Splunk Search

Community Activity

How would I value map ip addresses? I have an example data on csv named invent.csv like this: I want to map ip values to host output using lookup usin... by f_666dhn Explorer in Splunk Search 04-19-2023 0 1	0	1
How to write this query in Splunk? This is application insight query which i need to write in splunk , can some one help me please let a=traces\| where c... by Anidy21 Engager in Splunk Search 04-19-2023 0 7	0	7
How can I find results only iff the previous queries returns results? I calculate the requests per second for my application using the following query: method!=GET process="start" \| tim... by yk010123 Path Finder in Splunk Search 04-19-2023 0 1	0	1
Querying log events based on field values nested inside a escaped raw JSON property Hi, I need some help with querying log events based on field values nested inside a escaped raw JSON object property.... by btsr Explorer in Splunk Search 04-19-2023 0 4	0	4
How to reliably use a \| rex command in a dashboard? Hi, I regularly have the problem, that I save searches containing regexes with $ characters to a dashboard where they... by bitnapper Path Finder in Splunk Search 04-19-2023 0 11	0	11
Search Keywords with search button I am currently working on a search dashboard. I have the dashboard created and the search (Submit Button). In this ... by ASR1022 Loves-to-Learn Lots in Splunk Search 04-19-2023 0 4	0	4
VT4Splunk APP correlation with paloalto Hi, I have installed the virustotal add-on for Splunk.When I enter the dashboards that are already pre-built I find t... by splunkcol Builder in Splunk Search 04-19-2023 0 0	0	0
How to whitelist through subsearching with out lookups? So there's ton of documentations of whitelisting through the subsearch approach using lookups, however, is it possibl... by Henesys New Member in Splunk Search 04-19-2023 0 3	0	3
What timeframe do REST API searches use? I need to count the number of times an alert has triggered in a specific time window (say, last 24 hours). I am tryi... by random_event Explorer in Splunk Search 04-19-2023 0 3	0	3
Rex field extraction I have a field called 'description'. I want to be able to extract MD5, SHA1, SHA256 values present in this field.Need... by zacksoft_wf Contributor in Splunk Search 04-19-2023 0 3	0	3
How to search for values greater than 90 days? index=test sourcetype=csv source=prtg.csv host=prtg device=all "Down for"=*\| rename "Down for" AS Downtime\| eval "Dow... by willsy Communicator in Splunk Search 04-19-2023 0 7	0	7
How to replace blank values with "0"? Trying to replace the blank values on my dashboard with 0s. If table is empty, should display 0. On the logs data, it... by harshparikhxlrd Path Finder in Splunk Search 04-18-2023 0 2	0	2
How to handle eval searchmatch with question-mark? Hello Using the below query, I am trying to build a response index=my_index openshift_cluster="cluster009" sourc... by super_edition Path Finder in Splunk Search 04-18-2023 0 2	0	2
How to combine CMDB tables? We have two CMDB tables logs in to Splunk 1. CMDB Business application - Business related info 2. CMDB Rel - Relatio... by navb Loves-to-Learn in Splunk Search 04-18-2023 0 3	0	3
How are strings from an UI-"input" interpreted in another string search? I have the following search string in my chart panel. "Arguments.category{}"= "$TestSuite$" TestSuite is defined by ... by GaryZ Path Finder in Splunk Search 04-18-2023 0 7	0	7
How to extract data from quotation marks? Hello, I am trying to extract the data from the following message:the header data is in quotes and for each header da... by Lazous Engager in Splunk Search 04-18-2023 0 5	0	5
Why is ISNULL functionality not working? I am trying to get the data only when my lastlogon(field name) is Null. but the above query is still giving me data f... by Keerthi Path Finder in Splunk Search 04-18-2023 0 2	0	2
How to count for all hosts from lookup? I have a query that I am using to get the count of events index=system source=/var/log/syslog/* \| rex field=source "... by Skysurfer Explorer in Splunk Search 04-18-2023 0 2	0	2
How to format as percent with 2 decimal places and no rounding? How do you convert .34999832 to 34.99% or .399345 to 39.99% I need to see the .99 and not have it round up by mbtsoltis Explorer in Splunk Search 04-18-2023 0 3	0	3
How to speed up Splunk query that uses appendcols? Hi, I have the following Splunk query:index=ABC sourcetype=DEF dv_assignment_group="SECURITY-NETWORK-L3" \| table _tim... by POR160893 Builder in Splunk Search 04-18-2023 0 3	0	3
Receiving "DISABLED_DUE_TO_GRACE_PERIOD" I have seen many questions about disabled due to licensing violation, but I applied a reset key and now I have this m... by mathewchase Engager in Splunk Search 04-18-2023 1 4	1	4
Is it currently possible to somehow create a conditional macro expansion? Hi all,Is it currently possible to somehow create a conditional macro expansion?For example, I have different list of... by shubs Engager in Splunk Search 04-18-2023 0 2	0	2
How to extract matched data from different index and different source based on the fields? Below two events Start event Index= x source= xtype \| spath application \| search application= x app " saved note" R... by Sekhar Explorer in Splunk Search 04-17-2023 0 3	0	3
How to extract this string? There are two types of raw data. What is the regular expression to get the value between the /* special symbol and th... by chanhee1 Loves-to-Learn Lots in Splunk Search 04-17-2023 0 3	0	3
How to calculate the SLA percentage from start event query and end event query? I have two events one is calculate the SLA percentage from below querys Start event query Index=x source type= xx... by Sekhar Explorer in Splunk Search 04-17-2023 0 12	0	12