added to ... by tkerr1357 Path Finder in Splunk Search 10-13-2023 0 3	0	3
calculate a weighted average Hello, I would like to calculate a weighted average on an average call time.The logs I have available are of this typ... by anissabnk Path Finder in Splunk Search 10-13-2023 0 1	0	1
assign value from another eval param How to assign the value of param name original to the source in the \| collect statementindex=123 \| eval original=abcd... by eranhauser Path Finder in Splunk Search 10-13-2023 0 5	0	5