Splunk Search

Community Activity

Why doesn't the Automatic lookup work? I have a new lookup setup I want to query against it .presently its not working may I know what I have to do in order... by rajneeshc1981 Explorer in Splunk Search 05-25-2023 0 12	0	12
Help with logs line breaking issue? My application logs json object . Sample logs look like this: {"ts":"05 25 2023 14:57:05.114","msg":"Listeners is... by ajitdev381 Engager in Splunk Search 05-25-2023 0 1	0	1
Help with making stats table in decreasing order I am looking for the table to be in decreasing order and with the Total row on top. This is my current search. index=... by jialiu907 Path Finder in Splunk Search 05-25-2023 0 1	0	1
How can I find all scheduled searches that have a timeframe of 'All time'? I am looking to find all scheduled searches within the environment that are using a timeframe of 'All time' e.g. if a... by cwhelan Explorer in Splunk Search 05-25-2023 0 10	0	10
Why am I unable to search with string tokens against two fields on an lookup? Hi, I have a dashboard where the data is coming from a lookup called "ABC" which has 2 fields called "src_ip" and "de... by POR160893 Builder in Splunk Search 05-25-2023 0 2	0	2
How to use timechart to display whether a log exists or not over a certain time range in 15 minute buckets? I am trying to write a search that displays a table that shows whether a log in cloud watch exists or not every 15 mi... by JohnCM8181 New Member in Splunk Search 05-25-2023 0 1	0	1
How to convert nested xml block into json formatted nested block ? I have the below sample botsv3 sample data set which is sysmon in xml format. I need to convert that into json format... by damode1 Path Finder in Splunk Search 05-24-2023 0 5	0	5
How to select the value of a field where another field equals a specific value? Hi! I have a search query problem that's wrecking my newbie brain. I have log events that look like this: { "op... by TravellingGuy Engager in Splunk Search 05-24-2023 0 4	0	4
How can I resolve this syntax error? Hi All I have a room mailbox in office365 and i want to get the information of how many meetings were booked for one ... by risingflight143 Explorer in Splunk Search 05-24-2023 0 1	0	1
How to extract a field in using regex? I am relatively new to Splunk and I am trying to extracting fields in Splunk, I have a pattern I am attempting to ex... by man03359 Communicator in Splunk Search 05-24-2023 0 6	0	6
How to make a for loop query from a lookup table? I have a lookup table from which I need to read the IP addresses one by one, perform calculations on each address, an... by k_ashabi Loves-to-Learn Lots in Splunk Search 05-24-2023 0 7	0	7
Why is heavy forwarder not sending _audit and _internal logs to indexer? Hi All, We noticed that one of our Heavy Forwarder has not been sending _audit and _internal logs to our indexer. It ... by neeravmathur Path Finder in Splunk Search 05-24-2023 0 7	0	7
Email regex from mail.log to extract 2 email addresses, display them in a table? I have mail.log. This is displayed in the "Event" column: May 24 14:02:05 srv7 amavis[10129]: (10129-08) Passed C... by devtech83 Engager in Splunk Search 05-24-2023 0 1	0	1
Why does Dropdown retain entries from old query result? I have a query for for my dropdown with tokens inserted here and there and whenever the values on those tokens change... by jonvijay1993 Explorer in Splunk Search 05-24-2023 0 4	0	4
Nessus data charting- How to make a trend chart of specific data set? I am making a trend chart of specific data set. What I am looking for is (generic example)index=nessus \| eval Month=s... by jenkinsta Path Finder in Splunk Search 05-24-2023 0 2	0	2
How to execute/ignore block of code based on token values? I have a union [] command that I want to execute only if a check box is checked, how can I manage this? SPL2 branch d... by jonvijay1993 Explorer in Splunk Search 05-24-2023 0 11	0	11
What is the quickest and safest way to move indexed data from one location to another? What's the quickest and safest way to move indexed data from one location to another? I have data that is currently s... by acontarciego Explorer in Splunk Search 05-23-2023 3 7	3	7
How to convert multiple individual json objects into a nested json object in an event ? I want to convert some of the below individual json objects in the event into nested single json object like the seco... by dm1 Contributor in Splunk Search 05-23-2023 0 2	0	2
How to convert multiple individual json objects into a nested json object ? I want to convert some of the below individual json objects in the event into nested single json object like the seco... by damode1 Path Finder in Splunk Search 05-23-2023 0 2	0	2
How to search or extract specific key/value pair from array? Using the Splunk addon for AWS to collect ec2 instance metadata I get an array called tags with key/value pairs such ... by rolabrie Loves-to-Learn in Splunk Search 05-23-2023 0 8	0	8
How to correlate similar field values together and adding totals? I am trying to use a lookup we use to track usage of exceptions in one of our platforms so that we can remove unneede... by jacobfrasca New Member in Splunk Search 05-23-2023 0 1	0	1
How to create multiple values in time chart based on dropdown menu token? I am looking to have a time chart table that has a dropdown menu based on a token, be able to show all of the values... by jialiu907 Path Finder in Splunk Search 05-23-2023 0 2	0	2
How to get that file to be replicated to the other search heads? I have a cron job that creates a lookup file under $splunkhome$/etc/apps/search/lookups on one of the search heads. H... by umd06 Engager in Splunk Search 05-23-2023 0 1	0	1
How to extract field names from an object or nested JSON field? For these following two events: { "people": { "bob": 172, "maria": 161 } } { "people": { "bob": 1... by SwervyMcBourbon Engager in Splunk Search 05-23-2023 0 2	0	2
How to combine two lookups? On Splunk, I have the following 2 searches: 1)`ABC_logs(traffic)` user != "unknown" src_ip IN () dest_ip IN () \| st... by POR160893 Builder in Splunk Search 05-23-2023 0 1	0	1