Splunk Search

Community Activity

	Need help with a splunk search with appendcols I am trying to get data from 2 indexes and combine them via appendcols.The search is index="anon" sourcetype="test1" ... by phularah Communicator in Splunk Search 09-07-2023 0 5	0	5
	ldapsearch: Trying to search last 2 days in whenChanged attribute dynamically. I need to run a daily ldap search that will grab only the accounts that have change in the last 2 days. I can hard co... by mafruma Explorer in Splunk Search 09-07-2023 0 5	0	5
	How to split comma separated values in single event and make each value as one row of table with individual values If I am having list of comma separated numbers in single splunk event field:I am having too many event fields like b... by Naga1 Loves-to-Learn Lots in Splunk Search 09-07-2023 0 18	0	18
	How to check if values are incremental by 1 for a specific category If the above displayed data is the result for my stats command [stats values(Values) as Values by Category], how can ... by Nikitha Explorer in Splunk Search 09-07-2023 0 4	0	4
	Rex not yielding result Data: {"Field1":"xxx","message1":"{0}","message2":"xxx","message3":{"TEXT":"xxxx: xxx\r\n.xxxxx: {\"xxxxx\":{\"@CDI\"... by harryhcg Explorer in Splunk Search 09-07-2023 0 8	0	8
	Hi, Splunk defaults to 1 hour per column, how can I change that to 1 min per column to get a more detailed view? Hi, Splunk defaults to 1 hour per column, how can I change that to 1 min per column to get a more detailed view? by bok007 New Member in Splunk Search 09-07-2023 0 5	0	5
	How to split a field having multiple lines into individual lines and finally display in table format I have field in the event which has multi-line data (between double quotes) and I need to split them into individual ... by Splunk_sid Explorer in Splunk Search 09-06-2023 0 3	0	3
	Is there a way to enforce SPL formatting in URL? Is it possible to add some parameters in Splunk URL so that after clicking the URL, the viewer will see a well format... by short_cat New Member in Splunk Search 09-06-2023 0 2	0	2
	Lookup - Filter a search with lookup content Greetings.I am quite new to Splunk and read a lot of sources.However, I have a hard time to find my answer about the ... by NunnuN Engager in Splunk Search 09-06-2023 0 2	0	2
	Set alert search results to 0 or have my query not find any results on a particular day between 1 AM and 2 AM? I have an idea and am looking for some input on how to approach it, where to start.As mentioned in the subject. I do... by sjringo Contributor in Splunk Search 09-06-2023 0 3	0	3
	Alert Based Off Current Event Duration Goal: Being able to alert off the latest event if the event is more than 300 seconds and is not blank or "non-product... by NewToSplunk1 Explorer in Splunk Search 09-06-2023 0 3	0	3
	I need help working with a Lookup Table... Hello again!I'm working with two different sources of data both tracking the same thing but coming from different sou... by TorbinIT Path Finder in Splunk Search 09-06-2023 0 2	0	2
	Slow scanning hi guys, I want to detect that more than 10 different ports of the same host are sniffed and scanned every 15 minutes... by Dustem Explorer in Splunk Search 09-06-2023 0 0	0	0
	Enhancing Data with Field Extraction and Automated Lookups Hello to all,i have the following Issue:I receive logs from an older machine for which I cannot adjust the logging se... by Flenwy Explorer in Splunk Search 09-06-2023 0 6	0	6
	Why is tstats not working on docker image datasets? I'm totally and utterly new to splunk. Just ran the dockerhub sample, and followed the instructions: https://hub.dock... by joniba Engager in Splunk Search 09-06-2023 0 3	0	3
	Difference in using IN and = when there is only single value? Is there any performance impact when used,index IN ("windows_server")OR index="windows_server" ? by Ricco19 Loves-to-Learn in Splunk Search 09-06-2023 0 1	0	1
	How to find correct logs to find error count. I want to calculate the error count from the logs . But the error are of two times which can be distinguish only from... by avi7326 Path Finder in Splunk Search 09-06-2023 0 5	0	5
	CPU & MEMORY utilization HI Team,how to write search query for cpu & memory utilization please help on this thanks by lucky Explorer in Splunk Search 09-05-2023 0 2	0	2
	In-built field extraction not working - different delimiters Hello,I am new to splunk and I trying to extract the fields using built-in feature. Since the log format contain bot... by sunnyleofremont New Member in Splunk Search 09-05-2023 0 2	0	2
	Experiencing a 'Search Peer has the following message: 'Error in 'SearchParser HelloI've encountered an issue in my Splunk environment that's been causing some headaches. When running a search, I ... by stevediaz Explorer in Splunk Search 09-05-2023 0 1	0	1
	How to exclude multiple values from multiple fields? I am trying to filter multiple values from two fields but not getting the expected result.index=test_01 EventCode=467... by rnikam1412 Loves-to-Learn Everything in Splunk Search 09-05-2023 0 2	0	2
	How do I get data from Splunk REST API using python? Receiving error Hi, so my team is currently has some data on Splunk cloud. My task is to use your REST API to get this data using py... by ssharm223 Loves-to-Learn in Splunk Search 09-05-2023 0 10	0	10
	Translation lookup table I have extraction of a field called Tool (Textual) The field values can be in English, German, French or Spanish. I ... by ICAP_RND Engager in Splunk Search 09-05-2023 0 3	0	3
	Does "WHERE" SQL clause have the same row limitation as "INNER JOIN"? Hello,Does "WHERE" SQL clause have the same row limitation as "INNER JOIN"?Does "WHERE" and "INNER JOIN" have the sam... by LearningGuy Motivator in Splunk Search 09-05-2023 0 3	0	3
	How to extract a threshold from lookup and create a default value? Hi, I'm trying to create a filter based on a threshold value that is unique for some objects and fixed for the other... by JohnnyMnemonic Explorer in Splunk Search 09-05-2023 0 2	0	2