Splunk Search

Community Activity

How to get the time of the event when finding maximum event count that has happened in a minute over a time I have a query to find the maximum event count that has happened in a minute over time as belowindex="xxx" "headers.a... by RemyaT Explorer in Splunk Search 07-20-2023 0 2	0	2
Join/lookup/subsearch on multiple fields with precedence? We have a large (~500 line) report being used to calculate CVE scores and fill a summary index daily, with vulnerabil... by danielbb Motivator in Splunk Search 07-20-2023 0 0	0	0
How to extract the new field into interesting field from raw event? Hi Team,we are trying to add new field as a display name into interesting field from below raw eventDisplayName: sam... by Nagalakshmi Path Finder in Splunk Search 07-20-2023 0 3	0	3
Why is eval case not evaluating fields? Hi, i have a field with the models, like below, and with this info i want to define a new field like brand. i trie... by lemospt Explorer in Splunk Search 07-20-2023 0 3	0	3
How do I search field extraction for table? Hi, I have below scenario. Image_Name and Name_Space are being ingested with below variations in table A. Image_name ... by mbasharat Builder in Splunk Search 07-20-2023 0 16	0	16
Dropdown panel issue- How do I get just one value in DIVISOR? i have two drop down panels Basically when i select any value in Monitored statistics the Divisor value should chang... by venky1544 Builder in Splunk Search 07-20-2023 0 1	0	1
Routing and transforming to two different indexers? Today I have a custom sourcetype = custom:access_combined this is routed in its entirety at the heavy forwarder to tw... by ldnail_at_TI Path Finder in Splunk Search 07-20-2023 0 3	0	3
InfoSec - Continuous Monitoring - Intrusion Detection Dashboard Would someone be able to help me understand how do to this? I would like to modify the built in dashboard in the Inf... by AJSCSA Loves-to-Learn Lots in Splunk Search 07-20-2023 0 1	0	1
Editing current finding variance search Hello,I have an search that is used on a dashboard that I would like tweaked.Currently this search/panel displays the... by bryhoffman Explorer in Splunk Search 07-20-2023 0 1	0	1
Need help with Regex Requirement is to fetch values for all agentName and put it in a field. Tried - 'agentName':\s(?<agentname>.*?,) but ... by sbhatnagar88 Path Finder in Splunk Search 07-20-2023 0 1	0	1
Splunk query to use lookup data as a field value Hi,I have a lookup file which has ClientName,ostype,currentforwarderversion I wanted to know which Client is reporti... by umesh Path Finder in Splunk Search 07-19-2023 0 1	0	1
Rex help From the below logs i want to capture DIM: data and CONSUMER: data using rex i am not sure about rex command much, p... by Harish2 Path Finder in Splunk Search 07-19-2023 0 1	0	1
Unable to access event data for comparison reasons I have ingested configuration information from WebSphere Application Server. Specifically, appserver configuration da... by gsmith93 Engager in Splunk Search 07-19-2023 0 5	0	5
How do I Compare field values between Lookup Table and Sourcetype and find the Delta Hello,I am facing issues to find delta.I have:Lookup Table: testaccount_holder.csv2 Field names in Lookup: account_no... by SplunkDash Motivator in Splunk Search 07-19-2023 0 6	0	6
Optimize a search So we have this alert set up to check to see if any hostnames that are being monitored havnt received any time monito... by Abass42 Communicator in Splunk Search 07-19-2023 0 1	0	1
Is there a query that will table and display the triple: Hi people,There was a good answer provided to part of this question here: Solved: Re: How to display a list of fields... by JohnEGones Communicator in Splunk Search 07-19-2023 0 2	0	2
Add a custom column based on host value Hi, let me first state that I am very new to Splunk.How can I do the following please?I would like to add a column ca... by Naji Explorer in Splunk Search 07-19-2023 0 4	0	4
How to extract message from log events. I want to extract the message that is 'until-successful' retries exhausted from the below logs.And also a second rex ... by avi7326 Path Finder in Splunk Search 07-19-2023 0 4	0	4
Field _time modification based on _time condition .... Hello,I need to modify _time value based on ... _time value. If: 1) original _time is before working hours, than set... by pioootrek Splunk Employee in Splunk Search 07-19-2023 0 2	0	2
How to embed Line chart at statistical table Hello Splunk experts, I'm working over a dashboard where I would like to have statistical table with line chart in th... by krastevk Observer in Splunk Search 07-19-2023 0 1	0	1
External python search - How do I resolve Error "Failed to parse transport header"? Hi guys,I'm trying to write a very simple external python search but it's just not working.I get the following error ... by kepffr Explorer in Splunk Search 07-19-2023 1 6	1	6
Splunk Report- How to remove item from results? Hi Splunkers, I have results in the following way. Country Count Japan 50 USA. ... by revanthammineni Path Finder in Splunk Search 07-18-2023 0 1	0	1
Fetching statistics: Unique discrepancy details, removing numerical characters, and identifying null and deleted values Hello Community,I am fairly new to Splunk, and I am struggling with this. Here is my raw event: these are discrepancy... by adikrhd Path Finder in Splunk Search 07-18-2023 0 15	0	15
Dashboard Panel field concatenation- Can this be done? Hi,In the below code for a panel on my dashboard, I am displaying whether a report/alert is being skipped. If the _ti... by auzark Communicator in Splunk Search 07-18-2023 0 2	0	2
How to group daily results by week more close together? Hello,I have this search for a chart that counts values weekly and divides then by day of the week.Is there any optio... by KalebeRS Explorer in Splunk Search 07-18-2023 0 3	0	3