Splunk Search

Community Activity

	How to create a query that coverts a number into minutes hours and days? I am getting a value from my data that a number buts actually the duration how do I convert into minuets hours and da... by Talking_Master Explorer in Splunk Search 07-21-2023 0 1	0	1
	How many login attempts can be seen in the logs for username=admin? I'm trying to complete the lab for my cybersecurity course. I googled few thing for this question, but this question ... by ravik453 New Member in Splunk Search 07-21-2023 0 1	0	1
	TA_browscap add-on giving an error when performing a lookup Helloversion 9.0.0We are using v1.2 of the browscap add-on and are having issues with it performing searches. The ad... by drih Engager in Splunk Search 07-21-2023 0 1	0	1
	Running search on 2 indexes using lookup table Grateful if anyone can help or guide me in the right direction.I am running a search against a lookup table. The outp... by chr1s Engager in Splunk Search 07-21-2023 0 9	0	9
	Grouping events by specific field and generate timechart for both groups? There is a complicated requirement for me, the splunk beginner. Hope you can give me some advice. The splunk version:... by Sanshan Observer in Splunk Search 07-20-2023 0 3	0	3
	What are lookups for INGEST_EVAL in distributed deployment? Hi, Distributed deployment that includes SH Cluster and IDX Cluster, HEC on IDXs is used to receive the data.I want t... by ilya_resh Engager in Splunk Search 07-20-2023 0 0	0	0
	Heavy Forwarder from two sources to two splunk clouds with different indexes? I would like to forward logs from sources coming from udp inputs in a Heavy Forwarder to two splunk clouds with diffe... by iguardia Loves-to-Learn Lots in Splunk Search 07-20-2023 0 0	0	0
	How do I create a table with each row has separate search? I am beginner and i want to create something like this my Splunk search1 is index=XXX source="/opt/middleware/ibm/"... by Subbu Loves-to-Learn in Splunk Search 07-20-2023 0 3	0	3
	How to get the time of the event when finding maximum event count that has happened in a minute over a time I have a query to find the maximum event count that has happened in a minute over time as belowindex="xxx" "headers.a... by RemyaT Explorer in Splunk Search 07-20-2023 0 2	0	2
	Join/lookup/subsearch on multiple fields with precedence? We have a large (~500 line) report being used to calculate CVE scores and fill a summary index daily, with vulnerabil... by danielbb Motivator in Splunk Search 07-20-2023 0 0	0	0
	How to extract the new field into interesting field from raw event? Hi Team,we are trying to add new field as a display name into interesting field from below raw eventDisplayName: sam... by Nagalakshmi Path Finder in Splunk Search 07-20-2023 0 3	0	3
	Why is eval case not evaluating fields? Hi, i have a field with the models, like below, and with this info i want to define a new field like brand. i trie... by lemospt Explorer in Splunk Search 07-20-2023 0 3	0	3
	How do I search field extraction for table? Hi, I have below scenario. Image_Name and Name_Space are being ingested with below variations in table A. Image_name ... by mbasharat Builder in Splunk Search 07-20-2023 0 16	0	16
	Dropdown panel issue- How do I get just one value in DIVISOR? i have two drop down panels Basically when i select any value in Monitored statistics the Divisor value should chang... by venky1544 Builder in Splunk Search 07-20-2023 0 1	0	1
	Routing and transforming to two different indexers? Today I have a custom sourcetype = custom:access_combined this is routed in its entirety at the heavy forwarder to tw... by ldnail_at_TI Path Finder in Splunk Search 07-20-2023 0 3	0	3
	InfoSec - Continuous Monitoring - Intrusion Detection Dashboard Would someone be able to help me understand how do to this? I would like to modify the built in dashboard in the Inf... by AJSCSA Loves-to-Learn Lots in Splunk Search 07-20-2023 0 1	0	1
	Editing current finding variance search Hello,I have an search that is used on a dashboard that I would like tweaked.Currently this search/panel displays the... by bryhoffman Explorer in Splunk Search 07-20-2023 0 1	0	1
	Need help with Regex Requirement is to fetch values for all agentName and put it in a field. Tried - 'agentName':\s(?<agentname>.*?,) but ... by sbhatnagar88 Path Finder in Splunk Search 07-20-2023 0 1	0	1
	Splunk query to use lookup data as a field value Hi,I have a lookup file which has ClientName,ostype,currentforwarderversion I wanted to know which Client is reporti... by umesh Path Finder in Splunk Search 07-19-2023 0 1	0	1
	Rex help From the below logs i want to capture DIM: data and CONSUMER: data using rex i am not sure about rex command much, p... by Harish2 Path Finder in Splunk Search 07-19-2023 0 1	0	1
	Unable to access event data for comparison reasons I have ingested configuration information from WebSphere Application Server. Specifically, appserver configuration da... by gsmith93 Engager in Splunk Search 07-19-2023 0 5	0	5
	How do I Compare field values between Lookup Table and Sourcetype and find the Delta Hello,I am facing issues to find delta.I have:Lookup Table: testaccount_holder.csv2 Field names in Lookup: account_no... by SplunkDash Motivator in Splunk Search 07-19-2023 0 6	0	6
	Optimize a search So we have this alert set up to check to see if any hostnames that are being monitored havnt received any time monito... by Abass42 Communicator in Splunk Search 07-19-2023 0 1	0	1
	Is there a query that will table and display the triple: Hi people,There was a good answer provided to part of this question here: Solved: Re: How to display a list of fields... by JohnEGones Communicator in Splunk Search 07-19-2023 0 2	0	2
	Add a custom column based on host value Hi, let me first state that I am very new to Splunk.How can I do the following please?I would like to add a column ca... by Naji Explorer in Splunk Search 07-19-2023 0 4	0	4