Splunk Search

Community Activity

How to write a query to check IP addresses in Subnets? Hi, I am trying to establish a query that checks whether a random src IP is in a specific subnet.However, all the sub... by POR160893 Builder in Splunk Search 06-01-2023 0 2	0	2
Splunk query for bayesian check- Why am I getting error? I am trying to refine search based on a sub query, where sub query is not a filter of outer query. I need to check if... by mahesh21894 New Member in Splunk Search 05-31-2023 0 2	0	2
Is there anything comparable to SPL for offline use? I love love love Splunk and especially SPL! It makes it so easy to generate very granular and detailed reports on lar... by ttovarzoll Path Finder in Splunk Search 05-31-2023 0 4	0	4
How to use the lookup table into a macro with parameters? I have a lookup table with filters and SPLs columns/values by product/client. I want to use a macro passing the produ... by rafamss Contributor in Splunk Search 05-31-2023 0 5	0	5
How to compare numbers before and after a special char? Hello, I have a log file that spits out data like the below. I want to be able to evaluate the the numbers either si... by HelloItsMe76 Explorer in Splunk Search 05-31-2023 0 1	0	1
Trouble getting a very basic search to work- Is there a way to get just a portion of log entry? I'm using the "LogPush" feature from Cloudflare to get "log events" put into a Splunk index. The log events are all J... by kcantrel Explorer in Splunk Search 05-31-2023 0 19	0	19
How to count the occurrences based off two matching fields? Hi,I have two searches,..First search which will run once per day lookback -24h@h , latest=now cron: 5 4 * * * and wr... by innoce Path Finder in Splunk Search 05-31-2023 0 3	0	3
How to modify the search query to get the count of fields separately? Hi, I am relatively new to Splunk. I am trying to achieve the output as - StoreRegisterSuccess_CountFailure_CountTota... by man03359 Communicator in Splunk Search 05-31-2023 0 6	0	6
How to build a Splunk search to build a table for PASS and FAIL percentage? Hello Everyone, This is the extension of previous query which I posted- https://community.splunk.com/t5/Splunk-Search... by super_edition Path Finder in Splunk Search 05-31-2023 0 4	0	4
How to combine two searches on different sources based on one common field value? I have two different searches: 1. index=xoom_app_online_checkout_orchestration_api user_id residence_country=US reque... by gsbpp Explorer in Splunk Search 05-30-2023 0 1	0	1
Why is replace giving empty string? Sample event { durationMs: 83 properties: { request-id: 1c910793-8be4-4850-83d5-f360b4b05478 ... by YatMan Explorer in Splunk Search 05-30-2023 0 6	0	6
Automatic Lookup, matching on multivalue not working? I'm trying to configure an automatic lookup and match multivalue field of IP addresses (in the lookup) on an IP field... by ejwade Contributor in Splunk Search 05-30-2023 0 1	0	1
How to match an IP address to a lookup with IP ranges? I have an IP field that I'm trying to match against a lookup that contains DHCP ranges. For example, assume the looku... by ejwade Contributor in Splunk Search 05-30-2023 0 2	0	2
How to change the date format of the Date Picker in SplunkWeb UI? When I am using Splunk Web to perform a date-range (or date and time range) search, the Date Picker is in the US date... by doetraar Engager in Splunk Search 05-30-2023 1 1	1	1
How to see SPLUNk.d log? Is it possible to see the Splunk the log in the graphical user interface (the web interface), supposedly you can see ... by Quantum Explorer in Splunk Search 05-30-2023 0 3	0	3
How to troubleshoot “Error in 'inputlookup' command: External lookup table 'inputlookup' returned error code 13053..."? Hello I'm getting this error when I go into the Enterprise console and look at the security posture it's been going o... by quantum1 Engager in Splunk Search 05-30-2023 1 4	1	4
How to fix token with a field created using "eval"? so I created a field like so: \|eval message_id=AREA.SUBID\| stats count as "Number of message_id" by message_id\| sort ... by Goldenfit Explorer in Splunk Search 05-30-2023 0 2	0	2
How to determine the alarm alarm when the source IP reaches the destination IP more than 100 times? index="*" tag=fw action=blocked\| stats values(dest) as dest by src\| eval dest = dest\| where dest > 10 by andynina Engager in Splunk Search 05-30-2023 0 1	0	1
How to update column values if results found in another column? There are two columns with headings "new image Name" and "source image Name". The new images are derived from source... by akrishnam Engager in Splunk Search 05-30-2023 0 3	0	3
How can I send a notification when file is missing? Hello dear community, I am new here and hope for warm support. The following problem I have to solve: I have several ... by appsik Explorer in Splunk Search 05-30-2023 0 34	0	34
How to return count of certain text using Splunk regular expression? I have an input string which contains strings like code =test1 description=test1 description status = pending,code ... by ABHAYA Path Finder in Splunk Search 05-30-2023 0 5	0	5
How to search error messages in log file? Hi, I am new to Splunk. How to search error messages in the log file using SPL.I am using the below formats to search... by akothapx Engager in Splunk Search 05-29-2023 0 3	0	3
Latest event filter on status- How to get the failed tasks? I have a query that is giving the latest event of the task but I want to filter the query for a status <base query>... by splunkuser320 Path Finder in Splunk Search 05-29-2023 0 3	0	3
Help with If The Else Condition? am writing an If Then Else Evaluation statement and could use some help. If (PRIORITY=02 AND Condition=Alarm) then... by mmwells Explorer in Splunk Search 05-29-2023 0 2	0	2
Change textbook to search on multiple values? Hi, I have the following search that searches an index based on 2 textbook inputs: \| inputlookup ABC \| search src=$sr... by POR160893 Builder in Splunk Search 05-29-2023 0 1	0	1