Splunk Search

Community Activity

How to get events of selected hosts I have an index which has 15 hosts and around 15 sourcetypes mapped to all hosts. How can I get events of only few s... by splunker09 Engager in Splunk Search 08-26-2023 0 1	0	1
How to add lines of query from somewhere into search query Hi Splunk Experts,I've a big list of rex commands in my search query. While using dashboard I added those rex command... by Thulasinathan_M Contributor in Splunk Search 08-25-2023 0 2	0	2
Compare entire lookup table to another I thought this would be easy but i'm struggling. I have a CSV of firewall rules from yesterday, and a CSV of Firewal... by splunk219783 Path Finder in Splunk Search 08-25-2023 0 1	0	1
How to Print Id's which are not present in Index search? I have a lookup file( with one column combinedrules{}) which would be dynamic and i want to run a scheduled search to... by RahulMisra Engager in Splunk Search 08-25-2023 0 10	0	10
How to modify query if status is offline for 10 mins? hi All, i am using below search to get status if any offline and i want to create alert if status offline for more t... by sekhar463 Path Finder in Splunk Search 08-25-2023 0 18	0	18
Calculate average time between events for a series with a unique identifier HiWe have logs of images created in a series, like below. They are identified by a unique series id, the number of ev... by mikfro Loves-to-Learn in Splunk Search 08-25-2023 0 2	0	2
Check if latest logs contain IOC INDEX Name generated (10 million new records every day)INDEX Fields username, secret, key Lookup file secrets.csv wi... by superuser88 Engager in Splunk Search 08-25-2023 0 4	0	4
timechart response time from proxy servers I simply need to timechart the numeric values from field that is being returned. For exampleindex=proxy \| timechart ... by rstrong30 Loves-to-Learn in Splunk Search 08-24-2023 0 1	0	1
Subsearch all events in another index I have two indexesIndex accounts: [user. payroll]Index employees: [user, emp_details, emp_information] I am trying to... by superuser88 Engager in Splunk Search 08-24-2023 0 2	0	2
How to Compare two mv fields and audit individual results? I'm looking specifically at the index for _configtracker to audit changes to serverclass.conf file. Because the natu... by dural_yyz Motivator in Splunk Search 08-24-2023 0 3	0	3
How to search value in previous time period and add the counts Hi,is it possible to search a field value and then count it for example first today and then add the count of the sam... by Woodpecker Path Finder in Splunk Search 08-24-2023 0 0	0	0
How to extract part of a URL and create alert. Hi, I have the following log lines:2023-08-23 06:27:13,551 DEBUG [org.keycloak.protocol.oidc.utils.RedirectUtils] (ex... by muqeeiz Loves-to-Learn in Splunk Search 08-24-2023 0 3	0	3
How to filters results and convert rows to columns? I have a splunk query to get execution time of methods shown below basesearch \| where like(method,"A") OR like(met... by Splunk_321 Path Finder in Splunk Search 08-24-2023 0 1	0	1
How to Include search results as variable in query? I'm working on building a dashboard that will take a base report and parse it into different items that can be flagge... by dwelbba00 New Member in Splunk Search 08-24-2023 0 5	0	5
Why did The extraction failed - error for Regex? Hi, When I extract any fields from json log, following error is generated "The extraction failed. If you are extra... by hitong Loves-to-Learn in Splunk Search 08-24-2023 0 3	0	3
How to Add percentage to Column? HiI am trying to add % to the "by percent" column only. I can't seem to get it to show.Thanks by woodlandrelic Path Finder in Splunk Search 08-23-2023 0 3	0	3
How to join data from index and dbxquery without using JOIN, APPEND or stats command? Hello,How to join data from index and dbxquery without using JOIN, APPEND or stats command?Issue with JOIN: limit of... by LearningGuy Motivator in Splunk Search 08-23-2023 0 12	0	12
how to change color for column chart \| timechart span=1mon count by status \| addtotals row=t col=f labelfield=Total True False "Not available" fieldname="... by abi2023 Path Finder in Splunk Search 08-23-2023 0 2	0	2
How to join a Transaction search with a non Transaction search Hello,I'm still in the learning process of Splunk searches and I have been tasked to create a table that contains onl... by mninansplunk Path Finder in Splunk Search 08-23-2023 0 5	0	5
How to prevent Splunk from streaming / chunking data to custom search commands? Hi all, I encountered the problem in MLTK that the data from the search is passed in multiple chunks to my custom cla... by pmunaret Explorer in Splunk Search 08-23-2023 1 2	1	2
How to replace replace strings? Hello,I have a lookup file with data in following format name _timesrv-a.xyz.com 2017.07.23srv-b.wxyz.com 2017.07.23 ... by saurabhkunte Path Finder in Splunk Search 08-23-2023 1 9	1	9
How to Change rate in percentage? Hi all, i count the number of ssl-login-fail for each hour. index... host... action="ssl-login-fail" \| timechart span... by humi Explorer in Splunk Search 08-23-2023 0 3	0	3
iplocation query: How to show the country with this search? index=o365 [ \| inputlookup watchlistriskyusers.csv \| rename email AS query \| fields query ] sourcetype="o365:manageme... by sulaimancds Engager in Splunk Search 08-23-2023 0 7	0	7
How to create Rex to extract a value from string? Hello, I am new to splunk rex, so need help for regex. In logs, i have extracted string, however again i need to ext... by Coder1a Loves-to-Learn in Splunk Search 08-23-2023 0 1	0	1
Query to get the result from one sourcetype and get other field values based on the output from other sourcetype Need help in creating a query to get the result from one sourcetype and get other field values based on the output fr... by sahil237888 Path Finder in Splunk Search 08-23-2023 0 2	0	2