Splunk Search

Community Activity

How to view tools.csv file? Hi There, I am currently looking at a search within Splunk Security Essentials (Concentration of Attacker Tools by Fi... by jamie1 Communicator in Splunk Search 05-19-2023 0 2	0	2
How to find max(_time) for sourcetypes & host by sourcetype host? I found the following search to identify Missing / New sourcetypes and made a few changes.I am getting data and my ne... by sjringo Contributor in Splunk Search 05-19-2023 0 4	0	4
How to search based on embedded search and partial string matching? Hello, Not sure if something similar has been posted but what i'm trying to do is a partial match of all the ids in o... by silence09 Engager in Splunk Search 05-19-2023 0 5	0	5
Is it possible to alternate colors and values for bar chart on weekly basis? Hi all, I want to ask if it's even possible to somehow alternate the values in stacked bar chart, that one week the f... by verothor Path Finder in Splunk Search 05-19-2023 0 4	0	4
How to calculate SLA? my query below (Index=x source=xtype valid) or (index=y source= ytype passed) \| eval which=if(match(_raw, " valid"),... by Sekhar Explorer in Splunk Search 05-19-2023 0 2	0	2
How to merge two panels into one panel in a single row in simple xml dashboard? Hi Team, We have dashboard which will contains the daily job related information. In that we have two panels like bel... by Renunaren Loves-to-Learn Everything in Splunk Search 05-18-2023 0 1	0	1
Upgrading Splunk 8.0.x to 9.0.x I currently have a Heavy Forwarder that forwards logs to Splunk Cloud but the heavy forwarder version is at version ... by splunkcol Builder in Splunk Search 05-18-2023 0 1	0	1
Does the Elasticsplunk app no longer exist? Hello, I have noticed that the Elasticsplunk app no longer exists https://splunkbase.splunk.com/app/3493 I do not kno... by splunkcol Builder in Splunk Search 05-18-2023 0 2	0	2
How to do something like if two of more of ( s1,s2,s3 ) in URL, and symbol count > 2 in url? .... url = "abc-jjjj-j-xyz.exmaple.come"\|eval s1 = abc\|eval s2 = efg\|eval s3 = xyz\|eval symbol ="-" how do i do somet... by bluewizard Explorer in Splunk Search 05-18-2023 0 3	0	3
How to count after rex multivalue? Hi, I am doing rex on a field that looks like this (showing multiple events below) a#1\|b#30\|c#6\|d#9 b#5\|d#7\|e#5\|f#4 a... by kp3343 Engager in Splunk Search 05-18-2023 0 1	0	1
How to combine results of inputlookup and a search to a table? I want to search from a lookup table, get a field, and compare it to a search and pull the fields from that search ba... by tcpcannon Loves-to-Learn Lots in Splunk Search 05-18-2023 0 0	0	0
How can I search for the alerts usecase? Hi, Need a search for the below usecase Search for alert_type=ufa and alert_name=" suspicious Downloads"Please incl... by AL3Z Builder in Splunk Search 05-18-2023 0 1	0	1
How to upload updated lookup CSV to Splunk Cloud using REST API WITHOUT using the UI? We're heavy SplunkCloud users and have run into a roadblock. We have a lookup CSV file that needs to be updated dail... by gkiffney Engager in Splunk Search 05-18-2023 9 8	9	8
How to timechart percent values generated by top command? I'm using a pretty straightforward query to see how many unique HTTP status codes are thrown from an IIS server durin... by beetlegeuse Path Finder in Splunk Search 05-18-2023 0 4	0	4
How to obtain the user account from a user SID ? Hi,I am creating a query to identify users connected to our Exchange on-prem servers using Microsoft Modern Authentic... by corti77 Contributor in Splunk Search 05-18-2023 0 7	0	7
How to search for records between respective timezones? We have logs from multiple region, but only want to report those between respective regions working hours.Created fol... by ran_deep New Member in Splunk Search 05-18-2023 0 1	0	1
How to create column from below output? Hi Team, Am using below query and wanted to create table out of raw data splunk query - index=* ("Exception occurred... by bhaskar5428 Explorer in Splunk Search 05-18-2023 0 9	0	9
How to pick dynamic date value and add as filter in query? HI Team, I am posting only part of the query to avoid confusion. the sourcetype logs data for past 10 days everyday... by Siri9996 Engager in Splunk Search 05-18-2023 0 7	0	7
Data Onboarding line break at empty lines Hi.. Spent some one or two hrs, but no luck, hence posting here.. the sample logs:1.1.1. test log a 1.1.1. test log a... by inventsekar SplunkTrust in Splunk Search 05-17-2023 0 3	0	3
Why am I receiving ModuleNotFoundError with custom module? I'm trying to use a Python script with a custom module for a external lookup on Splunk. When running/opt/splunk/bin/s... by newrose Explorer in Splunk Search 05-17-2023 0 5	0	5
How to compare data values with current date value? Hi I have some data events with Date value How to create splunk search if value of MAX_POSITION_DATE for TABLE2 SHO... by sekhar463 Path Finder in Splunk Search 05-17-2023 0 8	0	8
How to use token with a field created with "eval"? So i am trying to link this to a token from another panel but since "message_id" is a created field, it doesn't work.... by Goldenfit Explorer in Splunk Search 05-17-2023 0 4	0	4
Why is strptime() eval not working? I'm trying to evaluate the date string to a time format sing the strptime()the format I have is: Tue_Oct_25_03:57:49... by dtibi Explorer in Splunk Search 05-17-2023 0 9	0	9
inputlookup - How to search through all lookup fields Hi, Splunkers! Looking for easy way to get results from any lookup table like it might be: \| inputlookup mylookup \|... by evelenke Contributor in Splunk Search 05-17-2023 0 8	0	8
How to filter fields for specific user from a index? let's say i have 1 index and we have multiple users, i want to assign a role so that user A can only view 5 interesti... by happylearning Loves-to-Learn in Splunk Search 05-17-2023 0 2	0	2