Splunk Search

Community Activity

Upgrade Splunk Enterprise from 8.x to 9.x We are currently required to upgrade our Splunk environment from version 8.2.4 to version 9.x, and we are concerned a... by Amirahussein Path Finder in Splunk Search 05-22-2023 0 1	0	1
How to configure alert when a service is in failed state in a centos server? We have configured some program to run as a service in Unix server. I want to configure an alert in Splunk that when... by londonColney Loves-to-Learn in Splunk Search 05-21-2023 0 0	0	0
How to search for disk usage greater than 70 percent for 10 mins? I wanted to know how we can construct a search query for a service which is running on a centOS server and the utiliz... by londonColney Loves-to-Learn in Splunk Search 05-21-2023 0 2	0	2
Help on SPL for Lateral Movement? Hello Folks, I am new with Splunk. I am looking to build a query to detect lateral movement using Windows Service cre... by john-doe Engager in Splunk Search 05-20-2023 0 3	0	3
How retrieve search results via Splunk API? I recently enabled Splunk tokens (using SAML authentication) and am able to successfully execute basic API calls (suc... by qcjacobo2577 Path Finder in Splunk Search 05-19-2023 0 1	0	1
How to have all of the CLTW workstations to be summed up as 1 count and so forth for the other locations? I am having trouble with using the time chart command effectively to make count of all workstations and with them bro... by jialiu907 Path Finder in Splunk Search 05-19-2023 0 9	0	9
Why are streamstats reset_after for streamstats aggregation not working? Hello,I am trying to use Streamstats with Sum(value) and I want to reset that sum after it reaches a certain threshol... by patientsplunker Loves-to-Learn Everything in Splunk Search 05-19-2023 0 12	0	12
Why did the search job terminat unexpectedly? We have a job which is getting terminated intermittently , even though when this search gets executed successfully it... by VK_27 Loves-to-Learn in Splunk Search 05-19-2023 0 2	0	2
How to view tools.csv file? Hi There, I am currently looking at a search within Splunk Security Essentials (Concentration of Attacker Tools by Fi... by jamie1 Communicator in Splunk Search 05-19-2023 0 2	0	2
How to find max(_time) for sourcetypes & host by sourcetype host? I found the following search to identify Missing / New sourcetypes and made a few changes.I am getting data and my ne... by sjringo Contributor in Splunk Search 05-19-2023 0 4	0	4
How to search based on embedded search and partial string matching? Hello, Not sure if something similar has been posted but what i'm trying to do is a partial match of all the ids in o... by silence09 Engager in Splunk Search 05-19-2023 0 5	0	5
Is it possible to alternate colors and values for bar chart on weekly basis? Hi all, I want to ask if it's even possible to somehow alternate the values in stacked bar chart, that one week the f... by verothor Path Finder in Splunk Search 05-19-2023 0 4	0	4
How to calculate SLA? my query below (Index=x source=xtype valid) or (index=y source= ytype passed) \| eval which=if(match(_raw, " valid"),... by Sekhar Explorer in Splunk Search 05-19-2023 0 2	0	2
How to merge two panels into one panel in a single row in simple xml dashboard? Hi Team, We have dashboard which will contains the daily job related information. In that we have two panels like bel... by Renunaren Loves-to-Learn Everything in Splunk Search 05-18-2023 0 1	0	1
Upgrading Splunk 8.0.x to 9.0.x I currently have a Heavy Forwarder that forwards logs to Splunk Cloud but the heavy forwarder version is at version ... by splunkcol Builder in Splunk Search 05-18-2023 0 1	0	1
Does the Elasticsplunk app no longer exist? Hello, I have noticed that the Elasticsplunk app no longer exists https://splunkbase.splunk.com/app/3493 I do not kno... by splunkcol Builder in Splunk Search 05-18-2023 0 2	0	2
How to do something like if two of more of ( s1,s2,s3 ) in URL, and symbol count > 2 in url? .... url = "abc-jjjj-j-xyz.exmaple.come"\|eval s1 = abc\|eval s2 = efg\|eval s3 = xyz\|eval symbol ="-" how do i do somet... by bluewizard Explorer in Splunk Search 05-18-2023 0 3	0	3
How to count after rex multivalue? Hi, I am doing rex on a field that looks like this (showing multiple events below) a#1\|b#30\|c#6\|d#9 b#5\|d#7\|e#5\|f#4 a... by kp3343 Engager in Splunk Search 05-18-2023 0 1	0	1
How to combine results of inputlookup and a search to a table? I want to search from a lookup table, get a field, and compare it to a search and pull the fields from that search ba... by tcpcannon Loves-to-Learn Lots in Splunk Search 05-18-2023 0 0	0	0
How can I search for the alerts usecase? Hi, Need a search for the below usecase Search for alert_type=ufa and alert_name=" suspicious Downloads"Please incl... by AL3Z Builder in Splunk Search 05-18-2023 0 1	0	1
How to upload updated lookup CSV to Splunk Cloud using REST API WITHOUT using the UI? We're heavy SplunkCloud users and have run into a roadblock. We have a lookup CSV file that needs to be updated dail... by gkiffney Engager in Splunk Search 05-18-2023 9 8	9	8
How to timechart percent values generated by top command? I'm using a pretty straightforward query to see how many unique HTTP status codes are thrown from an IIS server durin... by beetlegeuse Path Finder in Splunk Search 05-18-2023 0 4	0	4
How to obtain the user account from a user SID ? Hi,I am creating a query to identify users connected to our Exchange on-prem servers using Microsoft Modern Authentic... by corti77 Contributor in Splunk Search 05-18-2023 0 7	0	7
How to search for records between respective timezones? We have logs from multiple region, but only want to report those between respective regions working hours.Created fol... by ran_deep New Member in Splunk Search 05-18-2023 0 1	0	1
How to create column from below output? Hi Team, Am using below query and wanted to create table out of raw data splunk query - index=* ("Exception occurred... by bhaskar5428 Explorer in Splunk Search 05-18-2023 0 9	0	9