Splunk Search

Community Activity

How to exclude search results based on conditions? I have a below Splunk query which gives me the result. My SPL searches the " eventType IN (security.threat.detected, ... by alex4 Loves-to-Learn Lots in Splunk Search 09-18-2023 0 3	0	3
Tempory output storage Hello,I was aware that splunk is very versatile application which allows the users to manipulate the data is many way... by pukka Loves-to-Learn Everything in Splunk Search 09-17-2023 0 14	0	14
How to add another field using top limit command? Hello! I need some help from splunkers!!! I'm using the search index=notable \| search status_label=Closed \| top limit... by grotti Engager in Splunk Search 09-17-2023 0 2	0	2
How to Combine column from multiple search results? Hello, I have the following search index=wineventlog EventCode=4728 OR EventCode = 4731 OR EventCode=4729 OR Even... by Niro Explorer in Splunk Search 09-17-2023 0 2	0	2
I am getting "Could not load lookup=LOOKUP-pulse_connectsecure_action_lookup" in my search I have no lookup command. Anyone knows why I am getting this error. by abi2023 Path Finder in Splunk Search 09-17-2023 0 1	0	1
How to use timechart or bucket span to view the result every 30 mins using below query? Hi, I want to use timechart or bucket span to view the result every 30 mins using below query. Could you please let m... by anil1219 Engager in Splunk Search 09-17-2023 0 2	0	2
How does rex fails to match files (regex expression works as expected on regex101)? Hello, There must be something `rex` specific with my query below since it is not extracting the fields, while the re... by immutableT Engager in Splunk Search 09-16-2023 0 2	0	2
How to sort data? Hello, I wonder if somebody can please help me to sort the following data: Into this table: Any ideas are welcome I... by jaydiare Explorer in Splunk Search 09-16-2023 0 2	0	2
Timezone issue: Is there a search to convert to common utc value? Timezone issue --------different data is visible to different location users, when I select previous month.. conditio... by subitha_kennedy Loves-to-Learn Everything in Splunk Search 09-15-2023 0 6	0	6
Rex match if else style Here are three lines of the file to illustrate what I'm going for:Line from fileDesired fieldURI : https://URL.net/to... by jeck11 Path Finder in Splunk Search 09-15-2023 0 2	0	2
how do I make my macro available all app I try change permission to all app option but I don't see the option. I s anyother way make my macro available for al... by abi2023 Path Finder in Splunk Search 09-15-2023 0 1	0	1
How to create new columns by adding columns from a timechart output? Good day, I have this SPL: index=test_7d sourcetype="Ibm:BigFix:CVE" earliest=-1d \| search FixletSourceSeverityTxt="C... by richtate Path Finder in Splunk Search 09-15-2023 0 2	0	2
How to outputlookup csv with permission? Hello,How to outputlookup csv with permission? ***Note that I am not Splunk admin - I only have access to Splunk GUI... by LearningGuy Motivator in Splunk Search 09-15-2023 0 6	0	6
Search performance impact & How to find user deploying high impact searches Hello Splunkers, I have two questions today, concerning user's queries and performance impact. I couldn't find a cle... by mvagionakis Path Finder in Splunk Search 09-15-2023 0 5	0	5
How to extract fields from logs using rex. How to extract fields which comes under message and failedRecords. by avi7326 Path Finder in Splunk Search 09-15-2023 0 1	0	1
How to use a list of output as the input parameter for a URL? Dear all, I have a list of latitude and longitude pairs from my observed events and try to get the corresponding stre... by Jouman Path Finder in Splunk Search 09-15-2023 0 0	0	0
What is the basic search for detecting Multiple HTTP errors from unique IP? Hello Splunkers, Can someone help me with a query to detect multiple http errors from single IP , basically when the ... by mohsplunking Path Finder in Splunk Search 09-14-2023 0 6	0	6
help on eval command HiWhen I run the command below, it works fine index=toto event_id=4688 \| eval file_name=if(event_id==4688, replace(N... by jip31 Motivator in Splunk Search 09-14-2023 0 6	0	6
Why Stats count command is counting events that are missing in other searches? The first search query returns a count of 26 for domain X : index="web" sourcetype="weblogic_stdout" loglevel IN ("Em... by abhijeetallu Engager in Splunk Search 09-14-2023 0 2	0	2
Why are Splunk queries not returning anything in table? Splunk queries not returning anything in table. I see events matching for these queries but nothing under 'Statistics... by venugoski Explorer in Splunk Search 09-14-2023 0 3	0	3
how to set specific colors to 3 pie charts trellis with 4 dynamic labels ? Hi,I'm trying to set a specific color to each one of 4 my dynamic labels of my 3 trellis pie charts.I already added s... by 10Q Engager in Splunk Search 09-14-2023 1 0	1	0
How to get the list of Adhoc Search and Saved search running by user in Audit logs. I need to get the list of Adhoc Searches and Saved search running by user in Audit logs.how to differentiate these s... by harishsplunk7 Explorer in Splunk Search 09-14-2023 0 3	0	3
How to return Numerical Values from Model File? I use the Splunk Machine Learning command: \| fit LinearRegression blah, blah into ModelName I can generate a ModelNam... by TAE Engager in Splunk Search 09-14-2023 0 0	0	0
How to analyse the traffic of specific ip address , dest with port? Hi All,i didn't get the result by using this below query search. how to check and confirm the index and source type ... by Jana42855 Explorer in Splunk Search 09-14-2023 0 4	0	4
How to find field values from the results of a search? Hello, I have a search as shown below which gives me the start time (start_run), end time (end_run) and duration when... by ewanbrown967 Engager in Splunk Search 09-14-2023 0 1	0	1