Splunk Search

Community Activity

How to have Splunk URL parameters to redirect url to splunk App? Hi We have an application the allows users to click on a link taking them to splunk. The problem is that the link is ... by dmcintosh1972 Explorer in Splunk Search 09-13-2023 0 4	0	4
Error in 'eval' command: The expression is malformed. An unexpected character is reached at '[\| Hello All, I am trying to remove events from my Dashboards for a specific time frame using data input from lookup. ... by sharma11031988 Explorer in Splunk Search 09-13-2023 0 1	0	1
how to merge two datasets on a non 'primary key' field ? I am trying to merge two datasets which are results of two different searches on a particular field value common to b... by pgoldweic Communicator in Splunk Search 09-12-2023 0 6	0	6
How to share a non expiring search Hi All,Im looking for a way to share a non expiring search with other users. If we use the ''share job" option or jus... by jpillai Path Finder in Splunk Search 09-12-2023 0 6	0	6
How can I get the time difference between two events? I am looking at logs for asynchronous calls ( sending msg & receiving ack from kafka ) . So we have 2 event , first o... by yuvrajsharma_13 Explorer in Splunk Search 09-12-2023 0 4	0	4
How to decrypt the encrypted field? Hi All, We are basically forwarding the cloudflare firewall events to Splunk, we have enabled "payload logging" to vi... by bijodev1 Communicator in Splunk Search 09-12-2023 0 3	0	3
How to search by _time from inputlookup csv file? I have a csv file which has data like this and i am using \| inputlookup abc.csv \| search _time >= '2023-09-10" but it... by mikeyty07 Communicator in Splunk Search 09-12-2023 0 2	0	2
How to parse fields with spaces at index time for metrics? Hello all, I am currently having some problems with filtering my raw data into a metric index. My raw data currently ... by tlscelsi Engager in Splunk Search 09-12-2023 0 6	0	6
How to set "abnormal" tallies to null after timechart/chart? I have an unstable data feed that sometimes only reports on a fraction of all assets. I do not want such periods to ... by yuanliu SplunkTrust in Splunk Search 09-12-2023 0 4	0	4
Splunk query to get the list of Use Cases I am looking for a Splunk Query which gives me all the enabled & disabled state use-cases. by alexspunkshell Contributor in Splunk Search 09-12-2023 0 1	0	1
Why is timchart not working on lookup csv data? Hi All i ahve a lookup file .csv where i have timestamp Name and USEDGB values i have been trying to run a time char... by venky1544 Builder in Splunk Search 09-12-2023 0 3	0	3
Event logs to metric conversion using scheduled search We have got a requirement where, event logs need to be indexed under a metrics index. For this we are using mcollect ... by anand_p Engager in Splunk Search 09-12-2023 0 0	0	0
How to add a key indicator search to custom dashboard in Splunk Enterprise Security? Hello, I'm trying to add new/existing key indicator searches to my dashboard in ES, but the edit toolbar does not hav... by ThuLe Explorer in Splunk Search 09-12-2023 0 3	0	3
How to create a search that combines the two searches? indextitleidAAA111ACC111BBB111 if the index is A and the title is AA, i'm trying to find id in index BB and look up... by hyewonkim Engager in Splunk Search 09-12-2023 0 9	0	9
How to convert GMT to JKT? How to convert GMT to JKT time in Splunk events by using query by indudhar Engager in Splunk Search 09-12-2023 0 4	0	4
Splunk olly rename or exclude n/a on heatmap chart Hi Splunkers,I have a question regarding splunk olly heatmap chart. Wondering it its possible to exclude or rename th... by jserni Explorer in Splunk Search 09-11-2023 1 0	1	0
How to Trigger Password Reset alarm by Admin by Distinct count of targets? I want to essentially trigger an alarm if a user changes the password of multiple distinct user accounts within a giv... by mdicenzo Explorer in Splunk Search 09-11-2023 0 6	0	6
How to return a different field from mvfilter? Hello, I have the following example json data: spec: { field1: X, field2: Y, field3: Z, containers: [ { ... by psimoes Loves-to-Learn in Splunk Search 09-11-2023 0 1	0	1
How to Remove event prefix from JSON using SEDCMD in props.conf? Hi Splunk community, I've JSON logs and I wanted to remove the prefix from the events and capture from {"successfulS... by iamsplunker Communicator in Splunk Search 09-11-2023 0 1	0	1
How i merge multiple events based on the same value in a field? I currently have events that include load times and events that include header colour for my app. These events both h... by leonl_0 Observer in Splunk Search 09-11-2023 0 1	0	1
How to get stats count to include zero count? Hi, I have a lookup file like this - EngineName Engine1 Engine2 Engine3 I need to find the engine where event coun... by Upas02 Path Finder in Splunk Search 09-11-2023 1 8	1	8
How to create Timechart count by ip by fw_name over time with trellis? I'm trying to build a search that displays the count of individual source IP addresses based on some criteria for eac... by nsnelson402 Explorer in Splunk Search 09-11-2023 0 8	0	8
How to create Search output replicating fields for other fields? Hi, I am trying to run a search and have tokens setting various search items, what I need is to create a search from ... by Cranie Explorer in Splunk Search 09-11-2023 0 5	0	5
Lookup in main search and subsearch - how to compare the results? Hello I want to find in subsearch autonomous_system for the IP address which I provided (in this example for 1.1.1.1... by dsms Engager in Splunk Search 09-11-2023 0 2	0	2
How to modify search result? I have asset management data that i need to create weekly reports. When i make query for the data like query below: i... by Akmal57 Path Finder in Splunk Search 09-11-2023 0 2	0	2