Splunk Search

Community Activity

Cloudwatch metrics averages/max etc grouped by account? Greetings, Splunk user but newbie still. I am building some searches to show AWS cloudwatch data averages per accoun... by pileofdata Loves-to-Learn in Splunk Search 07-05-2023 0 1	0	1
Help on dropdown list token HiI try to filter my table events from à dropdown list like thisOwner=$owner$The item syntax in the dropdown lis is l... by jip31 Motivator in Splunk Search 07-05-2023 0 5	0	5
Help with splunk query to find login events that happen at a strange time per user Working on a splunk query to find login events that occur outside of the users' typical sign in times. I do not want ... by brucewhaleham21 Loves-to-Learn Lots in Splunk Search 07-05-2023 0 3	0	3
error while searching host \| Error in 'litsearch' command: Your Splunk license expired Hello Splunk Support,When I search in Splunk console. I got an issue as below: Error in 'litsearch' command: Your Spl... by Syeds New Member in Splunk Search 07-05-2023 0 1	0	1
How to execute javascript after a search? Hi, I've copied the Search & Reporting app folder as my own app in /etc/apps, now I want to add some JS to be execute... by big_nuggets Explorer in Splunk Search 07-05-2023 0 2	0	2
Help with Field Extraction Using Regex I have 2 requests here. I am trying to extract and create a new field from logs. Logs for request 1: 2023-06-30 0... by MaddyRaj Engager in Splunk Search 07-05-2023 0 1	0	1
How to redirect dashboard to alternative URL Hi,We`ve got a dashboard sitting on a problematic SH and would like to clone and move it to another working SH.Is the... by tomapatan Contributor in Splunk Search 07-05-2023 0 2	0	2
How do I calculate the duration between Login and Logout of user? Hi guys! I want see the avg duration of activity of user on Splunk, but i didn't find the field of logout. by jtabilas Loves-to-Learn Everything in Splunk Search 07-05-2023 0 4	0	4
Why is my schedule search produce less result than the same query running adhoc? Hello,I have a simple query that run on the last 10 days of month, around 300k events something like:index=myindex RE... by phamxuantung Communicator in Splunk Search 07-05-2023 0 1	0	1
How to add dummy row with 0 when count returns 0? Hello Splunkers,I am using \| stats count by X, Y at the end of my query. X has 4 possible values and so does Y result... by vinaysathyanara Explorer in Splunk Search 07-05-2023 0 7	0	7
Compare multivalues from different rows In my search i have 2 rows, column specifying the week and the other column a multi-value field of EventIDs. I need t... by farhad Engager in Splunk Search 07-05-2023 0 3	0	3
Help with Field Extraction using Regex? I am trying to extract 2 fields from my logs. Logs: 10.218.136.20 - - [30/Jun/2023:02:36:32 +0000] "GET /api/v2/ru... by alexspunkshell Contributor in Splunk Search 07-04-2023 0 10	0	10
Extracting data which is incosistent I need to extract a time value from log file where the time value appears with a few different variations of characte... by nateNpgh Loves-to-Learn Lots in Splunk Search 07-04-2023 0 4	0	4
Why is there a 10000 rows limit? I ran a search which should show more than 10000 rows, but I get only 10000 rows back on the result. Is this a limita... by jiaqya Builder in Splunk Search 07-04-2023 1 11	1	11
Search limiting to objects in an AD Group I need to create a search that determines if an admin users password is changed. The current search pulls the domain ... by dennislevine New Member in Splunk Search 07-04-2023 0 3	0	3
Need a REGEX that can extract bits from all events of a similar type Hi All,I need a regex that can extract particular bits from proxy events equally e.g. there are different types of ev... by DanAlexander Communicator in Splunk Search 07-04-2023 0 7	0	7
Splunk ODBC datatype conversion issue Hello Splunk Experts,We are using Splunk ODBC to extract data from Splunk and load data to Qliksense. It was working ... by manojkumarmr New Member in Splunk Search 07-04-2023 0 0	0	0
Splunk search to check the sysmon process if not running hai all,i am using below splunk search to know the status if not running but its not giving if process was not runnin... by sekhar463 Path Finder in Splunk Search 07-04-2023 0 3	0	3
Search for one to many; one alert value, find all occurrences Hi,THe use case is GitHub Dependabot vulnerability alerts, once recevied, searching another index with GitHub SBOM li... by rwdan Loves-to-Learn in Splunk Search 07-04-2023 0 3	0	3
How to get function for today's month/day/year? I am writing a search query that looks for hosts that have appeared for the first time today and their count. Here is... by dan_growler Engager in Splunk Search 07-04-2023 1 6	1	6
How to split strings without delimiter? Hello,how can I split strings that are in the same line without delimiters into a new line?Have this lines that conta... by KalebeRS Explorer in Splunk Search 07-04-2023 0 1	0	1
rex Hi i need extract the below file name from extracted output MDTM\|07/02/2023 23:58:59.007\|[SFTP:3460819_0:eftpos:10.1... by Jagaspu Engager in Splunk Search 07-04-2023 0 6	0	6
Aggregation search for different fields help Hello everyone! I have Splunk events in the following format: activity_time: 2023-06-29T12:45:06Z event_time: 20... by heorhii12412 Explorer in Splunk Search 07-03-2023 0 6	0	6
How to create table based on below logs {"timestamp":"2023-06-28T11:00:13.545Z","message":"Time taken for Method1 Call : 3120","class":"com.xyz.enterprise.p... by UdayBhaskar Engager in Splunk Search 07-03-2023 0 2	0	2
Saved searches Run time Hello Splunkers,I had a question, I wanted to check the time on which my saved searches / scheduled reports and alert... by izzie123 Path Finder in Splunk Search 07-03-2023 0 3	0	3