Splunk Search

Community Activity

	What is the correct filter to find persistence in Windows registry? Hi I'm investigating Windows log in Splunk, struggling to apply the correct filter. What filter do I need to apply t... by tonyfer Observer in Splunk Search 05-13-2023 0 3	0	3
	How to use two related tokens to create as two conditions? Hi all, I need to provide 2 fitlers, one for item_id and the other one for item_folder_name. The user will enter item... by Jouman Path Finder in Splunk Search 05-12-2023 0 6	0	6
	How can I display the 10 event entries prior to and post a specified keyword search? Hi, In the logs file, we are capturing java error is multiple entries, so in order for me to see the entire error set... by Steve_A200 Path Finder in Splunk Search 05-12-2023 0 4	0	4
	How to split a field into two different fields using eval in Splunk? I have a field as follows in the logs user="userAbc1 (host1234)" As you can see both the username and hostname fields... by pavanae Builder in Splunk Search 05-12-2023 0 3	0	3
	How to use accum with timechart? Hey, I had a quick question about my splunk search that doesnt work. Im using timechart and was wanting to display th... by Abass42 Communicator in Splunk Search 05-12-2023 0 2	0	2
	CPU Usage Alert not working We have the following alert to check if the CPU is >=85 and alert us for some reason its not working, it worked till ... by praneethlekkala Path Finder in Splunk Search 05-12-2023 0 1	0	1
	Help on Spl query - dashboard Studio How do i edit the below append command into my real time environment The below source are obtain from Splunk Dasboard... by jaibalaraman Path Finder in Splunk Search 05-12-2023 0 5	0	5
	How to write query to get count of total volume and system errors in a single query Hi All,we have a scenario to throw an alert if System error rate exceeds 5% i.e. (#system errors / #total volume)*1... by GaneshAryan New Member in Splunk Search 05-12-2023 0 2	0	2
	filter text using rex i can't extract the exact text using rex command . e.gUser: This is my user Name\n This is just some random texti w... by nwayoonyanmin Engager in Splunk Search 05-12-2023 0 7	0	7
	How to use token in tag? Hi, I have a dashboard with table and some columns with colorPalette and scale I'd like to set dynamically the range ... by mxh7777 Path Finder in Splunk Search 05-11-2023 0 2	0	2
	Field name and value to another Field name with different value Hello All,We have a extracted field (example field name "Field1) with multiple value such as YYN, YNN, NYN etc.Based ... by kyi Explorer in Splunk Search 05-11-2023 0 4	0	4
	How do I check any record of a ip address? index=* "23.216.147.64" Above is my filter, I'm trying to get all the records of that IP address; is this filter co... by tonyfer Observer in Splunk Search 05-11-2023 0 5	0	5
	Cloudflare Log Ingestion Using Cloudflare TA Hello,We need to ingest Cloudflare logs using the Cloudflare TA. Do you have any recommendation on how we proceed wit... by SplunkDash Motivator in Splunk Search 05-11-2023 0 0	0	0
	How to parse json data event into table format? Need splunk query to parse json Data into table format. raw data/event in splunk: <158>May 09 04:33:46 detailedSwitch... by Abhineet Loves-to-Learn Everything in Splunk Search 05-11-2023 0 5	0	5
	How to identify windows registry key use for persistence? Hi I'm trying to identify the registry key use for persistence, what filter do I need to apply apply? index=* Tha... by TAOFernandes Engager in Splunk Search 05-11-2023 0 3	0	3
	How to create a table from JSON? Hi, Can someone please help me to build a table using following JSON My search results as follows { [-] doc... by Karanreddy Engager in Splunk Search 05-11-2023 0 2	0	2
	How can I inject all rex field events from 1st search to 2nd search? I am planning to build a dashboard where all the extracted traceId # are collected and injected to another search cri... by mikeyty07 Communicator in Splunk Search 05-11-2023 0 3	0	3
	How to use macros to search data and persist data? I'm creating a bunch of status dashboards where I need to search for a specific set of hosts and persist a result (ad... by jamin358 Explorer in Splunk Search 05-11-2023 0 3	0	3
	How to exclude results from joined subsearches if the field value appears in a 3rd sourcetype? Hi All, I ran into a tricky one and can’t wrap my head around it (or if it is even possible). The use case is as fol... by Splunk2095 Engager in Splunk Search 05-11-2023 0 6	0	6
	How to combine like events based off hostname? I have events that where hostnames show up more than once and I would like to combine them. The fields available are... by atebysandwich Path Finder in Splunk Search 05-11-2023 0 1	0	1
	How to achieve Splunk Dashboard text filter? I have a splunk dashboard that looks like below, And i have added the text filter. But when i try to search of the ... by CodingMaestro Path Finder in Splunk Search 05-11-2023 0 6	0	6
	How can I return events with excluded field value combined with all events that have no value for that field? Hello all. I've been having some trouble with a tricky query. Essentially, I want to return all events that contain a... by foxglove Engager in Splunk Search 05-11-2023 0 3	0	3
	How to calculate sum of the two count values? I am using above splunk query stats count by BankType. I am getting result as SBI 27 AXIS 15 CITI 12. but ... by ABHAYA Path Finder in Splunk Search 05-11-2023 0 1	0	1
	How to add dynamic value in search query? I have created a post curl to add data in Splunk, internally my api hits Splunk api and in that api I send data in bo... by s0k0 Observer in Splunk Search 05-11-2023 0 7	0	7
	How to fix issue with parsing events (log files)? Hey, I have issues with parsing events, multiple events/records (raw data) are within the same event. Sample data and... by SplunkDash Motivator in Splunk Search 05-11-2023 0 10	0	10