Splunk Search

Community Activity

	How to remove weak ciphers? I am trying to pair down the list of ciphers we are using. When I remove AES256-GCM-SHA384 I begin to get the below ... by coreyCLI Communicator in Splunk Search 03-21-2023 0 4	0	4
	How to extract a string from _raw? I have a string like below and unable to extract accuratly with rex command please suggest any alternative way. _raw... by avadhutha Explorer in Splunk Search 03-21-2023 0 2	0	2
	How to extract the fields in json format? I am trying to extract the fields in json format. But not able to fetch the data.PFB screenshot for reference: not a... by vineela Path Finder in Splunk Search 03-21-2023 0 5	0	5
	How to set an alert for high amount of events? Hello Splunkers, I would like to have to set an alert if a sudden high amount of events are received. I have this ba... by norbertt911 Communicator in Splunk Search 03-21-2023 0 7	0	7
	How to calculate average of specific fields? Hi,I am formatting data as required and getting it in below format. Now I want to calculate average of only highlight... by Ashwini008 Builder in Splunk Search 03-21-2023 0 4	0	4
	How to update a lookuptable? So I couldn't find anything in splunk community that answers my question about pushing an update to a lookup table. I... by Abass42 Communicator in Splunk Search 03-20-2023 0 3	0	3
	Bulk-deleting expired search jobs? Hello, We have an application pulling search results from a scheduled search using Splunk API periodically, but encou... by w564432 Explorer in Splunk Search 03-20-2023 0 2	0	2
	How to calculate field to replace value of field? Hello - I have a table with the following:host HOSTFQDNDNS_NAMEHOST_MATCHINDEXhostalphahosta.mydomain.comhostafalsein... by jason_hotchkiss Communicator in Splunk Search 03-20-2023 0 2	0	2
	How to extract field between double quotes using rex? Hi all, I have the following events source_host=lioness1 source_host_description="This is the main server" source_hos... by MaratD Explorer in Splunk Search 03-20-2023 0 7	0	7
	Search same index & source to get total of all & single value for top 10? Individually these searches work: ```#1 sum all values in field repeat_count in all threat logs that are M,H,C severi... by TerryM Engager in Splunk Search 03-20-2023 0 5	0	5
	How to create the Splunk query Search? Hello Splunkers!! I have mentioned below query and from the below query I want a results as shown below in the excel.... by uagraw01 Motivator in Splunk Search 03-20-2023 0 8	0	8
	How to export raw events instead of statistics? Hi,I have a query which gives a table of results. Now instead of exporting the table, I need to export the raw events... by Woodpecker Path Finder in Splunk Search 03-20-2023 0 3	0	3
	Sort X axis based on the value of legends? I want X axis to be follow the same way as legend order. by Kirthika Path Finder in Splunk Search 03-20-2023 0 6	0	6
	Search in logs if value appeared before? Hello, Good Day!I have mail logs and I need to check if sender appeared before in last 30 days.I have issues with wri... by suspense Explorer in Splunk Search 03-20-2023 0 3	0	3
	Why is mvexpand not extracting all key/value pairs? I am trying to expand multiple fields from specific log lines using mvexpand but for some strange reason some fields ... by jmartens Path Finder in Splunk Search 03-20-2023 0 4	0	4
	Splunk search to extract key value pair? Hi, I have injected NATS stream details in json format to the splunk and it look below. Wanted to extract key value p... by drogo Explorer in Splunk Search 03-19-2023 0 6	0	6
	How to search two strings and create a message in email body? Hi Team, I am trying to search <string1> and <String2> from different lines in same log having 100 lines, if both mat... by sandeepparcha44 Explorer in Splunk Search 03-19-2023 0 6	0	6
	Getting data from referenced sources if no data found in selected source? Hi all,I want to get data from an xml file from a selected source ( eg: Source_A, Source_B, ...). When there is no da... by boxmetal Path Finder in Splunk Search 03-19-2023 0 1	0	1
	How to group by two or many fields fields? Hi, Here is my Data in 2 logs having 3 fields: Log1: Books Bought AccountName={} , BookIds={} (here BookId can contai... by sshubh Explorer in Splunk Search 03-18-2023 0 5	0	5
	How do I rehydrate a sparkline from a lookup? Sometimes I run a really complex query and accumulate results in a lookup table. I recently tried doing this and inc... by MonkeyK Builder in Splunk Search 03-18-2023 0 2	0	2
	Why is regex working in search but not when used from props/transforms? We have some logs coming in the following format. ERROR \| 2023-03-16 01:27:14 EDT \| field1=field1_value \| field2=f... by att35 Builder in Splunk Search 03-18-2023 0 11	0	11
	SEDCMD not working on Heavy forwarder and Http Event Collect? Hello, I have data collected through a Splunk HEC on a Heavy Forwarder. The data has this structure: 2023-03-16T16:59... by clorne Communicator in Splunk Search 03-18-2023 0 8	0	8
	Find earliest time of when the process starts using streamstats? Hi, I have a particular service which we triggered occasionally and I would like to know the earliest time of every t... by k31453 Explorer in Splunk Search 03-18-2023 0 1	0	1
	Upgrade path to upgrade Splunk Enterprise? Hello team. Is there an upgrade path to upgrade Splunk on my heavy forwarders? Or is it just a matter of installing t... by dionrivera Communicator in Splunk Search 03-17-2023 0 3	0	3
	Sort command causing lost records? I have a very simple search and when I add the sort command i lose almost 90% of my actual results. index="featu... by buttsurfer Path Finder in Splunk Search 03-17-2023 0 6	0	6