Splunk Search

Community Activity

Search in logs if value appeared before? Hello, Good Day!I have mail logs and I need to check if sender appeared before in last 30 days.I have issues with wri... by suspense Explorer in Splunk Search 03-20-2023 0 3	0	3
Why is mvexpand not extracting all key/value pairs? I am trying to expand multiple fields from specific log lines using mvexpand but for some strange reason some fields ... by jmartens Path Finder in Splunk Search 03-20-2023 0 4	0	4
Splunk search to extract key value pair? Hi, I have injected NATS stream details in json format to the splunk and it look below. Wanted to extract key value p... by drogo Explorer in Splunk Search 03-19-2023 0 6	0	6
How to search two strings and create a message in email body? Hi Team, I am trying to search <string1> and <String2> from different lines in same log having 100 lines, if both mat... by sandeepparcha44 Explorer in Splunk Search 03-19-2023 0 6	0	6
Getting data from referenced sources if no data found in selected source? Hi all,I want to get data from an xml file from a selected source ( eg: Source_A, Source_B, ...). When there is no da... by boxmetal Path Finder in Splunk Search 03-19-2023 0 1	0	1
How to group by two or many fields fields? Hi, Here is my Data in 2 logs having 3 fields: Log1: Books Bought AccountName={} , BookIds={} (here BookId can contai... by sshubh Explorer in Splunk Search 03-18-2023 0 5	0	5
How do I rehydrate a sparkline from a lookup? Sometimes I run a really complex query and accumulate results in a lookup table. I recently tried doing this and inc... by MonkeyK Builder in Splunk Search 03-18-2023 0 2	0	2
Why is regex working in search but not when used from props/transforms? We have some logs coming in the following format. ERROR \| 2023-03-16 01:27:14 EDT \| field1=field1_value \| field2=f... by att35 Builder in Splunk Search 03-18-2023 0 11	0	11
SEDCMD not working on Heavy forwarder and Http Event Collect? Hello, I have data collected through a Splunk HEC on a Heavy Forwarder. The data has this structure: 2023-03-16T16:59... by clorne Communicator in Splunk Search 03-18-2023 0 8	0	8
Find earliest time of when the process starts using streamstats? Hi, I have a particular service which we triggered occasionally and I would like to know the earliest time of every t... by k31453 Explorer in Splunk Search 03-18-2023 0 1	0	1
Upgrade path to upgrade Splunk Enterprise? Hello team. Is there an upgrade path to upgrade Splunk on my heavy forwarders? Or is it just a matter of installing t... by dionrivera Communicator in Splunk Search 03-17-2023 0 3	0	3
Sort command causing lost records? I have a very simple search and when I add the sort command i lose almost 90% of my actual results. index="featu... by buttsurfer Path Finder in Splunk Search 03-17-2023 0 6	0	6
Combine Like Fields from Sourcetypes in the Same Index I have two sourcetypes from the same index, both in JSON formatting. One contains hosts and vulnerability scan data ... by atebysandwich Path Finder in Splunk Search 03-17-2023 0 2	0	2
Is there a way to know which fields were extracted at index-time vs search-time? Hello, Is there a way to know which fields were extracted at index-time vs search-time? Is there a search to run or ... by pduflot Path Finder in Splunk Search 03-17-2023 4 9	4	9
How to check 10 days prior to an event in Splunk for a failed login attempt? I have a search in Splunk that returns events for failed logins. I want to be able to check for a successful authenti... by MM0071 Path Finder in Splunk Search 03-17-2023 0 1	0	1
Can you display a panel after clicking on a single-value panel? I have a single-value panel. Is it possible to display another panel only after clicking on the single-value one? by buttsurfer Path Finder in Splunk Search 03-17-2023 0 1	0	1
How to condition match set tokens on input? Hi,I seem to be having a mental block which maybe someone can help with. I have an input dropdown which runs a query ... by mcaulsc Path Finder in Splunk Search 03-17-2023 0 2	0	2
How to search dynamic field in Splunk? Hi, I have a lookup table where column names are with weekdays (like monday, tuesday, wednesday,...) and have possibl... by sbhatnagar88 Path Finder in Splunk Search 03-17-2023 0 3	0	3
How to reduce number of joins? Hello Splunkers!! As per the below search you can see we have used join commands to get the results from same index &... by uagraw01 Motivator in Splunk Search 03-17-2023 0 4	0	4
How to write a search based on Unique Ids considering multi-line to a single line? Hi Splunk Experts, I've logs where users activites are tracked based on a unique identifiers, I want to display the l... by Thulasinathan_M Contributor in Splunk Search 03-17-2023 0 7	0	7
Is it possible to do an in-line conditional field extraction? Hello, Is it possible to do conditional In Line field extraction in SPLUNK for the following sample data: Sample Data... by SplunkDash Motivator in Splunk Search 03-16-2023 0 5	0	5
How to accelerate the time is takes request to generate result? Hi! My request take much time to generate the result, how can i accelerate it \| mpreview index=ciusss_vitals_linux_me... by chimell1 Explorer in Splunk Search 03-16-2023 0 1	0	1
How to "Bucket" Certain Field Values into a new Field? I have a lookup of vulnerability scan data that includes fields such as hostname, IP, OS, CVEs, etc. I would like to ... by atebysandwich Path Finder in Splunk Search 03-16-2023 0 1	0	1
How to compare two most recent events? Hello, a search is retrieving following results order by event date Date value 2... by rora8181 Loves-to-Learn in Splunk Search 03-16-2023 0 1	0	1
Help with creating table Hello All -I'm fairly new to Splunk and I've been racking my head for the past 8 hours trying to create a table for c... by Pip9ball Explorer in Splunk Search 03-16-2023 0 2	0	2