Splunk Search

Community Activity

How to merge data for multiple Splunk queries and reduce the data retrieval time? Hi All,I have 4 indexes: -index1index2index3index4Each index has its own search criteria, there are some common field... by Taruchit Contributor in Splunk Search 03-10-2023 0 4	0	4
Regex to extract words in red? While processing an AS request for target service krbtgt, the account XXX-G-Dashboard-Dev did not have a suitable key... by KhalidSheikh Engager in Splunk Search 03-10-2023 0 2	0	2
Matching value inside a lookup with wildcard? Hello, i'm new to Splunk and i need some advices.I've created a lookup named my_color_lookup, with 2 column : color,d... by zewashere New Member in Splunk Search 03-10-2023 0 1	0	1
Adding a new row in stats using values from previous search? I want to add new row to my search result using values from the previous result. Basically I am counting few strings ... by Vivekmishra01 Explorer in Splunk Search 03-10-2023 0 3	0	3
Find missing hosts after referencing a lookup file. Hello I have the following search which produces statistics(746) in Splunk: index=my_index sourcetype=my_st id=100 h... by jason_hotchkiss Communicator in Splunk Search 03-10-2023 0 3	0	3
How to create a multivalue to single value from XML? I need to create a single field named MemberOf from the XML snippet below. It should look like this: memberOf CN=But... by cmcdole Path Finder in Splunk Search 03-10-2023 0 4	0	4
Case condition to check 2 events on the same field Hi,I want to write a case condition where i can check values from Range column.For instanceIf range for both cost & p... by Ashwini008 Builder in Splunk Search 03-10-2023 0 5	0	5
Get the value of a dynamic name field Hello,I'm having an issue with a field search. I have a lookup where I specify for every sourcetype which field is re... by ivan5593 Explorer in Splunk Search 03-09-2023 0 2	0	2
How to extract from complex JSON file? Hello, I have complex JSON events ingested as *.log files. I have issues (or couldn't do) with extracting fields from... by SplunkDash Motivator in Splunk Search 03-09-2023 0 25	0	25
Comparing 2 groups of data I have 2 groups of data:messageId1: ['A', 'B', 'C']messageId2: ['A', 'E', 'F', 'G', 'T', 'Z'] How do I return the val... by ckutach Engager in Splunk Search 03-09-2023 0 2	0	2
How to Split rows into columns I am trying to split the values in both the columns and create 5 rows by assigning respective values. I need an outpu... by vik Explorer in Splunk Search 03-09-2023 0 2	0	2
How to get top 10 values for each multicolumn timechart? Here's my query: index=comp_logs "processed=" \| eval name=consumerGroupId \| timechart span=1h sum(processed) as proce... by sjim Loves-to-Learn in Splunk Search 03-09-2023 0 1	0	1
How Can IBM Qradar SIEM Integrates with Splunk SOAR? Hello Splunkers, I have client that already has a IBM Qradar SIEM and wants to Integrates with Splunk SOAR (formely ... by marcos_eng1 Explorer in Splunk Search 03-09-2023 0 1	0	1
How to create a single alert for multiple error codes Following is my query:index=backup \| stats count by errorsI have thousands of error codes in logs and I need to trigg... by shady6 Loves-to-Learn in Splunk Search 03-09-2023 0 1	0	1
query optimization on IP adress Hello community!I'm looking for a way to optimize this search below and I need some help : index="oswinsec" source="X... by Nico99 Explorer in Splunk Search 03-09-2023 0 2	0	2
How to convert seconds to milliseconds by stripping out seconds and then add it to milliseconds? Hello, I am performing the following search to extract the time taken to upload index=* my_search \|rex "\[upload\] ... by raghul725 Explorer in Splunk Search 03-09-2023 0 2	0	2
Disk Usage: How to show memory consuming files? Hello everyone Is there a way to determine what occupies disk storage? The following SPL yields a line graph that sho... by Gabriel Path Finder in Splunk Search 03-09-2023 0 2	0	2
How to transpose some rows to columns? The original data : _time reg exp raw 2019-09-20 A 1 100 2019-09-20 B 2 200 2019-09-20 C ... by jenniferhao Explorer in Splunk Search 03-09-2023 0 6	0	6
Comparing 2 searches using different sources? I am trying to make 2 searches using different indexes and sources The first search is looking for all entries with "... by ckutach Engager in Splunk Search 03-08-2023 0 1	0	1
What is splunk definition for yesterday time range? Hi , I have an alert scheduled to run every day 7 am and this runs on Time Range : Yesterday. Wanted to know how Splu... by Indu Engager in Splunk Search 03-08-2023 0 2	0	2
Need help with spath for json extraction I'm trying to use spath to extract fields from a json object in an event. This is the event2023-03-08T22:47:06.664521... by wheels531 Engager in Splunk Search 03-08-2023 0 1	0	1
How to table results with multiple evals? I have a search where I have multiple evals to check if items are true of false. With my results I want to show somet... by aohls Contributor in Splunk Search 03-08-2023 0 1	0	1
Is there any way to detect if somebody ran the delete command in a search? Hello all, Is there any possibility to detect if somebody ran a \| delete command? I do know about the "can delete" ... by pinVie Path Finder in Splunk Search 03-08-2023 1 4	1	4
How to create a drilldown from timechart to get all the events based datapoint clicked? Hi , I m new to splunk and still exploring. I have created a timechart with a span on 10 mins . The timechart has a s... by satishp00 Engager in Splunk Search 03-08-2023 0 1	0	1
Why does using "timechart" result in missing values? I have a search with a timechart command to fill a single value dashboard entry based on a count that comes from a DB... by kmaron Motivator in Splunk Search 03-08-2023 0 15	0	15