Splunk Search

Community Activity

Does the Elasticsplunk app no longer exist? Hello, I have noticed that the Elasticsplunk app no longer exists https://splunkbase.splunk.com/app/3493 I do not kno... by splunkcol Builder in Splunk Search 05-18-2023 0 2	0	2
How to do something like if two of more of ( s1,s2,s3 ) in URL, and symbol count > 2 in url? .... url = "abc-jjjj-j-xyz.exmaple.come"\|eval s1 = abc\|eval s2 = efg\|eval s3 = xyz\|eval symbol ="-" how do i do somet... by bluewizard Explorer in Splunk Search 05-18-2023 0 3	0	3
How to count after rex multivalue? Hi, I am doing rex on a field that looks like this (showing multiple events below) a#1\|b#30\|c#6\|d#9 b#5\|d#7\|e#5\|f#4 a... by kp3343 Engager in Splunk Search 05-18-2023 0 1	0	1
How to combine results of inputlookup and a search to a table? I want to search from a lookup table, get a field, and compare it to a search and pull the fields from that search ba... by tcpcannon Loves-to-Learn Lots in Splunk Search 05-18-2023 0 0	0	0
How can I search for the alerts usecase? Hi, Need a search for the below usecase Search for alert_type=ufa and alert_name=" suspicious Downloads"Please incl... by AL3Z Builder in Splunk Search 05-18-2023 0 1	0	1
How to upload updated lookup CSV to Splunk Cloud using REST API WITHOUT using the UI? We're heavy SplunkCloud users and have run into a roadblock. We have a lookup CSV file that needs to be updated dail... by gkiffney Engager in Splunk Search 05-18-2023 9 8	9	8
How to timechart percent values generated by top command? I'm using a pretty straightforward query to see how many unique HTTP status codes are thrown from an IIS server durin... by beetlegeuse Path Finder in Splunk Search 05-18-2023 0 4	0	4
How to obtain the user account from a user SID ? Hi,I am creating a query to identify users connected to our Exchange on-prem servers using Microsoft Modern Authentic... by corti77 Contributor in Splunk Search 05-18-2023 0 7	0	7
How to search for records between respective timezones? We have logs from multiple region, but only want to report those between respective regions working hours.Created fol... by ran_deep New Member in Splunk Search 05-18-2023 0 1	0	1
How to create column from below output? Hi Team, Am using below query and wanted to create table out of raw data splunk query - index=* ("Exception occurred... by bhaskar5428 Explorer in Splunk Search 05-18-2023 0 9	0	9
How to pick dynamic date value and add as filter in query? HI Team, I am posting only part of the query to avoid confusion. the sourcetype logs data for past 10 days everyday... by Siri9996 Engager in Splunk Search 05-18-2023 0 7	0	7
Data Onboarding line break at empty lines Hi.. Spent some one or two hrs, but no luck, hence posting here.. the sample logs:1.1.1. test log a 1.1.1. test log a... by inventsekar SplunkTrust in Splunk Search 05-17-2023 0 3	0	3
Why am I receiving ModuleNotFoundError with custom module? I'm trying to use a Python script with a custom module for a external lookup on Splunk. When running/opt/splunk/bin/s... by newrose Explorer in Splunk Search 05-17-2023 0 5	0	5
How to compare data values with current date value? Hi I have some data events with Date value How to create splunk search if value of MAX_POSITION_DATE for TABLE2 SHO... by sekhar463 Path Finder in Splunk Search 05-17-2023 0 8	0	8
How to use token with a field created with "eval"? So i am trying to link this to a token from another panel but since "message_id" is a created field, it doesn't work.... by Goldenfit Explorer in Splunk Search 05-17-2023 0 4	0	4
Why is strptime() eval not working? I'm trying to evaluate the date string to a time format sing the strptime()the format I have is: Tue_Oct_25_03:57:49... by dtibi Explorer in Splunk Search 05-17-2023 0 9	0	9
inputlookup - How to search through all lookup fields Hi, Splunkers! Looking for easy way to get results from any lookup table like it might be: \| inputlookup mylookup \|... by evelenke Contributor in Splunk Search 05-17-2023 0 8	0	8
How to filter fields for specific user from a index? let's say i have 1 index and we have multiple users, i want to assign a role so that user A can only view 5 interesti... by happylearning Loves-to-Learn in Splunk Search 05-17-2023 0 2	0	2
How to make eval now() takes latest time filter? I have a search that makes a decision based on time since an event. \| eval diff = now() - _time and then make so... by jamin358 Explorer in Splunk Search 05-17-2023 0 1	0	1
How to build correlationId (transactionId) search? Hi, Below is an example of my use case: timestampmessageIdcorrelationIdregioncategorytrace17/05/2023 00:001correlatio... by LealP Explorer in Splunk Search 05-17-2023 0 1	0	1
Splunk enterprise sizing with ES Hello everybody, I am sizing hardware for splunk enterprise and enterprise security solution. We are designing that f... by hariskhan Explorer in Splunk Search 05-16-2023 0 6	0	6
Using stats count by to query the number of policies? Hello, I am trying to figured out how I could list a report by showing the total number of policies in my query. I h... by soulmaker24 Engager in Splunk Search 05-16-2023 0 2	0	2
How to extract a field with double quote? I am new to splunk, I have event like below, the URL value has two double quote, when I extract the URL value, it alw... by sandra_ginger Engager in Splunk Search 05-16-2023 0 2	0	2
How to give a default value to an calculated in tag in my XML dashboard? My input tag looks like this </input> <input type="multiselect" token="fruit_name"> <label>Fruit name</... by piece Explorer in Splunk Search 05-16-2023 0 1	0	1
How to pull multiple fields from one field in Splunk? Example field value in "Field1" Test1: Successful Test2: 200 Type: Http; Auth: ** URL: abc.com..... IP--Address: xx.x... by harryhcg Explorer in Splunk Search 05-16-2023 0 1	0	1