Splunk Search

Community Activity

How do I calculate the duration between Login and Logout of user? Hi guys! I want see the avg duration of activity of user on Splunk, but i didn't find the field of logout. by jtabilas Loves-to-Learn Everything in Splunk Search 07-05-2023 0 4	0	4
Why is my schedule search produce less result than the same query running adhoc? Hello,I have a simple query that run on the last 10 days of month, around 300k events something like:index=myindex RE... by phamxuantung Communicator in Splunk Search 07-05-2023 0 1	0	1
How to add dummy row with 0 when count returns 0? Hello Splunkers,I am using \| stats count by X, Y at the end of my query. X has 4 possible values and so does Y result... by vinaysathyanara Explorer in Splunk Search 07-05-2023 0 7	0	7
Compare multivalues from different rows In my search i have 2 rows, column specifying the week and the other column a multi-value field of EventIDs. I need t... by farhad Engager in Splunk Search 07-05-2023 0 3	0	3
Help with Field Extraction using Regex? I am trying to extract 2 fields from my logs. Logs: 10.218.136.20 - - [30/Jun/2023:02:36:32 +0000] "GET /api/v2/ru... by alexspunkshell Contributor in Splunk Search 07-04-2023 0 10	0	10
Extracting data which is incosistent I need to extract a time value from log file where the time value appears with a few different variations of characte... by nateNpgh Loves-to-Learn Lots in Splunk Search 07-04-2023 0 4	0	4
Why is there a 10000 rows limit? I ran a search which should show more than 10000 rows, but I get only 10000 rows back on the result. Is this a limita... by jiaqya Builder in Splunk Search 07-04-2023 1 11	1	11
Search limiting to objects in an AD Group I need to create a search that determines if an admin users password is changed. The current search pulls the domain ... by dennislevine New Member in Splunk Search 07-04-2023 0 3	0	3
Need a REGEX that can extract bits from all events of a similar type Hi All,I need a regex that can extract particular bits from proxy events equally e.g. there are different types of ev... by DanAlexander Communicator in Splunk Search 07-04-2023 0 7	0	7
Splunk ODBC datatype conversion issue Hello Splunk Experts,We are using Splunk ODBC to extract data from Splunk and load data to Qliksense. It was working ... by manojkumarmr New Member in Splunk Search 07-04-2023 0 0	0	0
Splunk search to check the sysmon process if not running hai all,i am using below splunk search to know the status if not running but its not giving if process was not runnin... by sekhar463 Path Finder in Splunk Search 07-04-2023 0 3	0	3
Search for one to many; one alert value, find all occurrences Hi,THe use case is GitHub Dependabot vulnerability alerts, once recevied, searching another index with GitHub SBOM li... by rwdan Loves-to-Learn in Splunk Search 07-04-2023 0 3	0	3
How to get function for today's month/day/year? I am writing a search query that looks for hosts that have appeared for the first time today and their count. Here is... by dan_growler Engager in Splunk Search 07-04-2023 1 6	1	6
How to split strings without delimiter? Hello,how can I split strings that are in the same line without delimiters into a new line?Have this lines that conta... by KalebeRS Explorer in Splunk Search 07-04-2023 0 1	0	1
rex Hi i need extract the below file name from extracted output MDTM\|07/02/2023 23:58:59.007\|[SFTP:3460819_0:eftpos:10.1... by Jagaspu Engager in Splunk Search 07-04-2023 0 6	0	6
Aggregation search for different fields help Hello everyone! I have Splunk events in the following format: activity_time: 2023-06-29T12:45:06Z event_time: 20... by heorhii12412 Explorer in Splunk Search 07-03-2023 0 6	0	6
How to create table based on below logs {"timestamp":"2023-06-28T11:00:13.545Z","message":"Time taken for Method1 Call : 3120","class":"com.xyz.enterprise.p... by UdayBhaskar Engager in Splunk Search 07-03-2023 0 2	0	2
Saved searches Run time Hello Splunkers,I had a question, I wanted to check the time on which my saved searches / scheduled reports and alert... by izzie123 Path Finder in Splunk Search 07-03-2023 0 3	0	3
How to list of all indexes and all fields within each index? I can obtain a list of fields within an index eg.index=bind_queries \| stats values() AS \| transpose \| table column... by TonyJobling New Member in Splunk Search 07-03-2023 0 4	0	4
Need to make changes in correlation search audit query Hi all,I'm trying to audit correlation searches in my environment but unable to view the "Last Modified By" "Last Mod... by AL3Z Builder in Splunk Search 07-01-2023 0 3	0	3
How to find a user behind an action? Hi I have a report showing who have added or removed a person to or from a group. Like :index="win*" (EventCode=4728 ... by Loepp Observer in Splunk Search 06-30-2023 0 6	0	6
Splunk search to find the traffic of Heavy Forwarders reporting with their IP address? Hello, Can someone please help me with the Splunk search to find the list of Heavy Forwarders reporting with their IP... by Roy_9 Motivator in Splunk Search 06-30-2023 0 4	0	4
How to use subquery values in a where clause? Im trying to do this: aid=0 Overflowexception msg="Print completed" @t<first \| [search Overflowexception \| stats min... by Staale New Member in Splunk Search 06-30-2023 0 6	0	6
How to find common field values in different action? Hello All,I want to create an alert to find certain actions done by users from same Index.Index= myindexsourcetype= m... by navan1 Explorer in Splunk Search 06-30-2023 0 4	0	4
extract two different field values into one field using regex Hi All,I am fairly new to Splunk and I have bit of a challenge in front of me which I am not able to resolve. I have ... by man03359 Communicator in Splunk Search 06-30-2023 0 1	0	1