Splunk Search

Community Activity

How do I evaluate on column in space and tab delimited logs? Hello all. I have a log file that looks like this; PROCESS UP STATUS RESTARTS AGEPROCESS1 2/2 Running 0 6d19hPROCES... by HelloItsMe76 Explorer in Splunk Search 05-22-2023 0 3	0	3
How extract data model fields using REST search? I'm trying to at least initially to get a list of fields for each of the Splunk CIM data models by using a REST searc... by Runals Motivator in Splunk Search 05-22-2023 3 3	3	3
What is the fastest way to use a lookup (or match records against a secondary source)? I have index with json data that represents call data (phone calls), but there is nothing native in the index that re... by loganramirez Path Finder in Splunk Search 05-22-2023 0 3	0	3
Why is data is got getting indexed when we are adding csv file from add data under settings? Hi,data is got getting indexed when we are adding csv file from add data under settings .. its events count is showin... by SharmaS2 Explorer in Splunk Search 05-22-2023 0 5	0	5
Upgrade Splunk Enterprise from 8.x to 9.x We are currently required to upgrade our Splunk environment from version 8.2.4 to version 9.x, and we are concerned a... by Amirahussein Path Finder in Splunk Search 05-22-2023 0 1	0	1
How to configure alert when a service is in failed state in a centos server? We have configured some program to run as a service in Unix server. I want to configure an alert in Splunk that when... by londonColney Loves-to-Learn in Splunk Search 05-21-2023 0 0	0	0
How to search for disk usage greater than 70 percent for 10 mins? I wanted to know how we can construct a search query for a service which is running on a centOS server and the utiliz... by londonColney Loves-to-Learn in Splunk Search 05-21-2023 0 2	0	2
Help on SPL for Lateral Movement? Hello Folks, I am new with Splunk. I am looking to build a query to detect lateral movement using Windows Service cre... by john-doe Engager in Splunk Search 05-20-2023 0 3	0	3
How retrieve search results via Splunk API? I recently enabled Splunk tokens (using SAML authentication) and am able to successfully execute basic API calls (suc... by qcjacobo2577 Path Finder in Splunk Search 05-19-2023 0 1	0	1
How to have all of the CLTW workstations to be summed up as 1 count and so forth for the other locations? I am having trouble with using the time chart command effectively to make count of all workstations and with them bro... by jialiu907 Path Finder in Splunk Search 05-19-2023 0 9	0	9
Why are streamstats reset_after for streamstats aggregation not working? Hello,I am trying to use Streamstats with Sum(value) and I want to reset that sum after it reaches a certain threshol... by patientsplunker Loves-to-Learn Everything in Splunk Search 05-19-2023 0 12	0	12
Why did the search job terminat unexpectedly? We have a job which is getting terminated intermittently , even though when this search gets executed successfully it... by VK_27 Loves-to-Learn in Splunk Search 05-19-2023 0 2	0	2
How to view tools.csv file? Hi There, I am currently looking at a search within Splunk Security Essentials (Concentration of Attacker Tools by Fi... by jamie1 Communicator in Splunk Search 05-19-2023 0 2	0	2
How to find max(_time) for sourcetypes & host by sourcetype host? I found the following search to identify Missing / New sourcetypes and made a few changes.I am getting data and my ne... by sjringo Contributor in Splunk Search 05-19-2023 0 4	0	4
How to search based on embedded search and partial string matching? Hello, Not sure if something similar has been posted but what i'm trying to do is a partial match of all the ids in o... by silence09 Engager in Splunk Search 05-19-2023 0 5	0	5
Is it possible to alternate colors and values for bar chart on weekly basis? Hi all, I want to ask if it's even possible to somehow alternate the values in stacked bar chart, that one week the f... by verothor Path Finder in Splunk Search 05-19-2023 0 4	0	4
How to calculate SLA? my query below (Index=x source=xtype valid) or (index=y source= ytype passed) \| eval which=if(match(_raw, " valid"),... by Sekhar Explorer in Splunk Search 05-19-2023 0 2	0	2
How to merge two panels into one panel in a single row in simple xml dashboard? Hi Team, We have dashboard which will contains the daily job related information. In that we have two panels like bel... by Renunaren Loves-to-Learn Everything in Splunk Search 05-18-2023 0 1	0	1
Upgrading Splunk 8.0.x to 9.0.x I currently have a Heavy Forwarder that forwards logs to Splunk Cloud but the heavy forwarder version is at version ... by splunkcol Builder in Splunk Search 05-18-2023 0 1	0	1
Does the Elasticsplunk app no longer exist? Hello, I have noticed that the Elasticsplunk app no longer exists https://splunkbase.splunk.com/app/3493 I do not kno... by splunkcol Builder in Splunk Search 05-18-2023 0 2	0	2
How to do something like if two of more of ( s1,s2,s3 ) in URL, and symbol count > 2 in url? .... url = "abc-jjjj-j-xyz.exmaple.come"\|eval s1 = abc\|eval s2 = efg\|eval s3 = xyz\|eval symbol ="-" how do i do somet... by bluewizard Explorer in Splunk Search 05-18-2023 0 3	0	3
How to count after rex multivalue? Hi, I am doing rex on a field that looks like this (showing multiple events below) a#1\|b#30\|c#6\|d#9 b#5\|d#7\|e#5\|f#4 a... by kp3343 Engager in Splunk Search 05-18-2023 0 1	0	1
How to combine results of inputlookup and a search to a table? I want to search from a lookup table, get a field, and compare it to a search and pull the fields from that search ba... by tcpcannon Loves-to-Learn Lots in Splunk Search 05-18-2023 0 0	0	0
How can I search for the alerts usecase? Hi, Need a search for the below usecase Search for alert_type=ufa and alert_name=" suspicious Downloads"Please incl... by Raj Builder in Splunk Search 05-18-2023 0 1	0	1
How to upload updated lookup CSV to Splunk Cloud using REST API WITHOUT using the UI? We're heavy SplunkCloud users and have run into a roadblock. We have a lookup CSV file that needs to be updated dail... by gkiffney Engager in Splunk Search 05-18-2023 9 8	9	8