Splunk Search

Community Activity

How to create a search to check which user disabled/enabled alert? Splunk query to check which user disabled/enabled alert. by AnmolKohli Explorer in Splunk Search 07-13-2023 2 9	2	9
How do I extract certain fields into a KV Store and then perform checks against that KV Store So I'm ingesting advanced hunting logs into Splunk and one of the interesting fields is properties.InitiatingProcessS... by jhilton90 Path Finder in Splunk Search 07-13-2023 0 3	0	3
ASA Firewall events IP extract Hello everyone,I need to extract the first IP from ASA events, after the first IP sometimes there are 3 other IPs, so... by evallja Path Finder in Splunk Search 07-13-2023 0 3	0	3
Splunk query Suppose there are 5 events in raw text in Splunk as below:"host":"111.123.23.34","level":1,"msg":"cricket score : 10"... by Awanish1212 Explorer in Splunk Search 07-13-2023 0 4	0	4
IF NOT condition is not working in eval token in my the search query Hi,I am trying to create 2 fields based on if condition. If in the logs, 200 Emv error or NoAcquirerFoundConfigured p... by man03359 Communicator in Splunk Search 07-13-2023 0 4	0	4
How to set earliest and latest time based on current time in savedSearch Hi Splunk Experts,I've a scheduled savedSearch where it runs every 5 mins, with the Schedule window of 2 minutes. Ins... by Thulasinathan_M Contributor in Splunk Search 07-13-2023 0 4	0	4
Splunk Query - how to get sum of count for a specific field I am having a below query and the sample output shown: index=<search_string> earliest=-30d@d\| timechart span=1m align... by shashankk Communicator in Splunk Search 07-13-2023 0 3	0	3
Need help in displaying results in column Hi Legends,Need help in displaying start time, when error occurred and end time when it got resolved , in separate co... by nicksrulz Explorer in Splunk Search 07-12-2023 0 1	0	1
Help with splunk search for unix timestamp? I want to create an alert for which I am writing a search query but I am unable to filter using the time range picker... by vinothkumark Path Finder in Splunk Search 07-12-2023 0 5	0	5
Why do I keep getting outliers in network? Hi Team, I'm trying to find outliers in the network kpi for a project but every time I run this query I get 0 outlie... by Hassan989 New Member in Splunk Search 07-12-2023 0 1	0	1
How to find the average, min, and max values per minute for a 7 day search? I'm trying to find the avg, min, and max values of a 7 day search over 1 minute spans. For example: index=apihits a... by tkwaller Builder in Splunk Search 07-12-2023 0 7	0	7
How to add a row with statistics for the last week? Hey guys! I need the statistics of a bunch of data by month. And this is done already. search\|eval Month=strftime(_ti... by qqzj Explorer in Splunk Search 07-12-2023 0 1	0	1
Excluding logs with specific keywords from dashboards Hello, I have application which ends specific kind of log. Every log have a jobId field and additional information" r... by kp2 Loves-to-Learn Lots in Splunk Search 07-12-2023 0 5	0	5
Using lookup table to circumvent search time constraints I just want a sanity check to see if this is possible before I go through the effort. I am currently restricted to se... by michaeler Communicator in Splunk Search 07-12-2023 0 3	0	3
How to work out average Hi all i have a search running with the following resultsdate_year count 2022 ... by PaulaCom Path Finder in Splunk Search 07-12-2023 0 9	0	9
need time fields extracted as start and end time 1q) i have my search starting with earliest=-1mon latest=now()i want to get the dates as startdate = earliest and end... by venky1544 Builder in Splunk Search 07-12-2023 0 1	0	1
How to identify '\n' in Splunk rex? SPL as below: \| makeresults\| eval TEST="\n User-Agent: iOS/16.4.1 iPhone\n P-Access-Network-Info: 3GPP-NR-TDD;utran-... by Tao_Zeng Explorer in Splunk Search 07-12-2023 0 6	0	6
Splunk Enterprise free - user preferences Hi all,I use splunk enterprise with the free license at home. This week I upgraded to version 9.1.0.1 and I was happy... by Hoekb03 Explorer in Splunk Search 07-12-2023 0 1	0	1
How to extract string before specific character Hello. I want to extract strings anything comes before "\|" .ex.Math \|Math \| Science \| MathEnglish \| MathScience \| Sci... by marinella26 Explorer in Splunk Search 07-12-2023 0 2	0	2
Httpstatuscode success/failure Hi All,I have 3 API's 1. in first API the status are code 200 & 403 as a success reaming all status codes are failure... by lucky Explorer in Splunk Search 07-12-2023 0 1	0	1
Unable to get 4 weeks average of same day by each store Hi all , I am trying to get the average of sum of last 5 weeks data by each store . As in if today's monday I want va... by rebelnato New Member in Splunk Search 07-12-2023 0 1	0	1
Not able to add forward-server on splunk universal forwarder This is what happening, /opt/splunkforwarder/bin # ./splunk add forward-server <splunk-server-ip>:9997it asks for cre... by porasm1998 New Member in Splunk Search 07-12-2023 0 3	0	3
How to extract random numbers There are over 10000 events and I want to extract events of 100 random Users.Is there any simple way to extract this?... by marinella26 Explorer in Splunk Search 07-11-2023 0 2	0	2
identify and generate alerts for specific policies Hi all,When I run this query it is not giving any alerts from the policies marked in red color what changes do we nee... by AL3Z Builder in Splunk Search 07-11-2023 0 1	0	1
How to use rex to extract from logs. I want to extract that BID@ from the log. and for other logs the external ID will be different so what will be the ... by avi7326 Path Finder in Splunk Search 07-11-2023 0 1	0	1