Splunk Search

Community Activity

How to combine results of inputlookup and a search to a table? I want to search from a lookup table, get a field, and compare it to a search and pull the fields from that search ba... by tcpcannon Loves-to-Learn Lots in Splunk Search 05-18-2023 0 0	0	0
How can I search for the alerts usecase? Hi, Need a search for the below usecase Search for alert_type=ufa and alert_name=" suspicious Downloads"Please incl... by AL3Z Builder in Splunk Search 05-18-2023 0 1	0	1
How to upload updated lookup CSV to Splunk Cloud using REST API WITHOUT using the UI? We're heavy SplunkCloud users and have run into a roadblock. We have a lookup CSV file that needs to be updated dail... by gkiffney Engager in Splunk Search 05-18-2023 9 8	9	8
How to timechart percent values generated by top command? I'm using a pretty straightforward query to see how many unique HTTP status codes are thrown from an IIS server durin... by beetlegeuse Path Finder in Splunk Search 05-18-2023 0 4	0	4
How to obtain the user account from a user SID ? Hi,I am creating a query to identify users connected to our Exchange on-prem servers using Microsoft Modern Authentic... by corti77 Contributor in Splunk Search 05-18-2023 0 7	0	7
How to search for records between respective timezones? We have logs from multiple region, but only want to report those between respective regions working hours.Created fol... by ran_deep New Member in Splunk Search 05-18-2023 0 1	0	1
How to create column from below output? Hi Team, Am using below query and wanted to create table out of raw data splunk query - index=* ("Exception occurred... by bhaskar5428 Explorer in Splunk Search 05-18-2023 0 9	0	9
How to pick dynamic date value and add as filter in query? HI Team, I am posting only part of the query to avoid confusion. the sourcetype logs data for past 10 days everyday... by Siri9996 Engager in Splunk Search 05-18-2023 0 7	0	7
Data Onboarding line break at empty lines Hi.. Spent some one or two hrs, but no luck, hence posting here.. the sample logs:1.1.1. test log a 1.1.1. test log a... by inventsekar SplunkTrust in Splunk Search 05-17-2023 0 3	0	3
Why am I receiving ModuleNotFoundError with custom module? I'm trying to use a Python script with a custom module for a external lookup on Splunk. When running/opt/splunk/bin/s... by newrose Explorer in Splunk Search 05-17-2023 0 5	0	5
How to compare data values with current date value? Hi I have some data events with Date value How to create splunk search if value of MAX_POSITION_DATE for TABLE2 SHO... by sekhar463 Path Finder in Splunk Search 05-17-2023 0 8	0	8
How to use token with a field created with "eval"? So i am trying to link this to a token from another panel but since "message_id" is a created field, it doesn't work.... by Goldenfit Explorer in Splunk Search 05-17-2023 0 4	0	4
Why is strptime() eval not working? I'm trying to evaluate the date string to a time format sing the strptime()the format I have is: Tue_Oct_25_03:57:49... by dtibi Explorer in Splunk Search 05-17-2023 0 9	0	9
inputlookup - How to search through all lookup fields Hi, Splunkers! Looking for easy way to get results from any lookup table like it might be: \| inputlookup mylookup \|... by evelenke Contributor in Splunk Search 05-17-2023 0 8	0	8
How to filter fields for specific user from a index? let's say i have 1 index and we have multiple users, i want to assign a role so that user A can only view 5 interesti... by happylearning Loves-to-Learn in Splunk Search 05-17-2023 0 2	0	2
How to make eval now() takes latest time filter? I have a search that makes a decision based on time since an event. \| eval diff = now() - _time and then make so... by jamin358 Explorer in Splunk Search 05-17-2023 0 1	0	1
How to build correlationId (transactionId) search? Hi, Below is an example of my use case: timestampmessageIdcorrelationIdregioncategorytrace17/05/2023 00:001correlatio... by LealP Explorer in Splunk Search 05-17-2023 0 1	0	1
Splunk enterprise sizing with ES Hello everybody, I am sizing hardware for splunk enterprise and enterprise security solution. We are designing that f... by hariskhan Explorer in Splunk Search 05-16-2023 0 6	0	6
Using stats count by to query the number of policies? Hello, I am trying to figured out how I could list a report by showing the total number of policies in my query. I h... by soulmaker24 Engager in Splunk Search 05-16-2023 0 2	0	2
How to extract a field with double quote? I am new to splunk, I have event like below, the URL value has two double quote, when I extract the URL value, it alw... by sandra_ginger Engager in Splunk Search 05-16-2023 0 2	0	2
How to give a default value to an calculated in tag in my XML dashboard? My input tag looks like this </input> <input type="multiselect" token="fruit_name"> <label>Fruit name</... by piece Explorer in Splunk Search 05-16-2023 0 1	0	1
How to pull multiple fields from one field in Splunk? Example field value in "Field1" Test1: Successful Test2: 200 Type: Http; Auth: ** URL: abc.com..... IP--Address: xx.x... by harryhcg Explorer in Splunk Search 05-16-2023 0 1	0	1
How to combine data from indexes with different fields as common results Hi Team, I have 2 indexes with same data.In Index1 data is coming with the fields user, action, http_referrer and In ... by sasankganta Path Finder in Splunk Search 05-16-2023 0 5	0	5
Do we have any query to prepare the log source list onboarded in the Splunk? Hello Team, We have one Splunk environment where we are facing the challenge to prepare the correct onboarding inve... by gkhillare Loves-to-Learn in Splunk Search 05-15-2023 0 1	0	1
Can I have custom time in splunk dashboard panels? I have multiple panels in a dashboard and drop down for time range as well But for one of the panel i want to mention... by mahesh27 Communicator in Splunk Search 05-15-2023 0 1	0	1