Splunk Search

Community Activity

	time span query Hi All I'd like some help please with a query thats been asked of me and its a little out of my depth the current bel... by PaulaCom Path Finder in Splunk Search 07-24-2023 0 5	0	5
	Spl query for host downtime consolidation I have a data like belowServename downtimeWeb1 7 day 2 hWeb2 2 h 23 minWeb2 ... by Harikiranjammul Explorer in Splunk Search 07-24-2023 0 3	0	3
	convert data in string format to json is there any function available in splunk which converts the data in string format to json, which is actually json da... by AnilPujar Path Finder in Splunk Search 07-24-2023 0 3	0	3
	why does the results from 'eventscount' and displayed DDAS storage usage in CloudMonitoring Console differ wildly? I tried to determine the size of my indexes in preparation for a Splunk Cloud Migration. I figured I could use the "e... by Falko Explorer in Splunk Search 07-24-2023 0 0	0	0
	need help with search logic I am running this in Splunk ES (Enterprise Security). My objective is to find out those savedsearch_name whose averag... by zacksoft_wf Contributor in Splunk Search 07-24-2023 0 1	0	1
	TSTATS where error I am trying to run the following tstats search: \| tstats summariesonly=true estdc(Malware_Attacks.dest) as "infected... by jwalzerpitt Influencer in Splunk Search 07-24-2023 0 5	0	5
	Showing log counts by error type Hello,I would like to make a stacked column chart with number of errors by hour and error type (warning, error, etc)T... by cinimins Explorer in Splunk Search 07-24-2023 0 2	0	2
	How to group the count of daily events by their month? Hi and just reaching out as stumped. Very grateful for assistance. This query returns the following in the statistics... by csar5634 Explorer in Splunk Search 07-23-2023 0 6	0	6
	search for username that got most 403 status code 1) I want to list top 10 usernames those got most 403 status codes. for example a username named sigma got 2000 o... by sigma Path Finder in Splunk Search 07-23-2023 0 4	0	4
	Splunk commands where can i find all the Splunk queries and how to use them? by sekhar123 New Member in Splunk Search 07-22-2023 0 3	0	3
	How can I monitor user activity pattern search? Hi,I'm trying to figure out the query to identify when users are connecting to the VPN or not. by AL3Z Builder in Splunk Search 07-22-2023 0 23	0	23
	Help with basic regex HiIs anybody can tell me what is the goal of this regex?\| regex ImagePath="\\\\\\\\"As far as I know, it seems to sea... by jip31 Motivator in Splunk Search 07-21-2023 0 4	0	4
	Logging Best Practises, non key=value pair We generally follow a pattern of logging in a key=value pattern.I am curious if we should totally avoid logs that are... by pjhawar New Member in Splunk Search 07-21-2023 0 3	0	3
	Working with a json string I've got a feed that is sending non-compliant json since spath doesn't work on it. I put together this searchindex=d... by jwhughes58 Contributor in Splunk Search 07-21-2023 0 1	0	1
	Splunk Query to Generate an n-event sample across sourcetypes in an index Hi people,I wonder whether it is possible to run a query that generates a set of n-sample of events for each sourcety... by JohnEGones Communicator in Splunk Search 07-21-2023 0 3	0	3
	Check if the date in splunk message is between 2 dates I have a splunk event with below format:{<!-- -->message{<!-- -->DATE: 2023-07-20T11:53:04}}I want to find all the events that have t... by ghostrider Path Finder in Splunk Search 07-21-2023 0 1	0	1
	Performance issue with query Hi, I have a query written to find average exceptions per device on monthly basis for my use case. The query return... by amoldesai Explorer in Splunk Search 07-21-2023 0 5	0	5
	How to create a query that coverts a number into minutes hours and days? I am getting a value from my data that a number buts actually the duration how do I convert into minuets hours and da... by Talking_Master Explorer in Splunk Search 07-21-2023 0 1	0	1
	How many login attempts can be seen in the logs for username=admin? I'm trying to complete the lab for my cybersecurity course. I googled few thing for this question, but this question ... by ravik453 New Member in Splunk Search 07-21-2023 0 1	0	1
	TA_browscap add-on giving an error when performing a lookup Helloversion 9.0.0We are using v1.2 of the browscap add-on and are having issues with it performing searches. The ad... by drih Engager in Splunk Search 07-21-2023 0 1	0	1
	Running search on 2 indexes using lookup table Grateful if anyone can help or guide me in the right direction.I am running a search against a lookup table. The outp... by chr1s Engager in Splunk Search 07-21-2023 0 9	0	9
	Grouping events by specific field and generate timechart for both groups? There is a complicated requirement for me, the splunk beginner. Hope you can give me some advice. The splunk version:... by Sanshan Observer in Splunk Search 07-20-2023 0 3	0	3
	What are lookups for INGEST_EVAL in distributed deployment? Hi, Distributed deployment that includes SH Cluster and IDX Cluster, HEC on IDXs is used to receive the data.I want t... by ilya_resh Engager in Splunk Search 07-20-2023 0 0	0	0
	Heavy Forwarder from two sources to two splunk clouds with different indexes? I would like to forward logs from sources coming from udp inputs in a Heavy Forwarder to two splunk clouds with diffe... by iguardia Loves-to-Learn Lots in Splunk Search 07-20-2023 0 0	0	0
	How do I create a table with each row has separate search? I am beginner and i want to create something like this my Splunk search1 is index=XXX source="/opt/middleware/ibm/"... by Subbu Loves-to-Learn in Splunk Search 07-20-2023 0 3	0	3