Splunk Search

Community Activity

	How can I see still results from both sourcetypes but only from hosts which have cvs score above 7? Hello, Syntax: index=security sourcetype=EDR:* \| eval dest=coalesce(ip,ipaddress) \| stats values(sourcetype) val... by suspense Explorer in Splunk Search 04-04-2023 0 7	0	7
	How to use eval to find the usecase? Hi,Could any one able to write the query for the use case if user triggers both alerts (alert_name="pdm" AND alert_... by Raj Builder in Splunk Search 04-04-2023 0 14	0	14
	How do I write this search to find these 2 fields with the lookup hostname? Hi, I need your suggestion here. Please guide me I have a lookup file with list of hosts. I need to compare it with s... by RanjiRaje Explorer in Splunk Search 04-03-2023 0 5	0	5
	How to add count and percent to pie chart? By default, only labels are displayed on pie chart when using top command.Is there any way to add count and percent t... by Minarai Explorer in Splunk Search 04-03-2023 0 1	0	1
	How to increase subsearch limit? I am trying to run a query like below but I am limited to 10000 sub search result. Is there a way to make this query ... by Vivekmishra01 Explorer in Splunk Search 04-03-2023 0 10	0	10
	How to add date range to dashboard panel title so that the date range in the title and search time both are same? Hi Team, We have a splunk dashboard panel which has a requirement that is. The dashboard panel has a title which ne... by Renunaren Loves-to-Learn Everything in Splunk Search 04-03-2023 0 3	0	3
	No Results Searching Authentication.signature Hello,I'm trying to search in the Authentication data model for authentication attempts where the username is wrong. ... by security_mike Explorer in Splunk Search 04-03-2023 0 1	0	1
	How to create a look up table with "*&&" or "any" field? Hi I am trying to whitelist some traffic from my search. So I decided to create a look up table including src ip, dst... by Erfan Explorer in Splunk Search 04-03-2023 0 7	0	7
	How do I make a dropdown dashboard? Hi There, I had a dashboard that is having a pop up, when the single value is selected, it will display the drop d... by smanojkumar Contributor in Splunk Search 04-03-2023 0 3	0	3
	How to represent good visualization with the following fields? How to represent good visualization with the following fields DeviceID, Software Version (Eg 1.22.2222.34) , Software... by kirthika26 Explorer in Splunk Search 04-03-2023 0 8	0	8
	How to write SPL for DLP alert use case using eval in Splunk ES? Hi,Could anyone over here able to write an spl query for usecase in splunk ES like when single user triggers alert s... by Raj Builder in Splunk Search 04-03-2023 0 0	0	0
	Issue with field extraction using Props.conf & transforms.conf Hello,I have some issues with field extraction using props.conf and transforms.conf files. Sample data (3 sample even... by SplunkDash Motivator in Splunk Search 04-02-2023 0 5	0	5
	Moving the lookup table from One SH to another SH? Hi, I have created a dynamic lookup table in one of the search head using a search ,now i want it to move to anothe... by Raj Builder in Splunk Search 04-02-2023 0 1	0	1
	How to use the condition stanza in this spl query? Hi, I'm trying to find the alerts by user between the period of 2 hours like Alert1,Alert2 Here I need a spl query fo... by Raj Builder in Splunk Search 04-02-2023 0 10	0	10
	How to accumulate a numerical field of a multivalue object based on other field? I have many event with the following format: EVENT 1 {<!-- --> 'colors': [ {'color': 'red', 'appearances': 3}, ... by gorkazabarte New Member in Splunk Search 04-01-2023 0 2	0	2
	How to split a field into multiple fields? Hi. Lets say there are fields named "raw". The values are like this. http-header1=value1\|http-header2=value2.. Number... by Minarai Explorer in Splunk Search 04-01-2023 0 8	0	8
	How to extract field by different field values in nested JSON? I have some JSON (raw event) like below, this is one event: {<!-- --> "place": "bar", "stock": [ ... by letmein Engager in Splunk Search 04-01-2023 0 7	0	7
	Cannot use Var stats function within Eval Hi,I have the following query:\| tstats count where index=dns earliest=-90d latest=now() groupby _time span=1d\| fields... by POR160893 Builder in Splunk Search 03-31-2023 0 1	0	1
	Exclude Splunk's own audit trail log in search results? HI,I am new to Splunk. If criteria is met, I notice my search results include my previous searches stored in Splunk's... by az365 Engager in Splunk Search 03-31-2023 0 1	0	1
	How to find Fieldnames which have some strings If there are events like these.And I want to find Fieldnames which have "abc"Event 1 File : abcdefgURL : 1232323232.... by zegg Engager in Splunk Search 03-31-2023 0 1	0	1
	How to name with statistic/visualization? I am new to Splunk and I wanted to make a dashboard to showcase the count of Linux machines and their distributions i... by jialiu907 Path Finder in Splunk Search 03-31-2023 0 1	0	1
	How to exclude private ip address range from results? How to modify the below query to exclude private ip address range from source IPs (src_ip) ? index=cisco eventtype=c... by damode Motivator in Splunk Search 03-31-2023 0 3	0	3
	Is there a function to check if field is an ip address or hostname? I have a field to evaluate if the value of the field is an IP address or a hostname. if it is an IP address do someth... by brdr Contributor in Splunk Search 03-31-2023 0 4	0	4
	How to remove repeating fields in column1 and match the values of that column1 with column2 & column3? Column1 column2 column3 abc 1 def ... by sreelakshmi Engager in Splunk Search 03-31-2023 0 3	0	3
	How extract field and value using rex? 29-Mar-2023 04:56:35:PM: \|CPU Utilization % Average ------- 11 Expected result:11 by karthi2809 Builder in Splunk Search 03-30-2023 0 3	0	3