Splunk Search

Community Activity

How to get a list of websites from IIS servers with the Splunk IIS Addon? Hello We currently have multiple IIS servers with multiple websites and our goal is to setup a dashboard “overview” p... by Hudond Path Finder in Splunk Search 06-13-2023 0 8	0	8
How to display a single error in multiple inputs? Hi , I have a search query - \| search Region = EMEA\| eval Status=case(Statistic=0,"Green" ,Statistic=2,"Red",Statist... by Dayalss Engager in Splunk Search 06-13-2023 0 3	0	3
How to write a query to use regex on the basis of if statement? HI, I am looking for splunk query to use regex on the basis of if statement. Query: index=jfrog_index "org.artifact... by Abhineet Loves-to-Learn Everything in Splunk Search 06-12-2023 0 4	0	4
How to optimize search query with join? Hi All, i am using below query to get the common results on the basis of correlation_id but it is very slow,I need to... by Splunk4 Explorer in Splunk Search 06-12-2023 0 5	0	5
How to compare difference in a field from two different events? I am looking to compare two events in same index and sourcetype differentiated by snapshot id's, the main task is to ... by ashvinpandey Contributor in Splunk Search 06-12-2023 0 1	0	1
Why does subsearch always have zero results? Hello Everyone. I have a search with a subsearch that's correctly running on a test environment (Splunk 8.2.9). Now I... by Lavani Observer in Splunk Search 06-12-2023 0 1	0	1
Is there a way to input .csv lookups in a tstats Heartbeat query? Hello! Rather than manually specifying the indexes I want to perform this heartbeat query on, I was wondering if ther... by john_c_calhoun Explorer in Splunk Search 06-12-2023 0 1	0	1
How to use field value from outer query in inputlookup? Hi, I'm trying to find whether a lookup file is available or not. If yes, I want to use the same file, if not I want ... by Thulasinathan_M Contributor in Splunk Search 06-12-2023 0 8	0	8
How to parse JSON like-data with extracted server name as a column? Howdy We've got this data: Each log line is like: {"serverX.somedom.com" : {"key.value.pair1": "0", "key.value.pa... by modulussplunk Loves-to-Learn in Splunk Search 06-12-2023 0 1	0	1
How to change background color based on string values in new Dashboard Studio? Dear All I am new to dashboard studio in Splunk. I have a single value panel displaying a string. There are two poss... by pagnihot Path Finder in Splunk Search 06-12-2023 0 0	0	0
Can anyone confirm possible bug when using mvzip with xpath extracted fields? Hello Splunk experts, I am encountering strange behaviour when using mvzip on fields extracted using xpath commands. ... by siddharthprabhu Explorer in Splunk Search 06-12-2023 0 6	0	6
How to use mvfilter Function to search two field values? Hello All,I wanted to search "field_A" data value from "field_B" data values into "field_C" but only if field_A valu... by Mr_Adate Explorer in Splunk Search 06-12-2023 0 3	0	3
How to extract multivalue data to dynamic fields? I am trying to extract multi value fields and set dynamic fields with values based on the extracted data. I am able t... by jmartens Path Finder in Splunk Search 06-12-2023 0 1	0	1
How to create a dropdown filter with strings from a csv file? Hello,I'm new on the splunk community, how do I create a dropdown with strings retrieved from a csv file separated by... by KalebeRS Explorer in Splunk Search 06-12-2023 0 1	0	1
How to match append result? index=os process=sshd name="session opened" action=success\| eval user=upper(user)\| lookup all_svc_samaccountname.csv ... by graceojo34 Loves-to-Learn in Splunk Search 06-11-2023 0 2	0	2
How to create custom results? Dear Splunker, i need you help in creating custom results to include in a report and output it in a table for stati... by msalghamdi Path Finder in Splunk Search 06-11-2023 0 2	0	2
Proofpoint sending logs with missing information, there anything that I can change or edit? Hi all, I have an issue with the logs I am receiving from Proofpoint. The issue is that I am receiving logs with eith... by daniaabujuma Explorer in Splunk Search 06-11-2023 0 4	0	4
How to correlate across two lists in a stats I want to correlate across two lists and display the results.Log data:06/10/2023 05:04:12 ACMIUY-6500-2345-20230610... by t_splunk_d Path Finder in Splunk Search 06-11-2023 0 3	0	3
How to arrange events into groups and count number of events in each group? I have log lines like these: 2023/06/09 13:19:31.245 : AUDIT- INFO: Adding profile with id 00001 to TPT2023/06/09 13:... by hasham19833 Loves-to-Learn Lots in Splunk Search 06-10-2023 0 4	0	4
Why are search results different when running a search in the Search app versus a dashboard panel? Hi, I have a search as a dashboard panel. When I execute the search on the dashboard, the result is incorrect. Wha... by splunked38 Communicator in Splunk Search 06-10-2023 1 8	1	8
How to compare data between two business weeks using time chart excluding weekends? Hello Team, Could you please suggest on how to create an overlapping graph which compares this week's data and previo... by Devi13 Path Finder in Splunk Search 06-10-2023 0 4	0	4
create alert to detect RDP nesting- Convert QKL to SPl Understand RDP Nesting RDP nesting refers to the practice of establishing multiple Remote Desktop Protocol (RDP) sess... by Aiden12233 Engager in Splunk Search 06-10-2023 0 1	0	1
How to optimize my dashboard panel I have a search that gets the top users over a long periods of time . It also displays the most common field X value ... by klim Path Finder in Splunk Search 06-09-2023 0 2	0	2
What is a good way to match records against a secondary source, say a lookup file? (more than 10k rows) Hi. Got some great help using subsearches to match against a directory (CSV or SQL) using a sub search (https://commu... by loganramirez Path Finder in Splunk Search 06-09-2023 0 1	0	1
Help with \| rex command to extract a field? hello everyone, my event data looks like this {\"status\":1,\"httpStatus\":200,\"event\":\"getBooks\"} ... by adhwihhiahwd Engager in Splunk Search 06-09-2023 0 3	0	3