Splunk Search

Community Activity

	How to LDAPGROUP filter by MEMBER_TYPE? I am successfully using some simple LDAPSEARCH + LDAPGROUP searches to produce membership lists for various AD groups... by ddetlef Explorer in Splunk Search 07-25-2023 0 6	0	6
	How can I output only the first n characters of field value? HI people, I want from a query to only print out the first n-characters of the field value. So: index=someIndex sou... by JohnEGones Communicator in Splunk Search 07-25-2023 0 3	0	3
	Splunk HF exports logs using a CLI command as a Linux crontab? I'm new to Splunk Enterprise, and my task is to forward logs from Splunk HF (AWS EC2 instance) to an AWS Cloud Watch ... by sarvananth Explorer in Splunk Search 07-25-2023 0 3	0	3
	How to Easily Copy/Paste or Extract Multiple Results from a Dash? Hi everyone,Working on a dash for which the goal is to automate manual data entry which needs to take place over 100s... by interrobang Explorer in Splunk Search 07-24-2023 0 5	0	5
	How to calculate duration by error code? Hi team,I have raw data with status: 200, 404, 503.183080267.ap-southeast-1.elb.amazonaws.com \| app \| 200183080267.ap... by dungnq Loves-to-Learn in Splunk Search 07-24-2023 0 4	0	4
	How to perform lookup from index search with dbxquery? How to perform lookup from index search with dbxquery?\| index=vulnerability_index\| table ip_address, vulnerability, s... by LearningGuy Motivator in Splunk Search 07-24-2023 0 10	0	10
	When a user queries he gets "insufficient permissions to perform this operation", and when I query I get 0 return events I have created a lookup test123.csv owned by me and A user queries and he gets the error - "User has insufficient pe... by anikeshp7 Path Finder in Splunk Search 07-24-2023 0 6	0	6
	Splunk Search Query Suppose there are 10 events as "raw text" in Splunk in last 7 days as below :Event 1 : 7/11/23 5:28:33.265 PM"host":"... by Awanish1212 Explorer in Splunk Search 07-24-2023 0 1	0	1
	How to create a Time Chart for duration? Hi looking to create a time chart that has duration on the y axis and start date on the x-axis. The Y- axis is in hou... by Talking_Master Explorer in Splunk Search 07-24-2023 0 1	0	1
	time span query Hi All I'd like some help please with a query thats been asked of me and its a little out of my depth the current bel... by PaulaCom Path Finder in Splunk Search 07-24-2023 0 5	0	5
	Spl query for host downtime consolidation I have a data like belowServename downtimeWeb1 7 day 2 hWeb2 2 h 23 minWeb2 ... by Harikiranjammul Explorer in Splunk Search 07-24-2023 0 3	0	3
	convert data in string format to json is there any function available in splunk which converts the data in string format to json, which is actually json da... by AnilPujar Path Finder in Splunk Search 07-24-2023 0 3	0	3
	why does the results from 'eventscount' and displayed DDAS storage usage in CloudMonitoring Console differ wildly? I tried to determine the size of my indexes in preparation for a Splunk Cloud Migration. I figured I could use the "e... by Falko Explorer in Splunk Search 07-24-2023 0 0	0	0
	need help with search logic I am running this in Splunk ES (Enterprise Security). My objective is to find out those savedsearch_name whose averag... by zacksoft_wf Contributor in Splunk Search 07-24-2023 0 1	0	1
	TSTATS where error I am trying to run the following tstats search: \| tstats summariesonly=true estdc(Malware_Attacks.dest) as "infected... by jwalzerpitt Influencer in Splunk Search 07-24-2023 0 5	0	5
	Showing log counts by error type Hello,I would like to make a stacked column chart with number of errors by hour and error type (warning, error, etc)T... by cinimins Explorer in Splunk Search 07-24-2023 0 2	0	2
	How to group the count of daily events by their month? Hi and just reaching out as stumped. Very grateful for assistance. This query returns the following in the statistics... by csar5634 Explorer in Splunk Search 07-23-2023 0 6	0	6
	search for username that got most 403 status code 1) I want to list top 10 usernames those got most 403 status codes. for example a username named sigma got 2000 o... by sigma Path Finder in Splunk Search 07-23-2023 0 4	0	4
	Splunk commands where can i find all the Splunk queries and how to use them? by sekhar123 New Member in Splunk Search 07-22-2023 0 3	0	3
	How can I monitor user activity pattern search? Hi,I'm trying to figure out the query to identify when users are connecting to the VPN or not. by AL3Z Builder in Splunk Search 07-22-2023 0 23	0	23
	Help with basic regex HiIs anybody can tell me what is the goal of this regex?\| regex ImagePath="\\\\\\\\"As far as I know, it seems to sea... by jip31 Motivator in Splunk Search 07-21-2023 0 4	0	4
	Logging Best Practises, non key=value pair We generally follow a pattern of logging in a key=value pattern.I am curious if we should totally avoid logs that are... by pjhawar New Member in Splunk Search 07-21-2023 0 3	0	3
	Working with a json string I've got a feed that is sending non-compliant json since spath doesn't work on it. I put together this searchindex=d... by jwhughes58 Contributor in Splunk Search 07-21-2023 0 1	0	1
	Splunk Query to Generate an n-event sample across sourcetypes in an index Hi people,I wonder whether it is possible to run a query that generates a set of n-sample of events for each sourcety... by JohnEGones Communicator in Splunk Search 07-21-2023 0 3	0	3
	Check if the date in splunk message is between 2 dates I have a splunk event with below format:{<!-- -->message{<!-- -->DATE: 2023-07-20T11:53:04}}I want to find all the events that have t... by ghostrider Path Finder in Splunk Search 07-21-2023 0 1	0	1