Splunk Search

Community Activity

	No Results Searching Authentication.signature Hello,I'm trying to search in the Authentication data model for authentication attempts where the username is wrong. ... by security_mike Explorer in Splunk Search 04-03-2023 0 1	0	1
	How to create a look up table with "*&&" or "any" field? Hi I am trying to whitelist some traffic from my search. So I decided to create a look up table including src ip, dst... by Erfan Explorer in Splunk Search 04-03-2023 0 7	0	7
	How do I make a dropdown dashboard? Hi There, I had a dashboard that is having a pop up, when the single value is selected, it will display the drop d... by smanojkumar Contributor in Splunk Search 04-03-2023 0 3	0	3
	How to represent good visualization with the following fields? How to represent good visualization with the following fields DeviceID, Software Version (Eg 1.22.2222.34) , Software... by kirthika26 Explorer in Splunk Search 04-03-2023 0 8	0	8
	How to write SPL for DLP alert use case using eval in Splunk ES? Hi,Could anyone over here able to write an spl query for usecase in splunk ES like when single user triggers alert s... by AL3Z Builder in Splunk Search 04-03-2023 0 0	0	0
	Issue with field extraction using Props.conf & transforms.conf Hello,I have some issues with field extraction using props.conf and transforms.conf files. Sample data (3 sample even... by SplunkDash Motivator in Splunk Search 04-02-2023 0 5	0	5
	Moving the lookup table from One SH to another SH? Hi, I have created a dynamic lookup table in one of the search head using a search ,now i want it to move to anothe... by AL3Z Builder in Splunk Search 04-02-2023 0 1	0	1
	How to use the condition stanza in this spl query? Hi, I'm trying to find the alerts by user between the period of 2 hours like Alert1,Alert2 Here I need a spl query fo... by AL3Z Builder in Splunk Search 04-02-2023 0 10	0	10
	How to accumulate a numerical field of a multivalue object based on other field? I have many event with the following format: EVENT 1 {<!-- --> 'colors': [ {'color': 'red', 'appearances': 3}, ... by gorkazabarte New Member in Splunk Search 04-01-2023 0 2	0	2
	How to split a field into multiple fields? Hi. Lets say there are fields named "raw". The values are like this. http-header1=value1\|http-header2=value2.. Number... by Minarai Explorer in Splunk Search 04-01-2023 0 8	0	8
	How to extract field by different field values in nested JSON? I have some JSON (raw event) like below, this is one event: {<!-- --> "place": "bar", "stock": [ ... by letmein Engager in Splunk Search 04-01-2023 0 7	0	7
	Cannot use Var stats function within Eval Hi,I have the following query:\| tstats count where index=dns earliest=-90d latest=now() groupby _time span=1d\| fields... by POR160893 Builder in Splunk Search 03-31-2023 0 1	0	1
	Exclude Splunk's own audit trail log in search results? HI,I am new to Splunk. If criteria is met, I notice my search results include my previous searches stored in Splunk's... by az365 Engager in Splunk Search 03-31-2023 0 1	0	1
	How to find Fieldnames which have some strings If there are events like these.And I want to find Fieldnames which have "abc"Event 1 File : abcdefgURL : 1232323232.... by zegg Engager in Splunk Search 03-31-2023 0 1	0	1
	How to name with statistic/visualization? I am new to Splunk and I wanted to make a dashboard to showcase the count of Linux machines and their distributions i... by jialiu907 Path Finder in Splunk Search 03-31-2023 0 1	0	1
	How to exclude private ip address range from results? How to modify the below query to exclude private ip address range from source IPs (src_ip) ? index=cisco eventtype=c... by damode Motivator in Splunk Search 03-31-2023 0 3	0	3
	Is there a function to check if field is an ip address or hostname? I have a field to evaluate if the value of the field is an IP address or a hostname. if it is an IP address do someth... by brdr Contributor in Splunk Search 03-31-2023 0 4	0	4
	How to remove repeating fields in column1 and match the values of that column1 with column2 & column3? Column1 column2 column3 abc 1 def ... by sreelakshmi Engager in Splunk Search 03-31-2023 0 3	0	3
	How extract field and value using rex? 29-Mar-2023 04:56:35:PM: \|CPU Utilization % Average ------- 11 Expected result:11 by karthi2809 Builder in Splunk Search 03-30-2023 0 3	0	3
	How can I build a use case scenario for MFA login attempts from unauthorized IPs? Hey ya, Good day!!! Trying a built a use case scenario for MFA login attempts from unauthorized IPs. Looking out here... by KSPriya Explorer in Splunk Search 03-30-2023 0 1	0	1
	Using IN with lookup table? Is something like this possible? index=main sourcetype=iis host IN (\| inputlookup serverlistA.csv) I think the... by MScottFoley Path Finder in Splunk Search 03-30-2023 0 3	0	3
	Applying multiple regex to different fields (match_type REGEX for lookups)? Hi,we have a Data Model based search that we filter based on a lookup (with match_type WILDCARD) that matches differe... by wiederkehrc Explorer in Splunk Search 03-30-2023 0 3	0	3
	How to extract name of the job from the raw text? Hi Team, Below is the raw text that has been received into our splunk portal. It has a field called name of the job. ... by Renunaren Loves-to-Learn Everything in Splunk Search 03-30-2023 0 3	0	3
	How to write Splunk query to extract a field from raw data? Hi, I am trying to find a query to extract specific code from the raw splunk data. Below is the raw content. raw: [... by rajs115 Path Finder in Splunk Search 03-30-2023 0 2	0	2
	Finding Events That Occur A Minimum Number of Times per Month Hi folks, I'm analysing Cisco CallManager telephone call details records that have been ingested to Splunk. I need t... by lboro_garyp Path Finder in Splunk Search 03-30-2023 0 4	0	4