Splunk Search

Community Activity

How to remove comms and parenthesis? index="myIndex" app_name="myappName" My.Message = "failed to retrieve the workOrder"\| rex "Order (?<Order>[^\s]+)"... by Sureshp191 Explorer in Splunk Search 06-16-2023 0 10	0	10
How do I create a search to show Cisco logins sorted by User? I can search through cisco logs easily enough, and can also sort for logins, or failed logins without issue - but sin... by Crabbok Engager in Splunk Search 06-16-2023 0 1	0	1
How to add unique count column on the stats result? Hi, I have data as below \| date \| buyer \| product \|\| Jun-1 \| A \| P-01 \|\| Jun-1 \| A \| P-02 \|\| Jun-1 \| B ... by mia Explorer in Splunk Search 06-16-2023 0 3	0	3
How to write query to find perimeter fw details? Hi, I am trying to build a query on perimeter firewall how we can find the ips hitting to the fw. Thanks by AL3Z Builder in Splunk Search 06-16-2023 0 20	0	20
How to cancel scheduled alerts if no logs are being ingested? Hi, currently I have scheduled alerts that are triggered based on file count results. If count of 'file x' for that d... by Ana01 Loves-to-Learn Everything in Splunk Search 06-15-2023 0 2	0	2
How to extract two characters before last set of numbers in a string? Tried many variations but just cant get it right. Example Data:onetwoap321.siteonethreap3ua.somesiteoneforpd210.site... by jenkinsta Path Finder in Splunk Search 06-15-2023 0 2	0	2
How to combine two searches/data sets into one table? I have two searches/data sets that I would like to combine into a table, and am not entirely sure on what the correct... by Apples Explorer in Splunk Search 06-15-2023 0 4	0	4
Does anyone have an idea how to make a bitwise AND operation for a high number of events in Splunk? Hey all The PAN-OS traffic log include a log field ‚flags‘ ‚Flags‘ is a 32-Bit field that provide details on session.... by Berma New Member in Splunk Search 06-15-2023 0 3	0	3
How to get eval assignment of a nested JSON list does not assign? Hi, I'm trying to assign a list from a nested JSON event { "timestamp": "2023-06-14T18:03:57.047201+00:00", . ... by splunked38 Communicator in Splunk Search 06-15-2023 0 2	0	2
How to alert when a field value has > 500 events? Hello, I'm not sure how to achieve this. I need to create an alert for when a field (user) value has > 500 events fo... by mninansplunk Path Finder in Splunk Search 06-15-2023 0 2	0	2
How to make a query that counts by comparing values? I'm new to splunk and I'm asking for help. I will give an example as below. if event_id or orig_event are the same, c... by hyewonkim Engager in Splunk Search 06-15-2023 0 3	0	3
How to exclude data that is already duplicated? Hi , I have somthing data need to deduplicate. I got some data from two database and save in different indexes . I us... by Hong_TP Engager in Splunk Search 06-15-2023 0 1	0	1
Why is lookup not showing results? Hey all, Does anyone know why this isn't working (I'm a new Splunk user)? I'm trying to show the errorMessageFilter, ... by TolTest Explorer in Splunk Search 06-15-2023 0 10	0	10
How to build multisearch dynamically? This is mostly just a curiosity, motivated by this post on how to compare a particular time interval across multiple ... by w564432 Explorer in Splunk Search 06-14-2023 0 7	0	7
Is there any way to display single accurate values within each cell of the table? I have used search query like this- \| savedsearch REPORT1 \|chart values(COLUMN3) AS Status BY COLUMN2 PROCESS_ID\| fil... by Sss Path Finder in Splunk Search 06-14-2023 0 2	0	2
Why am I am receiving an error in 'rex' command? I am trying to use a similar splunk query:index="myIndex" appname="myapp" msg.result.message ="TradingSymbol(s):" \|... by Sureshp191 Explorer in Splunk Search 06-14-2023 0 4	0	4
How to go about stats count by a values between a range? I am trying to return data for a pie chart with a specified range of values. How would I go about this? \| stats co... by jenkinsta Path Finder in Splunk Search 06-14-2023 0 2	0	2
Is it possible to consider "time" as "_time" on logstash config? Hi I have logstash config that send logs to Splunk HEC. these data contain field that call "time". Now question is: I... by indeed_2000 Motivator in Splunk Search 06-14-2023 0 5	0	5
Why is search query within link is showing "Unexpected close tag" error? We are trying to run a rex command inside of a custom drill down link. Here is the relevant XML Code we are using: ... by whorst1 Engager in Splunk Search 06-14-2023 2 3	2	3
How can we create an API call that returns a link to a report? We need to call a search via the API and return a link to a report, produced by this call. Is it doable? So, I have s... by danielbb Motivator in Splunk Search 06-14-2023 0 1	0	1
Can I write a CSV Lookup that's Partial Matching? Dear All I have a CSV lookup with a column name column1 with below values MicroBest GoDear Bear And I have some l... by pagnihot Path Finder in Splunk Search 06-14-2023 0 1	0	1
How to split an event into parts and recombine with a common header? Hey all - thanks in advance!I have _raw log data that contains a header section and then what appears to be two entri... by curtisjester Explorer in Splunk Search 06-14-2023 0 5	0	5
How can I extract multiple file names from an event and add it as a separate field using rex command? Hi Team, We have a raw event where the message field consists of multiple file names, we want to extract those and ad... by Renunaren Loves-to-Learn Everything in Splunk Search 06-14-2023 0 5	0	5
How to extract field names against values in one (or more field)? Hi guys, Looking for help framing a query for the following scenario: index=index "designated field" Events show... by gordone Explorer in Splunk Search 06-14-2023 0 3	0	3
How to use the values of a CSV within a search? Hi all, Very new to Splunk here. I'm hoping to get some help. I'm trying to use some of the values in my CSV file as ... by TolTest Explorer in Splunk Search 06-14-2023 0 10	0	10