Splunk Search

Community Activity

How to search for disk usage greater than 70 percent for 10 mins? I wanted to know how we can construct a search query for a service which is running on a centOS server and the utiliz... by londonColney Loves-to-Learn in Splunk Search 05-21-2023 0 2	0	2
Help on SPL for Lateral Movement? Hello Folks, I am new with Splunk. I am looking to build a query to detect lateral movement using Windows Service cre... by john-doe Engager in Splunk Search 05-20-2023 0 3	0	3
How retrieve search results via Splunk API? I recently enabled Splunk tokens (using SAML authentication) and am able to successfully execute basic API calls (suc... by qcjacobo2577 Path Finder in Splunk Search 05-19-2023 0 1	0	1
How to have all of the CLTW workstations to be summed up as 1 count and so forth for the other locations? I am having trouble with using the time chart command effectively to make count of all workstations and with them bro... by jialiu907 Path Finder in Splunk Search 05-19-2023 0 9	0	9
Why are streamstats reset_after for streamstats aggregation not working? Hello,I am trying to use Streamstats with Sum(value) and I want to reset that sum after it reaches a certain threshol... by patientsplunker Loves-to-Learn Everything in Splunk Search 05-19-2023 0 12	0	12
Why did the search job terminat unexpectedly? We have a job which is getting terminated intermittently , even though when this search gets executed successfully it... by VK_27 Loves-to-Learn in Splunk Search 05-19-2023 0 2	0	2
How to view tools.csv file? Hi There, I am currently looking at a search within Splunk Security Essentials (Concentration of Attacker Tools by Fi... by jamie1 Communicator in Splunk Search 05-19-2023 0 2	0	2
How to find max(_time) for sourcetypes & host by sourcetype host? I found the following search to identify Missing / New sourcetypes and made a few changes.I am getting data and my ne... by sjringo Contributor in Splunk Search 05-19-2023 0 4	0	4
How to search based on embedded search and partial string matching? Hello, Not sure if something similar has been posted but what i'm trying to do is a partial match of all the ids in o... by silence09 Engager in Splunk Search 05-19-2023 0 5	0	5
Is it possible to alternate colors and values for bar chart on weekly basis? Hi all, I want to ask if it's even possible to somehow alternate the values in stacked bar chart, that one week the f... by verothor Path Finder in Splunk Search 05-19-2023 0 4	0	4
How to calculate SLA? my query below (Index=x source=xtype valid) or (index=y source= ytype passed) \| eval which=if(match(_raw, " valid"),... by Sekhar Explorer in Splunk Search 05-19-2023 0 2	0	2
How to merge two panels into one panel in a single row in simple xml dashboard? Hi Team, We have dashboard which will contains the daily job related information. In that we have two panels like bel... by Renunaren Loves-to-Learn Everything in Splunk Search 05-18-2023 0 1	0	1
Upgrading Splunk 8.0.x to 9.0.x I currently have a Heavy Forwarder that forwards logs to Splunk Cloud but the heavy forwarder version is at version ... by splunkcol Builder in Splunk Search 05-18-2023 0 1	0	1
Does the Elasticsplunk app no longer exist? Hello, I have noticed that the Elasticsplunk app no longer exists https://splunkbase.splunk.com/app/3493 I do not kno... by splunkcol Builder in Splunk Search 05-18-2023 0 2	0	2
How to do something like if two of more of ( s1,s2,s3 ) in URL, and symbol count > 2 in url? .... url = "abc-jjjj-j-xyz.exmaple.come"\|eval s1 = abc\|eval s2 = efg\|eval s3 = xyz\|eval symbol ="-" how do i do somet... by bluewizard Explorer in Splunk Search 05-18-2023 0 3	0	3
How to count after rex multivalue? Hi, I am doing rex on a field that looks like this (showing multiple events below) a#1\|b#30\|c#6\|d#9 b#5\|d#7\|e#5\|f#4 a... by kp3343 Engager in Splunk Search 05-18-2023 0 1	0	1
How to combine results of inputlookup and a search to a table? I want to search from a lookup table, get a field, and compare it to a search and pull the fields from that search ba... by tcpcannon Loves-to-Learn Lots in Splunk Search 05-18-2023 0 0	0	0
How can I search for the alerts usecase? Hi, Need a search for the below usecase Search for alert_type=ufa and alert_name=" suspicious Downloads"Please incl... by AL3Z Builder in Splunk Search 05-18-2023 0 1	0	1
How to upload updated lookup CSV to Splunk Cloud using REST API WITHOUT using the UI? We're heavy SplunkCloud users and have run into a roadblock. We have a lookup CSV file that needs to be updated dail... by gkiffney Engager in Splunk Search 05-18-2023 9 8	9	8
How to timechart percent values generated by top command? I'm using a pretty straightforward query to see how many unique HTTP status codes are thrown from an IIS server durin... by beetlegeuse Path Finder in Splunk Search 05-18-2023 0 4	0	4
How to obtain the user account from a user SID ? Hi,I am creating a query to identify users connected to our Exchange on-prem servers using Microsoft Modern Authentic... by corti77 Contributor in Splunk Search 05-18-2023 0 7	0	7
How to search for records between respective timezones? We have logs from multiple region, but only want to report those between respective regions working hours.Created fol... by ran_deep New Member in Splunk Search 05-18-2023 0 1	0	1
How to create column from below output? Hi Team, Am using below query and wanted to create table out of raw data splunk query - index=* ("Exception occurred... by bhaskar5428 Explorer in Splunk Search 05-18-2023 0 9	0	9
How to pick dynamic date value and add as filter in query? HI Team, I am posting only part of the query to avoid confusion. the sourcetype logs data for past 10 days everyday... by Siri9996 Engager in Splunk Search 05-18-2023 0 7	0	7
Data Onboarding line break at empty lines Hi.. Spent some one or two hrs, but no luck, hence posting here.. the sample logs:1.1.1. test log a 1.1.1. test log a... by inventsekar SplunkTrust in Splunk Search 05-17-2023 0 3	0	3