Splunk Search

Community Activity

	Why does mvappend fail in my alert? I've been trying to write an alert that notifies our SOC when someone tries to obfuscate their command with base64 en... by MonkeyK Builder in Splunk Search 03-15-2023 0 8	0	8
	How to find events for only host names listed in my lookup file? I have a lookup file of HostNames HostNameHost1Host2Host3Host4Host5 I would like to create a search to include even... by adamscaa1 Explorer in Splunk Search 03-15-2023 0 7	0	7
	How to extract job Id values from raw text in events and add the job id into a separate field? The above snippet consists of the raw data in the events in our splunk environment. Need Help in extracting the jobId... by Renunaren Loves-to-Learn Everything in Splunk Search 03-15-2023 0 2	0	2
	How to get percentage of 200 responses? I have current search index="intau_workfusion" host=* sourcetype="services_status.out.log" service="HTTP/1.1" status=... by sphiwee Contributor in Splunk Search 03-15-2023 0 4	0	4
	Why is it showing more data after dc count with the right order? Hi! im working on an alert for access from different countries for certain users in a short time period. The alert an... by dieguiariel Path Finder in Splunk Search 03-15-2023 0 3	0	3
	Why are tstats search not filtering out local IP ranges? Hi, I am using tstats to search the Network Datamodel for outbound SMB traffic (port 445) to external IP address rang... by dmbrcx Explorer in Splunk Search 03-14-2023 0 2	0	2
	How to properly use inputlookup csv file to perform extended searches? Hello, I am stuck on a query and need someone's help please. The goal of the query is to perform a lookup on column ... by awant68 Explorer in Splunk Search 03-14-2023 0 6	0	6
	How to pass time token to the custom field based on search Hi, I have onboarded data via DBConnect through Rising Column for which we have configured the Risinig Column value a... by kalaiyarasi Loves-to-Learn Lots in Splunk Search 03-14-2023 0 1	0	1
	Summary Index from \| collect ... addtime=f : When searched _time is not equal to time from _raw and date_* fields I created a summary index with a custom _raw from a tstats search from 03/14/2023 16:30:00 to 03/14/2023 16:35:00:\| t... by isaiz Loves-to-Learn Lots in Splunk Search 03-14-2023 0 0	0	0
	Average event count using only business days (M-F)? I have a specific event that I'm looking to do an average count for the past 5 business days. Right now, I'm able to ... by JoshSaunders Explorer in Splunk Search 03-14-2023 0 10	0	10
	Splunk Search Language - Is there another command for Looping besides Map? Is there any command in Splunk for Looping other than Map command ? Requirement is described as below: I can't prov... by potnuru Path Finder in Splunk Search 03-14-2023 0 12	0	12
	Help with a qlick view search? Hello Splunkers!! I have qlick view search. And I want to use same kind of search in Splunk. Please help me how can I... by uagraw01 Motivator in Splunk Search 03-14-2023 0 6	0	6
	TSTATS using a lookup table for a variable? I am building a query where I want to use a top 10 list of values from a lookup table, and then run a search against ... by lennys26 Communicator in Splunk Search 03-14-2023 0 6	0	6
	How to combine three queries and visualize it in timechart I have three queries:Overall Traffic to LogOn pagesourcetype="od" operation=LogOn http_method=GET http_url="LogOn" ... by amitrinx Explorer in Splunk Search 03-14-2023 0 3	0	3
	How to get data for latest 10 weeks in splunk chart? I have a bar chart in splunk which has x-axis as each week from 2019 to 2023 and y-axis as count of data.Now i want t... by Vish Explorer in Splunk Search 03-14-2023 0 1	0	1
	How to combine two searches into one? 1st query index=mail NOT [ \| inputlookup suspicoussubject_keywords.csv \| rename keyword AS query \| fields query... by sulaimancds Engager in Splunk Search 03-13-2023 0 21	0	21
	What command can I use to speed up my search besides join command? I am trying to extract only the top values from fields such as argument, uri, and method for the WAF log.Currently,... by same Engager in Splunk Search 03-13-2023 0 3	0	3
	Search with Time Using a Lookup? I have a lookup of hosts with a field Last_Scan_Datetime and the field values were formated using strftime(_time, "%Y... by atebysandwich Path Finder in Splunk Search 03-13-2023 0 2	0	2
	How to pass values to a eval if subsearch? Hi guys!I have a sourcetype "A" with some info about infrastructure. Host IP is one of this info. I have another sour... by pierre_weg Path Finder in Splunk Search 03-13-2023 0 3	0	3
	How to adjust radial gauge numeric range within a dashboard? Hello, I want to alter the radial gauge (default is 100). We expect about 5,000 log entries/lines per hour and I am c... by agoktas Communicator in Splunk Search 03-13-2023 0 3	0	3
	Matching Hostname to IP Between Two Lookups? I have two lookups. One lookup has Hostnames and IPs and the other has hostnames. I would like to run a search so I c... by atebysandwich Path Finder in Splunk Search 03-13-2023 0 1	0	1
	How to use the REST API to run a multisearch and stream the results back? Hi,I am able to run normal search using rest API using below syntax: https://SearchHead_host:8089/servicesNS/admin/se... by arunslal Loves-to-Learn Lots in Splunk Search 03-13-2023 0 2	0	2
	Calculate total time for a specific event over a range of time period? I have 2 queries:One is an OFF event, and one is an ON event for a cluster of machines for customers. I want to calcu... by akidua Explorer in Splunk Search 03-13-2023 0 5	0	5
	How to detect T1036.002: Masquerading (Right-to-Left Override)? Hi all, Recently I have been working on getting a query that can help me identify the execution of malicious document... by jrock Observer in Splunk Search 03-13-2023 0 5	0	5
	Easiest way to exclude ingestion of events for a specific IP address from a SourceType? I am looking to not ingest events from a specific IP address. I have an IP address that once a week generates a LOT o... by neiowe Path Finder in Splunk Search 03-13-2023 0 25	0	25