Splunk Search

Community Activity

How to search field in two indexes? how to search value of "Dst_IP" field from "ASA" index to "otx" index "indicator" field and display the scrip" field ... by shashilendraman Explorer in Splunk Search 03-24-2023 1 5	1	5
How to delay with search result when run via Splunk API? Hi, We have a platform where lot of dashboards are populated using splunk searches via splunk api call. All the que... by surabhi New Member in Splunk Search 03-24-2023 0 0	0	0
How to map extracted field name (e.g actual_time) with _time field? Hi SMEs, I have a unique requirement which need one of my extracted filed name = actual_time to be mapped with _time ... by pm2012 Explorer in Splunk Search 03-24-2023 0 1	0	1
How to filter out IPv6 and 169.254.0.0/16 from a multi-value field? How do you filter out IPv6 and internal routed 169.254.0.0/16 from a multi-value field?Data ExampleHOST ... by mag314 Explorer in Splunk Search 03-23-2023 0 1	0	1
How to view creation time logs compare with index time and timestamp? I have some Checkpoint logs (Firewall) that are generating an alert (Data hygiene - events in the future), I would li... by Zarack Engager in Splunk Search 03-23-2023 0 1	0	1
Is there a way to instruct Splunk to not add quotes when passing searches stored in a lookup table to the map command? I am trying to store a list of searches in a lookup table and then pass each search to the map command. \|inputlook... by sjaworski Communicator in Splunk Search 03-23-2023 3 10	3	10
How to rex? I have 2 kind of logs where there are two types of uri which i want to rex into different fields {logType=DOWNSTREAM_... by mikeyty07 Communicator in Splunk Search 03-23-2023 1 4	1	4
Are hidden characters breaking my joins? I am trying to build an Alert for login failures in AWS CloudTrail. In general I have it working -- but my joins are ... by ttovarzoll Path Finder in Splunk Search 03-23-2023 0 3	0	3
How to start a Spunk Docker container via Dockerfile and adding it as a search peer in one bash script? Hello, I am attempting to start a Splunk docker container (search head) and add it as a search peer to an existing en... by krishanp Explorer in Splunk Search 03-23-2023 0 2	0	2
How to use a column of field names FROM MVFIELD to dynamically select fields for use in eval expression? Hi,I am looking for a solution to a problem that has been addressed here: Using a column of field names to dynamicall... by dpuhr Explorer in Splunk Search 03-23-2023 0 8	0	8
How to search freetext after a join? I'm looking for a way to search for freetext after a join.It is easy when the field is known. For instance, there is ... by Konrad_Schlude Explorer in Splunk Search 03-23-2023 0 3	0	3
Is there a way to export raw logs from specific time? I have a specific source type and hosts that I want to export the raw logs for the past 24h is there a way to do that... by tb582 Explorer in Splunk Search 03-23-2023 0 10	0	10
Regex- Help with extracting field Can someone please help me in extracting the field Specific_DL_Testing from the below sample log. instance of the "\S... by Dayalss Engager in Splunk Search 03-23-2023 0 9	0	9
How to join two tables with different rows but same columns? Hello amazing community! I'm now stuck with a problem that most probably has a really simple solution  I have a tab... by PeterGian Engager in Splunk Search 03-23-2023 0 3	0	3
How to calculate median, avg for total results? hey, I need to build a report, that contains approx 500 thousand events. the requirement is that the report will con... by badbuda Loves-to-Learn Lots in Splunk Search 03-23-2023 0 6	0	6
How to get logs to show fieldnames Hi everyone!I'm still fairly new to Splunk so sorry if it is a simple question.I have some logs that does not show th... by NJ Path Finder in Splunk Search 03-22-2023 0 7	0	7
How to integrate Splunk with Heroku? Hi, I want to use Splunk for logs for Heroku apps. How to integrate Splunk with Heroku. Can you please help me with i... by nikita29 Loves-to-Learn in Splunk Search 03-22-2023 0 6	0	6
Splunk says bundle directory contains a large lookup file in .delta file but the .delta file does not contain a large lookup Hi all, We receive the warning : The current bundle directory contains a large lookup file that might cause bundle re... by fboeje Explorer in Splunk Search 03-22-2023 0 6	0	6
How to compare today vs last week same hour stats and give percentage? I have this working query which needs some additional detailing.index=_internal earliest=-1h@h latest=@h\| lookup api ... by DougiieDee Explorer in Splunk Search 03-22-2023 0 1	0	1
How to compare today hourly stats and previous week same day hourly stats? is there a way to alert an email if today's hourly stats are 25% higher than the previous week same day hourly stats? by mikeyty07 Communicator in Splunk Search 03-22-2023 0 5	0	5
How to enable drilldown for only one column in the table of multiple fields? Hi,Can someone suggest me on how to enable drilldown for specific column .For example ,if i have 5 columns and i have... by knanaiah001 Explorer in Splunk Search 03-22-2023 0 5	0	5
How to take output from base search and search in lookup for all rows? Hi I have a lookup having two fields\| inputlookup ID-Client-Lookup.csv \| fields ClientId ClientNameI have a base sear... by amitrinx Explorer in Splunk Search 03-22-2023 0 3	0	3
How to compare past 30 days vs today? I want to have a table or chart where I can see the failure % of the past 30 days, vs. today, and output the differen... by alakhotia Explorer in Splunk Search 03-22-2023 0 5	0	5
How to replace all "confusable" characters in field in data model? Hello, I am attempting to replace a large unwieldy macro with a data model. Part of the macro is a rex command that f... by jasmartin Explorer in Splunk Search 03-22-2023 0 4	0	4
How to filter logs with different and same fields? Hi. Subject is confusing so here goes. I have 3 log lines: org=A Status=Success org=A Status=Fail org=B Status=Succes... by nmayafit Path Finder in Splunk Search 03-22-2023 0 8	0	8