Splunk Search

Community Activity

How to Filter Table Output? I have an output of index=feds \| fillnull value="" \| table httpRequest.clientIp labels{}.name awswaf:clientip:geo:... by RahulMisra Engager in Splunk Search 09-19-2023 0 5	0	5
How to automatically change a field value from lookup table? I have logs with a Customer field where the name of the customer is not consistent. customer=Bobs Pizza customer=... by MScottFoley Path Finder in Splunk Search 09-19-2023 0 5	0	5
How to create a search with condition verification? Hi! I am faced with the following task and do not understand which way to go. I want to create an alert that will be ... by ivan123357 Explorer in Splunk Search 09-19-2023 0 3	0	3
How to sort based on multiple columns Hi Team,Below is my querysearch index="abc" sourcetype =$Regions$ source="/amex/app/gfp-settlement-raw/logs/gfp-settl... by aditsss Motivator in Splunk Search 09-19-2023 0 6	0	6
How to create a search to find out unused indexes? I am looking for indexes which are utilizing only 10%-20% of storage allocated to them. Can i please know is there an... by kteng2024 Path Finder in Splunk Search 09-19-2023 0 3	0	3
What is the difference between stats command version 1 and version 2? Hi, I would like to know the difference between version 1 and version 2 of the stats command. Thank you Kind regards ... by Marta88 Explorer in Splunk Search 09-19-2023 1 3	1	3
Log format and ingestion in Splunk Hello everyone! We have a container service running on AWS ECS with Splunk log driver enabled (via HEC token). At mom... by tayshawn New Member in Splunk Search 09-18-2023 0 1	0	1
How to count "different" log messages Hello! I want to count how many different kind of errors appeared for different services. At the moment, I'm searchin... by BeaGarcia New Member in Splunk Search 09-18-2023 0 1	0	1
How to create search to find the dates where the host is not sending logs to splunk? Hello, I am trying to find the dates when the host stopped sending logs to splunk in the last 6 months.I have used t... by Roy_9 Motivator in Splunk Search 09-18-2023 0 4	0	4
Why am I getting error "lookup table 'dropdownsLookup' does not exist. It is referenced by configuration"? Incident: ERROR LookupOperator - The lookup table 'dropdownsLookup' does not exist. It is referenced by configuration... by JakeConcur Engager in Splunk Search 09-18-2023 1 4	1	4
PII Data scan Need help to write a generic query to capture PII Data ( social security numbers / credit card numbers / email addre... by yuvrajsharma_13 Explorer in Splunk Search 09-18-2023 0 1	0	1
How to get Sum of two fields from different searches? Hi - I would like to join and sum the results and output The searches:index=test_index sourcetype="test_source" clas... by Techie Engager in Splunk Search 09-18-2023 0 8	0	8
How to create Reports from a seed file? I have six different SPL queries that I run on a specific IP Address. Is it possible to save a search as a report, s... by vader13 Explorer in Splunk Search 09-18-2023 0 2	0	2
Lookup search from another index There are some values of IP addresses from `cim_Authentication_indexes`.This index is for look up.I want to make if t... by bimatomsoc Explorer in Splunk Search 09-18-2023 0 4	0	4
How to extract file name from the below raw data? Hello, Can anyone help me to extract the below file name which is OU_..... from the below raw data. 12:04:19.85 14/0... by danroberts Explorer in Splunk Search 09-18-2023 0 7	0	7
How to check continuous increase of values of a field. Please help me on how I can check if the field value is continuously increasing for 3 hours. tried below query but do... by Anantha123 Communicator in Splunk Search 09-18-2023 0 2	0	2
How to exclude search results based on conditions? I have a below Splunk query which gives me the result. My SPL searches the " eventType IN (security.threat.detected, ... by alex4 Loves-to-Learn Lots in Splunk Search 09-18-2023 0 3	0	3
Tempory output storage Hello,I was aware that splunk is very versatile application which allows the users to manipulate the data is many way... by pukka Loves-to-Learn Everything in Splunk Search 09-17-2023 0 14	0	14
How to add another field using top limit command? Hello! I need some help from splunkers!!! I'm using the search index=notable \| search status_label=Closed \| top limit... by grotti Engager in Splunk Search 09-17-2023 0 2	0	2
How to Combine column from multiple search results? Hello, I have the following search index=wineventlog EventCode=4728 OR EventCode = 4731 OR EventCode=4729 OR Even... by Niro Explorer in Splunk Search 09-17-2023 0 2	0	2
I am getting "Could not load lookup=LOOKUP-pulse_connectsecure_action_lookup" in my search I have no lookup command. Anyone knows why I am getting this error. by abi2023 Path Finder in Splunk Search 09-17-2023 0 1	0	1
How to use timechart or bucket span to view the result every 30 mins using below query? Hi, I want to use timechart or bucket span to view the result every 30 mins using below query. Could you please let m... by anil1219 Engager in Splunk Search 09-17-2023 0 2	0	2
How does rex fails to match files (regex expression works as expected on regex101)? Hello, There must be something `rex` specific with my query below since it is not extracting the fields, while the re... by immutableT Engager in Splunk Search 09-16-2023 0 2	0	2
How to sort data? Hello, I wonder if somebody can please help me to sort the following data: Into this table: Any ideas are welcome I... by jaydiare Explorer in Splunk Search 09-16-2023 0 2	0	2
Timezone issue: Is there a search to convert to common utc value? Timezone issue --------different data is visible to different location users, when I select previous month.. conditio... by subitha_kennedy Loves-to-Learn Everything in Splunk Search 09-15-2023 0 6	0	6