Splunk Search

Community Activity

How to use Macro's and CSV Lookup to combine results into one table based on conditions? Hey ya'll - I am attempting to create an efficient search to detect password compromises within some environments, th... by Simple_Search Path Finder in Splunk Search 08-11-2023 0 1	0	1
How do I create an alert that is triggered if group name exists in a lookup table? Hi,I want to create an alert that triggers when a user_name exist in a lookup table (e.g. group_names.csv). But I'm ... by AL3Z Builder in Splunk Search 08-11-2023 0 1	0	1
Why am I not getting data correctly? I have mstats query it was working fine till last week but suddenly now the success count is not showing up correctly... by mahesh27 Communicator in Splunk Search 08-11-2023 0 1	0	1
searching time limit I have a search that takes quite some time to run.*using py to run the search with splunk api it returns by saying it... by yohhpark Path Finder in Splunk Search 08-11-2023 0 3	0	3
CSV Ingestion I have CSV File with delimiter "\|" like sample below for new ingestion. I wanted to use standard sourcetype csv. But ... by nags Engager in Splunk Search 08-11-2023 0 1	0	1
Data from extracted fields not showing unless wildcards or where= is used We had a problem that certain fields weren't searchable. index=foo bar=* did not show any result even though interest... by FelixLeh Contributor in Splunk Search 08-11-2023 0 1	0	1
How to add new member to SHC? Hi All, I have a requirement to add new members to the existing SH Cluster.I have gone through the below link where i... by vinothkumark Path Finder in Splunk Search 08-11-2023 0 2	0	2
how to extract partial value from filed and show as column Hi , Im trying to extract distinct email is as column and preparing some counts .For this im thinking to extract the ... by naresh_553 New Member in Splunk Search 08-11-2023 0 2	0	2
Correct syntax of eval string case I have a "Severity Level" field in both index A and index B.Their structure is like: ==index A=== Severity Level 1 2... by itnewbie Explorer in Splunk Search 08-11-2023 0 2	0	2
How to use a summary index and collect command to pull large data by month? Hi all. I’m kind of new to Splunk. I have data by day - this is the response time for each API call by day. I want to... by user33 Path Finder in Splunk Search 08-10-2023 0 5	0	5
How to assign the 2 start_time and stop_time of one event into _time field ? Hi all,I have an table with the start time and stop time in each case as below.IDCase NameStart TimeStop Timeuser_1Ca... by Jouman Path Finder in Splunk Search 08-10-2023 0 1	0	1
How to extract the element from a structure? Hi all,I am in a trouble to extract values from a structure. Here is the structure of a event: Event{ ID: user... by Jouman Path Finder in Splunk Search 08-10-2023 0 2	0	2
How to compare day to same day for N weeks? I got a question where someone is looking for the hits to a page, but only on Fridays between 6PM and 2 AM the follow... by michaudel Explorer in Splunk Search 08-10-2023 1 5	1	5
Why are all Pages are not displaying in search result? Hello, When i getting results while doing search query, the complete pages doesn't display. For example, I searched 9... by adminpulse Loves-to-Learn Lots in Splunk Search 08-10-2023 0 0	0	0
How to do column sorting in descending order after timechart? Hello splunkers, i have a simple timechart query for avg USED_SPACE of disks for last 4 days index=abc sourectype=di... by venky1544 Builder in Splunk Search 08-10-2023 0 4	0	4
Splunk collect command We have an index, say 'index1' that has log retention upto 7 days. As the log volume is huge, we dont want to retain ... by jpillai Path Finder in Splunk Search 08-10-2023 0 11	0	11
How to add two Splunk queries output in Single Panel Hi All,I am trying to pass a token link to another dashboard panel. My requirement is when I pass Windows Server Toke... by devsru Explorer in Splunk Search 08-10-2023 0 20	0	20
How to do One field extraction for similar sourcetypes? Hello to everyone. After reading the post linked down below, I tried to use the same approach for sourcetypes from Wi... by NoSpaces Contributor in Splunk Search 08-10-2023 0 5	0	5
How to create Splunk Map display result and link to another dashboard? Hi Everyone When I click on an area on the map, link to another dashboard, how to setting ? such as the picture, whe... by Jianming Explorer in Splunk Search 08-10-2023 0 8	0	8
How to discover fields that have the same values? I have sourcetype=apple and sourcetype=orange. They are both network related sourcetypes. Is there an automated way o... by automayt Explorer in Splunk Search 08-10-2023 0 8	0	8
using addcoltotals Can you leverage the total derived using the addcoltotals command to support other calculations? i.e. can you use it ... by dolj Explorer in Splunk Search 08-09-2023 0 2	0	2
How to Retrieve Matched Events in Splunk Without Waiting for Search Completion? Hello Splunk Community,I'm encountering an issue with my search queries in Splunk that I hope someone can help me wit... by pinggru New Member in Splunk Search 08-09-2023 0 1	0	1
How to add a variable from a lookup table to filter results? I am trying to do a tstats command to get the last logged time a server has sent logs. My server list i want in the ... by Gggflyer New Member in Splunk Search 08-09-2023 0 1	0	1
How to convert time duration in minutes? I want convert minutes like (1.78,1.80,1.84,1.95) to (1h:44m,1h.55m,1h.44m,1h.58m) for example we have 1 hour 95 minu... by ramkyreddy Explorer in Splunk Search 08-09-2023 0 7	0	7
How to create Splunk lookup query? I have a lookup test_lookup with 2 fields a1 and b1. The field a1 is common with the fields in the raw data.the value... by phularah Communicator in Splunk Search 08-09-2023 0 3	0	3