Splunk Search

Community Activity

How to use events from last 30 minutes find duplicates from last 4 hours? Could someone help me with such a query? I am running a scheduled search every 30 minutes which aims to find duplicat... by solaced Explorer in Splunk Search 04-07-2023 0 3	0	3
How to get dc and then sum of field? <search>\| eval vm_unit=case(vmSize="Standard_F16s_v2",2,vmSize="Standard_F8s_v2",1,vmSize="Standard_F4s",0.5,vmSize="... by Sathiya123 Explorer in Splunk Search 04-07-2023 0 18	0	18
特定期間を経過したデータを抽出したい (How to extract data after a certain period of time has passed?) お世話になります。現在、あるログの集計をしております。接続元IPアドレスと、接続日時をキーにして、初回接続日から10日間経過後も接続しているログのみを抽出出来るようにしたいですが、上手く抽出することが出来ません。 ※合計接続日数は... by clio706 Explorer in Splunk Search 04-07-2023 0 3	0	3
集計軸が違う場合にCount数を加工して出力する方法についてお教え下さい (How to process and output the count number when the aggregation axis is different) 集計軸が違う場合にCount数を加工して出力する方法についてお教え下さい。 index「接続情報」のデータ項目は「タイムスタンプ、ユーザ名、接続プロトコル」になります。またデータイメージは下記にタイムスタンプが付加された物になります。... by NgSplunk New Member in Splunk Search 04-07-2023 0 1	0	1
How to achieve timeline visualization of event field over time? Hello, I am trying to use the custom splunk visualisation. I have formatted my search as the following: index=my_i... by James1 New Member in Splunk Search 04-07-2023 0 1	0	1
Subsearch Hi everyone, My post is huge. sorry for that. I need suggestion from you for the query I framed.I have 2 lookup used ... by RanjiRaje Explorer in Splunk Search 04-07-2023 0 2	0	2
How to pass a token in one dashboard that will impact other panel based on values? Hi There, I had a panel "OS", that gives the value os, based on the value of os, if it were "Windows" it should... by smanojkumar Contributor in Splunk Search 04-07-2023 0 8	0	8
Request for information on CPU information app in Splunk Enterprise Security Hi there! I was wondering if there's a specific app available in Splunk Enterprise Security that can provide CPU info... by balu1211 Path Finder in Splunk Search 04-06-2023 0 2	0	2
Can someone help with regex to extract new field? Hello Team, can anyone help me with the extraction of new field input: site: mclaudelinemugasqiln.platinilemu.com:1... by pacifiquen Explorer in Splunk Search 04-06-2023 0 3	0	3
KVStore Lookup Not Returning Results A newly created KVStore collection is not returning matches for a lookup command, despite the fact it's populated. Fo... by Tom_Lundie Contributor in Splunk Search 04-06-2023 0 1	0	1
Help with Regex in transaction endswith Hi all, I try to group events using transaction. Since there are multiple endswith condition, i tried following to m... by stwong Communicator in Splunk Search 04-06-2023 0 6	0	6
How to achieve eval expression using the usecase in Splunk? Hi,I'm trying to write the spl query on usecase like alertname!="pdm" triggerred by user in between like 2 hours... by AL3Z Builder in Splunk Search 04-06-2023 0 4	0	4
Convert stats to JSON I have a user who wants to send a table resulting from \| stats values() to a summary index via the collect command, b... by wpb162 Explorer in Splunk Search 04-06-2023 0 3	0	3
How to create a dashboard of XML file? Hi, I have the following event (XML) in Splunk, how can I create a dashboard of this XML? <JOBAPPLICATION="AFT-DTA"CR... by ns102 Explorer in Splunk Search 04-06-2023 0 5	0	5
How do you prevent the map command from encapsulating the variable in quotes? The quotes can only be seen in the search.log in one of the SearchParser component events. My ultimate goal is to b... by quasikaze Explorer in Splunk Search 04-06-2023 2 9	2	9
How to to sort the date so that my graph is coherent? Hello, thank you in advance for your feedback. I would like to sort the date so that my graph is coherent, can you pl... by numeroinconnu12 Path Finder in Splunk Search 04-06-2023 0 4	0	4
How do I compare lookup field to search and print another field in lookup file? Currently in my logs I am getting the hostname of the users but not their usernames. I created a lookup table that co... by cyrus_thesplunk Engager in Splunk Search 04-06-2023 0 4	0	4
Splunk Forwarder preferred path Hi Splunkers,does anyone have an idea how to configure a preferred path on a Splunk Forwarder?I have 2 datacenters wi... by djluke Path Finder in Splunk Search 04-06-2023 0 3	0	3
How can I multiple search and table data? Hello, I have a below splunk query which gives me response time value extracted from its response. index=my_index ope... by super_edition Path Finder in Splunk Search 04-06-2023 0 2	0	2
Detecting network and port scanning using SPL? Hi, Could anyone help me with this use case as I'm trying to figure out my alert logic scanner use case scanning many... by balu1211 Path Finder in Splunk Search 04-06-2023 0 3	0	3
How extract field using rex? How to extract fields in between \| servername \|Which i am using in rex ^[^\\|\n]*\\|(?P<Server>\w+\.\w+\.\w+\.\w+\s+)Bu... by karthi2809 Builder in Splunk Search 04-05-2023 0 2	0	2
Help with Regex for raw data to create pie chart? I need some help to create a pie chart of songs using this raw data. The command I'm using is this: \|rex (?<track>(... by gemtm Observer in Splunk Search 04-05-2023 0 8	0	8
What search can I use to know if a service had been restart after a certain period of time? hi all, i have this logs which i am interested in know if there is a agent restarted after certain period when the ag... by 7ryota Explorer in Splunk Search 04-05-2023 0 4	0	4
Having Logs at different times? Hi, I have log files coming at different times, but i need to compare logs of same time. 1-----Log1 - file received f... by VijayA Explorer in Splunk Search 04-05-2023 0 2	0	2
What is the best way to spoof run-anywhere fake data for a question? Many people ask questions here that are tricky enough that the only way to get an answer that works is to play around... by woodcock Esteemed Legend in Splunk Search 04-05-2023 3 12	3	12